Solved Downloaded programs to fix error in windows update

rthompson · 2015/03/11

[Solved] Downloaded programs to fix error in windows update

Windows update site was giving me an error, so I posted a thread here:

http://www.windowsbbs.com/windows-xp/109004-looking-security-updates-new-install.html

Turns out the error was due to a dead CMOS battery.

Following is an MBAM log and the FRST logs.

rthompson · 2015/03/11

Mbam

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/11/2015
Scan Time: 9:07:35 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.11.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ratman

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313009
Time Elapsed: 42 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [82be86bebfcb7eb819f03e6aaf54e719],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Binkiland Browser, Quarantined, [f749b58fafdbe45225c881b7b0557a86],
PUP.Optional.Binkiland, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [1f21b58f98f2ee489c6eeeba2fd4c13f],
PUP.Optional.Updater.A, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UpdaterEX, Quarantined, [7ec22222d8b25adc9c494b3b46bd3ac6],

Registry Values: 10
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_11&cd=2XzuyEtN2Y1L1QzutDtDtByDzzyC0DyBzyyB0CyCzzzyyBzztN0D0Tzu0StCtCyCtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0D0FtAyDtD0CtGzz0EyEyDtGtCtB0D0CtG0EzzyE0AtGyBzytDyBtB0AyEtB0F0AtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztCyBzz0ByEtGyDyCzzzytGyEyEyEzztG0AyD0D0CtG0A0AtAtC0E0E0CtBtB0A0D0A2QtN1B2Z1V1T1S1NzuyDyByD&cr=386432961&ir=, Quarantined, [82be86bebfcb7eb819f03e6aaf54e719]
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_11&cd=2XzuyEtN2Y1L1QzutDtDtByDzzyC0DyBzyyB0CyCzzzyyBzztN0D0Tzu0StCtCyCtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0D0FtAyDtD0CtGzz0EyEyDtGtCtB0D0CtG0EzzyE0AtGyBzytDyBtB0AyEtB0F0AtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztCyBzz0ByEtGyDyCzzzytGyEyEyEzztG0AyD0D0CtG0A0AtAtC0E0E0CtBtB0A0D0A2QtN1B2Z1V1T1S1NzuyDyByD&cr=386432961&ir=, Quarantined, [51efaa9ab3d760d6f5144d5b73904db3]
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|FaviconPath, C:\Documents and Settings\Ratman\Local Settings\Application Data\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [b58bdd67e6a4ec4a53b6baee0df61ce4]
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Binkiland, Quarantined, [9da362e2840644f2d2377434976c11ef]
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, Quarantined, [152bed57b0da072f5baed8d0e81b04fc]
PUP.Optional.Binkiland, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_11&cd=2XzuyEtN2Y1L1QzutDtDtByDzzyC0DyBzyyB0CyCzzzyyBzztN0D0Tzu0StCtCyCtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0D0FtAyDtD0CtGzz0EyEyDtGtCtB0D0CtG0EzzyE0AtGyBzytDyBtB0AyEtB0F0AtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztCyBzz0ByEtGyDyCzzzytGyEyEyEzztG0AyD0D0CtG0A0AtAtC0E0E0CtBtB0A0D0A2QtN1B2Z1V1T1S1NzuyDyByD&cr=386432961&ir=, Quarantined, [1f21b58f98f2ee489c6eeeba2fd4c13f]
PUP.Optional.Binkiland, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_11&cd=2XzuyEtN2Y1L1QzutDtDtByDzzyC0DyBzyyB0CyCzzzyyBzztN0D0Tzu0StCtCyCtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0B0D0FtAyDtD0CtGzz0EyEyDtGtCtB0D0CtG0EzzyE0AtGyBzytDyBtB0AyEtB0F0AtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztCyBzz0ByEtGyDyCzzzytGyEyEyEzztG0AyD0D0CtG0A0AtAtC0E0E0CtBtB0A0D0A2QtN1B2Z1V1T1S1NzuyDyByD&cr=386432961&ir=, Quarantined, [eb55a69e2c5e72c4d832bfe9e023df21]
PUP.Optional.Binkiland, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|FaviconPath, C:\Documents and Settings\Ratman\Local Settings\Application Data\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [62deb88c6822142237d39e0a53b0649c]
PUP.Optional.Binkiland, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Binkiland, Quarantined, [41fff64e17730036a862783082810df3]
PUP.Optional.Binkiland, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, Quarantined, [0f31e361f496d16518f26b3dcd3659a7]

Registry Data: 1
PUP.Optional.Binkiland.A, HKU\S-1-5-21-2052111302-879983540-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://binkiland.com/?f=1&a=bnk_dnl...0D0A2QtN1B2Z1V1T1S1NzuyDyByD&cr=386432961&ir=, Good: (www.google.com), Bad: (http://binkiland.com/?f=1&a=bnk_dnl...2Z1V1T1S1NzuyDyByD&cr=386432961&ir=),Replaced,[98a875cf1f6b2a0c65baf4f2f80d01ff]

Folders: 5
PUP.Optional.Updater.A, C:\Documents and Settings\Ratman\Application Data\UpdaterEX\UpdateProc, Quarantined, [7ec22222d8b25adc9c494b3b46bd3ac6],
PUP.Optional.Binkiland.A, C:\Documents and Settings\Ratman\Local Settings\Application Data\Binkiland, Quarantined, [f14f271dcbbf82b4d0b71290818225db],
PUP.Optional.Binkiland.A, C:\Documents and Settings\Ratman\Local Settings\Application Data\Binkiland\User Data, Quarantined, [f14f271dcbbf82b4d0b71290818225db],
PUP.Optional.Binkiland.A, C:\Documents and Settings\Ratman\Local Settings\Application Data\Binkiland\User Data\Default, Quarantined, [f14f271dcbbf82b4d0b71290818225db],
PUP.Optional.Binkiland.A, C:\Documents and Settings\Ratman\Local Settings\Application Data\Binkiland\User Data\Default\Local Storage, Quarantined, [f14f271dcbbf82b4d0b71290818225db],

Files: 5
PUP.Optional.Binkiland.A, C:\Documents and Settings\Ratman\Local Settings\Application Data\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [5be553f18cfec670add5b2f6f90a946c],
PUP.Optional.Updater.A, C:\Documents and Settings\Ratman\Application Data\UpdaterEX\UpdateProc\config.dat, Quarantined, [7ec22222d8b25adc9c494b3b46bd3ac6],
PUP.Optional.Updater.A, C:\Documents and Settings\Ratman\Application Data\UpdaterEX\UpdateProc\prod.dat, Quarantined, [7ec22222d8b25adc9c494b3b46bd3ac6],
PUP.Optional.Updater.A, C:\Documents and Settings\Ratman\Application Data\UpdaterEX\UpdateProc\UpdateTask.exe, Quarantined, [7ec22222d8b25adc9c494b3b46bd3ac6],
PUP.Optional.Binkiland.A, C:\Documents and Settings\Ratman\Local Settings\Application Data\Binkiland\User Data\Default\Local Storage\chrome-extension_hbkgcolmiibkgjcmnlngemkpdpifggdg_0.localstorage, Quarantined, [f14f271dcbbf82b4d0b71290818225db],

Physical Sectors: 0
(No malicious items detected)

(end)

rthompson · 2015/03/11

Frst

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Ratman (administrator) on RATMAN-T1UEP9FY on 11-03-2015 10:12:11
Running from C:\Documents and Settings\Ratman\Desktop
Loaded Profiles: Ratman (Available profiles: Ratman)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-11] (Avast Software s.r.o.)
HKU\S-1-5-21-2052111302-879983540-725345543-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ "DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-879983540-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-879983540-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2052111302-879983540-725345543-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-11] (Avast Software s.r.o.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1107939837796
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ratman\Application Data\Mozilla\Firefox\Profiles\nt3u0wzx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-11] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\Ratman\Application Data\Mozilla\Firefox\Profiles\nt3u0wzx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2005-02-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-11]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-11] (Avast Software s.r.o.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-03-11] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-03-11] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-03-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-03-11] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-03-11] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427480 2015-03-11] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-03-11] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206976 2015-03-11] ()
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [96384 2007-08-22] (Dynex )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Ratman\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 10:12 - 2015-03-11 10:12 - 00010144 _____ () C:\Documents and Settings\Ratman\Desktop\FRST.txt
2015-03-11 10:11 - 2015-03-11 10:11 - 01135104 _____ (Farbar) C:\Documents and Settings\Ratman\Desktop\FRST.exe
2015-03-11 10:05 - 2015-03-11 10:12 - 00000000 ____D () C:\FRST
2015-03-11 09:57 - 2015-03-11 09:57 - 00008735 _____ () C:\Documents and Settings\Ratman\Desktop\mbam.txt
2015-03-11 09:16 - 2015-03-11 09:16 - 00000000 ____D () C:\Program Files\Dropbox
2015-03-11 09:14 - 2015-03-11 09:14 - 00000000 ____D () C:\Documents and Settings\Ratman\Start Menu\Programs\Dropbox
2015-03-11 09:11 - 2015-03-11 09:18 - 00000000 ____D () C:\Documents and Settings\Ratman\Application Data\Dropbox
2015-03-11 09:06 - 2015-03-11 09:07 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 09:06 - 2015-03-11 09:06 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-11 09:06 - 2015-03-11 09:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-11 09:06 - 2015-03-11 09:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-11 09:06 - 2015-03-11 09:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-03-11 09:06 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-11 09:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-11 08:58 - 2005-10-14 14:45 - 00135168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2015-03-11 08:14 - 2015-03-11 08:14 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Application Data\Temp
2015-03-11 08:11 - 2015-03-11 08:11 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-03-11 08:11 - 2015-03-11 08:11 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-03-11 08:11 - 2015-03-11 08:11 - 00000000 ____D () C:\Documents and Settings\Ratman\Application Data\AVAST Software
2015-03-11 08:11 - 2015-03-11 08:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-03-11 08:10 - 2015-03-11 10:05 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-03-11 08:10 - 2015-03-11 08:10 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00427480 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-03-11 08:10 - 2015-03-11 08:10 - 00206976 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-03-11 08:10 - 2015-03-11 08:10 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-11 08:05 - 2015-03-11 08:05 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-11 08:04 - 2015-03-11 08:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-03-11 07:56 - 2015-03-11 08:13 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-03-11 07:56 - 2015-03-11 07:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-03-11 07:55 - 2015-03-11 10:07 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 07:55 - 2015-03-11 09:58 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 07:55 - 2015-03-11 08:01 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Application Data\Google
2015-03-11 07:55 - 2015-03-11 07:56 - 00000000 ____D () C:\Program Files\Google
2015-03-11 07:54 - 2015-03-11 10:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-11 07:54 - 2015-03-11 08:01 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-11 07:54 - 2015-03-11 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-11 07:13 - 2008-04-14 00:47 - 00083072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wdmaud.sys
2015-03-11 07:13 - 2008-04-14 00:47 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys
2015-03-11 07:13 - 2008-04-14 00:45 - 00060800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sysaudio.sys
2015-03-11 07:13 - 2008-04-14 00:45 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00172416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kmixer.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00056576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swmidi.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00052864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dmusic.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\splitter.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00002944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\drmkaud.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mskssrv.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspclock.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00004992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspqm.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys
2015-03-11 07:13 - 2008-04-13 22:09 - 00142592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aec.sys
2015-03-11 07:13 - 2008-04-13 22:09 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys
2015-03-11 07:12 - 2008-04-14 05:42 - 00129536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksproxy.ax
2015-03-11 07:12 - 2008-04-14 05:42 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2015-03-11 07:12 - 2008-04-14 05:41 - 00004096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksuser.dll
2015-03-11 07:12 - 2008-04-14 05:41 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksuser.dll
2015-03-11 07:12 - 2008-04-14 00:49 - 00146048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\portcls.sys
2015-03-11 07:12 - 2008-04-14 00:49 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-03-11 07:12 - 2008-04-14 00:15 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\drmk.sys
2015-03-11 07:12 - 2008-04-14 00:15 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2015-03-11 07:07 - 2015-03-11 08:17 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-03-11 07:07 - 2015-03-11 08:17 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-03-11 07:06 - 2015-03-11 07:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3020338$
2015-03-11 07:06 - 2015-03-11 07:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013410$
2015-03-11 07:05 - 2015-03-11 07:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2015-03-11 06:35 - 2015-03-11 06:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2492386$
2015-03-11 06:34 - 2015-03-11 07:06 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2015-03-11 06:34 - 2015-03-11 07:06 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2015-03-11 06:34 - 2015-03-11 06:35 - 00008838 _____ () C:\WINDOWS\KB2492386.log
2015-03-11 06:34 - 2015-03-11 06:34 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-03-11 06:34 - 2015-03-11 06:34 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2015-03-11 06:33 - 2015-03-11 07:06 - 00012139 _____ () C:\WINDOWS\KB3020338.log
2015-03-11 06:33 - 2015-03-11 07:06 - 00010037 _____ () C:\WINDOWS\KB2808679.log
2015-03-11 06:33 - 2015-03-11 06:34 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2015-03-11 06:33 - 2015-03-11 06:33 - 00003416 _____ () C:\WINDOWS\basecsp.log
2015-03-11 06:33 - 2015-03-11 06:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallbasecsp$
2015-03-11 06:33 - 2015-03-11 06:33 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2015-03-11 06:25 - 2015-03-11 09:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-03-11 06:17 - 2015-03-11 09:58 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-11 06:17 - 2015-03-11 06:27 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-03-11 06:14 - 2015-03-11 06:15 - 00036217 _____ () C:\WINDOWS\KB3032359-IE8.log
2015-03-11 06:11 - 2015-03-11 06:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 06:10 - 2015-03-11 06:10 - 00026405 _____ () C:\WINDOWS\KB3035132.log
2015-03-11 06:10 - 2015-03-11 06:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3046049$
2015-03-11 06:10 - 2015-03-11 06:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3035132$
2015-03-11 06:10 - 2015-03-11 06:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3033395$
2015-03-11 06:09 - 2015-03-11 06:09 - 00024881 _____ () C:\WINDOWS\KB3029944.log
2015-03-11 06:09 - 2015-03-11 06:09 - 00024600 _____ () C:\WINDOWS\KB3023562.log
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3039066$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3034344$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3033889$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3032323$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3029944$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3023562$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3021674$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3004361$
2015-03-11 06:08 - 2015-03-11 06:09 - 00024076 _____ () C:\WINDOWS\KB3019215.log
2015-03-11 06:08 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3019215$
2015-03-11 06:08 - 2015-03-11 06:08 - 00023838 _____ () C:\WINDOWS\KB3013126.log
2015-03-11 06:08 - 2015-03-11 06:08 - 00023786 _____ () C:\WINDOWS\KB2989935.log
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013126$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3011780$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3006226$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993958$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2989935$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2918614$
2015-03-11 06:07 - 2015-03-11 06:08 - 00024199 _____ () C:\WINDOWS\KB2918614.log
2015-03-11 06:07 - 2015-03-11 06:07 - 00022825 _____ () C:\WINDOWS\KB2998579.log
2015-03-11 06:07 - 2015-03-11 06:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2998579$
2015-03-11 05:45 - 2015-03-11 05:45 - 00021625 _____ () C:\WINDOWS\KB2961072.log
2015-03-11 05:45 - 2015-03-11 05:45 - 00020864 _____ () C:\WINDOWS\KB2957503.log
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993651$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2961072$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2939576$
2015-03-11 05:41 - 2015-03-11 05:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2926765$
2015-03-11 05:41 - 2015-03-11 05:41 - 00018897 _____ () C:\WINDOWS\KB2934207.log
2015-03-11 05:41 - 2015-03-11 05:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2015-03-11 05:36 - 2015-03-11 05:36 - 00019694 _____ () C:\WINDOWS\KB2868038.log
2015-03-11 05:36 - 2015-03-11 05:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-03-11 05:33 - 2015-03-11 06:26 - 00015122 _____ () C:\WINDOWS\KB2686509.log
2015-03-11 05:33 - 2015-03-11 05:33 - 00022190 _____ () C:\WINDOWS\KB2393802.log
2015-03-11 05:33 - 2015-03-11 05:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-03-11 05:30 - 2015-03-11 05:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2015-03-11 05:30 - 2015-03-11 05:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2015-03-11 05:30 - 2015-03-11 05:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2015-03-11 05:28 - 2015-03-11 05:28 - 00022283 _____ () C:\WINDOWS\KB956572.log
2015-03-11 05:28 - 2015-03-11 05:28 - 00015981 _____ () C:\WINDOWS\KB961118.log
2015-03-11 05:28 - 2015-03-11 05:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2015-03-11 05:28 - 2015-03-11 05:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2015-03-11 05:26 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-03-11 05:26 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-03-11 05:23 - 2015-03-11 06:09 - 00051249 _____ () C:\WINDOWS\KB3033889.log
2015-03-11 05:23 - 2015-03-11 06:08 - 00049004 _____ () C:\WINDOWS\KB3006226.log
2015-03-11 05:23 - 2015-03-11 05:45 - 00047242 _____ () C:\WINDOWS\KB2957509.log
2015-03-11 05:21 - 2015-03-11 06:10 - 00052701 _____ () C:\WINDOWS\KB3046049.log
2015-03-11 05:21 - 2015-03-11 05:30 - 00035281 _____ () C:\WINDOWS\KB960859.log
2015-03-11 05:21 - 2009-01-09 15:19 - 01089593 ____C () C:\WINDOWS\system32\dllcache\ntprint.cat
2015-03-11 05:16 - 2015-03-11 06:10 - 00053233 _____ () C:\WINDOWS\KB3034344.log
2015-03-11 05:16 - 2015-03-11 06:09 - 00051735 _____ () C:\WINDOWS\KB3039066.log
2015-03-11 05:15 - 2015-03-11 06:10 - 00054033 _____ () C:\WINDOWS\KB3033395.log
2015-03-11 05:15 - 2015-03-11 05:42 - 00045648 _____ () C:\WINDOWS\KB2926765.log
2015-03-11 05:13 - 2015-03-11 05:45 - 00046686 _____ () C:\WINDOWS\KB2939576.log
2015-03-11 05:08 - 2015-03-11 06:09 - 00052191 _____ () C:\WINDOWS\KB3032323.log
2015-03-11 05:08 - 2015-03-11 06:09 - 00050134 _____ () C:\WINDOWS\KB3021674.log
2015-03-11 05:07 - 2015-03-11 06:08 - 00049675 _____ () C:\WINDOWS\KB2993958.log
2015-03-11 05:06 - 2015-03-11 06:09 - 00050646 _____ () C:\WINDOWS\KB3004361.log
2015-03-11 05:06 - 2015-03-11 05:45 - 00049123 _____ () C:\WINDOWS\KB2993651.log
2015-03-11 05:05 - 2015-03-11 05:30 - 00045461 _____ () C:\WINDOWS\KB968389.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 10:12 - 2005-02-09 04:43 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Temp
2015-03-11 10:00 - 2005-02-09 05:04 - 01265195 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-11 09:59 - 2005-02-08 20:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-11 09:59 - 2005-02-08 20:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-11 09:58 - 2005-02-09 04:42 - 00032642 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-11 09:58 - 2005-02-09 04:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-11 09:58 - 2003-03-31 08:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-11 09:57 - 2005-02-09 04:43 - 00000178 ___SH () C:\Documents and Settings\Ratman\ntuser.ini
2015-03-11 09:53 - 2005-02-09 21:01 - 00000000 ____D () C:\Documents and Settings\Ratman\Application Data\UpdaterEX
2015-03-11 09:48 - 2005-02-09 04:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-11 08:58 - 2005-02-09 06:41 - 00000000 ____D () C:\Program Files\360
2015-03-11 08:01 - 2005-02-09 18:15 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Application Data\Adobe
2015-03-11 07:48 - 2005-02-12 03:42 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-03-11 07:48 - 2005-02-12 03:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPPORTDIR
2015-03-11 07:47 - 2005-02-08 20:29 - 00545744 _____ () C:\WINDOWS\setupapi.log
2015-03-11 07:44 - 2005-02-09 05:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
2015-03-11 07:13 - 2005-02-09 04:08 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-03-11 07:06 - 2005-02-09 21:50 - 00019006 _____ () C:\WINDOWS\system32\TZLog.log
2015-03-11 07:06 - 2005-02-08 20:30 - 01265350 _____ () C:\WINDOWS\FaxSetup.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00624027 _____ () C:\WINDOWS\ocgen.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00487861 _____ () C:\WINDOWS\tsoc.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00430562 _____ () C:\WINDOWS\comsetup.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00259901 _____ () C:\WINDOWS\ntdtcsetup.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00194171 _____ () C:\WINDOWS\iis6.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00070381 _____ () C:\WINDOWS\ocmsn.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00063801 _____ () C:\WINDOWS\msgsocm.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-03-11 07:06 - 2005-02-08 20:25 - 00000000 ____D () C:\WINDOWS\security
2015-03-11 07:05 - 2005-02-08 20:30 - 00608094 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-11 06:35 - 2005-02-09 04:09 - 00159506 _____ () C:\WINDOWS\updspapi.log
2015-03-11 06:34 - 2005-02-09 06:43 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-03-11 06:34 - 2005-02-09 04:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-03-11 06:34 - 2005-02-08 20:25 - 00000000 ____D () C:\WINDOWS\Help
2015-03-11 06:19 - 2005-02-09 04:12 - 00090467 _____ () C:\WINDOWS\spupdsvc.log
2015-03-11 06:17 - 2005-02-12 02:14 - 00013560 _____ () C:\Documents and Settings\Ratman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-03-11 06:17 - 2005-02-11 04:49 - 00096664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 06:16 - 2005-02-09 04:43 - 00000000 ____D () C:\Documents and Settings\Ratman
2015-03-11 06:15 - 2005-02-09 07:01 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-03-11 06:10 - 2005-02-09 21:59 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 05:57 - 2005-02-09 04:37 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-11 05:36 - 2005-02-09 18:08 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-03-11 05:30 - 2005-02-09 04:16 - 00019815 _____ () C:\WINDOWS\wmsetup.log
2015-03-11 05:04 - 2005-03-11 06:26 - 00003482 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-03-11 05:02 - 2005-03-11 06:24 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-03-06 13:56 - 2003-03-31 08:00 - 00153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\schannel.dll
2015-03-06 13:56 - 2003-03-31 08:00 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-26 03:55 - 2003-03-31 08:00 - 01891840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\win32k.sys
2015-02-26 03:55 - 2003-03-31 08:00 - 01891840 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-19 22:39 - 2003-03-31 08:00 - 00294400 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\dllcache\atmfd.dll
2015-02-19 22:39 - 2003-03-31 08:00 - 00294400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-02-18 01:26 - 2003-03-31 08:00 - 08463872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shell32.dll
2015-02-18 01:26 - 2003-03-31 08:00 - 08463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-02-12 15:07 - 2009-03-08 08:39 - 11086848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 15:07 - 2009-03-08 08:32 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 15:07 - 2009-03-08 08:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 15:07 - 2009-03-08 08:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 11086848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 02006528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-02-12 15:07 - 2005-02-09 04:37 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 06009344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 06009344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2015-02-12 15:07 - 2003-03-31 08:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 15:07 - 2003-03-31 08:00 - 01217536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 01217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00630784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00420864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vbscript.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00348160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dxtmsft.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2015-02-12 02:01 - 2005-02-09 04:12 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-11 22:01 - 2003-03-31 08:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2015-02-11 22:01 - 2003-03-31 08:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

==================== Files in the root of some directories =======

2005-02-09 05:31 - 2015-03-11 07:10 - 0000115 _____ () C:\Documents and Settings\Ratman\Application Data\LogFile.txt

Some content of TEMP:
====================
C:\Documents and Settings\Ratman\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsxzzm.dll
C:\Documents and Settings\Ratman\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\Ratman\Local Settings\Temp\ReiSysUpdate.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

rthompson · 2015/03/11

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Ratman at 2015-03-11 10:13:26
Running from C:\Documents and Settings\Ratman\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Internet Security (Disabled - Up to date) {D737F2DE-FA43-4036-AF5B-911612E2D674}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Dropbox (HKU\S-1-5-21-2052111302-879983540-725345543-1004\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.77 - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.2 - Tweaking.com)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.9.0042.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

12-02-2005 03:41:22 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-02-2005 03:43:22 Installed Windows XP Wdf01009.
12-02-2005 03:43:52 Installed LabelPrint
11-03-2015 05:10:08 Software Distribution Service 3.0
11-03-2015 05:28:00 Software Distribution Service 3.0
11-03-2015 06:18:32 Printer Driver Microsoft XPS Document Writer Installed
11-03-2015 06:22:10 Software Distribution Service 3.0
11-03-2015 06:25:52 Installed Windows XP KB2686509.
11-03-2015 06:33:38 Software Distribution Service 3.0
11-03-2015 07:12:22 Software Distribution Service 3.0
11-03-2015 07:46:10 Configured LabelPrint
11-03-2015 08:05:29 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 08:00 - 2005-02-11 05:21 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-11 08:10 - 2015-03-11 08:10 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-11 08:10 - 2015-03-11 08:10 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-11 08:10 - 2015-03-11 08:10 - 02920960 _____ () C:\Program Files\AVAST Software\Avast\defs\15031100\algo.dll
2015-03-11 08:10 - 2015-03-11 08:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => " "= "Driver "

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2052111302-879983540-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2052111302-879983540-725345543-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2052111302-879983540-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-2052111302-879983540-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2052111302-879983540-725345543-1000 - Limited - Disabled)
Ratman (S-1-5-21-2052111302-879983540-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ratman
SUPPORT_388945a0 (S-1-5-21-2052111302-879983540-725345543-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2015 09:53:03 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (03/11/2015 06:28:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpeedyPC.exe, version 3.2.15.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2015 06:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23661, fault address 0x0014a375.
Processing media-specific event for [iexplore.exe!ws!]

Error: (03/11/2015 06:19:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/11/2005 06:25:57 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:56 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (03/11/2015 09:59:00 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 09:59:00 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (03/11/2015 09:58:57 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/11/2015 08:58:55 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 08:58:55 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (03/11/2015 08:58:53 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/11/2015 07:07:54 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 07:07:43 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/11/2015 06:27:16 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 06:27:05 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Microsoft Office Sessions:
=========================
Error: (03/11/2015 09:53:03 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (03/11/2015 06:28:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpeedyPC.exe3.2.15.0hungapp0.0.0.000000000

Error: (03/11/2015 06:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.236610014a375

Error: (03/11/2015 06:19:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/11/2005 06:25:57 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:56 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 21%
Total physical RAM: 2038.07 MB
Available physical RAM: 1592.02 MB
Total Pagefile: 3931.07 MB
Available Pagefile: 3626.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.24 GB) (Free:23.25 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=37.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2015/03/11

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

rthompson · 2015/03/11

Rougekiller

RogueKiller V10.5.3.0 [Mar 10 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ratman [Administrator]
Started from : C:\Documents and Settings\Ratman\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/11/2015 22:08:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST340014AS +++++
--- User ---
[MBR] 87c26bfcd2d107713bf4c279be13350c
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 38138 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_03112015_220836.log

rthompson · 2015/03/11

Mbam

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/11/2015
Scan Time: 10:20:39 PM
Logfile: mbam2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.12.01
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ratman

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313822
Time Elapsed: 23 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

rthompson · 2015/03/11

Adw

# AdwCleaner v4.112 - Logfile created 11/03/2015 at 23:10:57
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Ratman - RATMAN-T1UEP9FY
# Running from : C:\Documents and Settings\Ratman\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\speedypc software
Folder Deleted : C:\Documents and Settings\Ratman\Application Data\Solvusoft
Folder Deleted : C:\Documents and Settings\Ratman\Application Data\speedypc software
Folder Deleted : C:\Documents and Settings\Ratman\Application Data\UpdaterEX
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\system32\roboot.exe

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

-\\ Google Chrome v41.0.2272.89

[C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1881 bytes] - [11/03/2015 22:51:52]
AdwCleaner[S0].txt - [1836 bytes] - [11/03/2015 23:10:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1895 bytes] ##########

rthompson · 2015/03/11

Jrt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Microsoft Windows XP x86
Ran by Ratman on Wed 03/11/2015 at 23:18:32.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/11/2015 at 23:28:07.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

broni · 2015/03/11

Re-run Farbar Recovery Scan Tool (FRST) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

rthompson · 2015/03/11

Frst

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Ratman (administrator) on RATMAN-T1UEP9FY on 12-03-2015 00:27:06
Running from C:\Documents and Settings\Ratman\Desktop
Loaded Profiles: Ratman (Available profiles: Ratman)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-11] (Avast Software s.r.o.)
HKU\S-1-5-21-2052111302-879983540-725345543-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ "DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-879983540-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-879983540-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-11] (Avast Software s.r.o.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1107939837796
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ratman\Application Data\Mozilla\Firefox\Profiles\nt3u0wzx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-11] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\Ratman\Application Data\Mozilla\Firefox\Profiles\nt3u0wzx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2005-02-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-11]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Documents and Settings\Ratman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-11] (Avast Software s.r.o.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-03-11] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-03-11] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-03-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-03-11] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-03-11] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427480 2015-03-11] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-03-11] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206976 2015-03-11] ()
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [96384 2007-08-22] (Dynex )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Ratman\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 23:28 - 2015-03-11 23:28 - 00000883 _____ () C:\Documents and Settings\Ratman\Desktop\JRT.txt
2015-03-11 23:18 - 2015-03-11 23:18 - 01388333 _____ (Thisisu) C:\Documents and Settings\Ratman\Desktop\JRT.exe
2015-03-11 23:13 - 2015-03-11 23:13 - 00001975 _____ () C:\Documents and Settings\Ratman\Desktop\AdwCleaner[S0].txt
2015-03-11 22:51 - 2015-03-11 23:10 - 00000000 ____D () C:\AdwCleaner
2015-03-11 22:50 - 2015-03-11 22:50 - 02171392 _____ () C:\Documents and Settings\Ratman\Desktop\adwcleaner_4.112.exe
2015-03-11 22:46 - 2015-03-11 22:46 - 00001061 _____ () C:\Documents and Settings\Ratman\Desktop\mbam2.txt
2015-03-11 22:09 - 2015-03-11 22:09 - 00001395 _____ () C:\Documents and Settings\Ratman\Desktop\RKreport_DEL_03112015_220845.log
2015-03-11 22:00 - 2015-03-11 22:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-03-11 22:00 - 2015-03-11 22:00 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-11 21:59 - 2015-03-11 22:00 - 15625816 _____ () C:\Documents and Settings\Ratman\Desktop\RogueKiller.exe
2015-03-11 10:13 - 2015-03-11 10:13 - 00021489 _____ () C:\Documents and Settings\Ratman\Desktop\Addition.txt
2015-03-11 10:12 - 2015-03-12 00:27 - 00010031 _____ () C:\Documents and Settings\Ratman\Desktop\FRST.txt
2015-03-11 10:11 - 2015-03-11 10:11 - 01135104 _____ (Farbar) C:\Documents and Settings\Ratman\Desktop\FRST.exe
2015-03-11 10:05 - 2015-03-12 00:27 - 00000000 ____D () C:\FRST
2015-03-11 09:57 - 2015-03-11 09:57 - 00008735 _____ () C:\Documents and Settings\Ratman\Desktop\mbam.txt
2015-03-11 09:16 - 2015-03-11 09:16 - 00000000 ____D () C:\Program Files\Dropbox
2015-03-11 09:14 - 2015-03-11 09:14 - 00000000 ____D () C:\Documents and Settings\Ratman\Start Menu\Programs\Dropbox
2015-03-11 09:11 - 2015-03-11 09:18 - 00000000 ____D () C:\Documents and Settings\Ratman\Application Data\Dropbox
2015-03-11 09:06 - 2015-03-11 22:20 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 09:06 - 2015-03-11 09:06 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-11 09:06 - 2015-03-11 09:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-11 09:06 - 2015-03-11 09:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-11 09:06 - 2015-03-11 09:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-03-11 09:06 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-11 09:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-11 08:58 - 2005-10-14 14:45 - 00135168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2015-03-11 08:14 - 2015-03-11 08:14 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Application Data\Temp
2015-03-11 08:11 - 2015-03-11 08:11 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-03-11 08:11 - 2015-03-11 08:11 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-03-11 08:11 - 2015-03-11 08:11 - 00000000 ____D () C:\Documents and Settings\Ratman\Application Data\AVAST Software
2015-03-11 08:11 - 2015-03-11 08:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-03-11 08:10 - 2015-03-11 23:17 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-03-11 08:10 - 2015-03-11 08:10 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00427480 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-03-11 08:10 - 2015-03-11 08:10 - 00206976 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-11 08:10 - 2015-03-11 08:10 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-03-11 08:10 - 2015-03-11 08:10 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-11 08:05 - 2015-03-11 08:05 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-11 08:04 - 2015-03-11 08:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-03-11 07:56 - 2015-03-11 08:13 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-03-11 07:56 - 2015-03-11 07:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-03-11 07:55 - 2015-03-12 00:07 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 07:55 - 2015-03-11 23:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 07:55 - 2015-03-11 08:01 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Application Data\Google
2015-03-11 07:55 - 2015-03-11 07:56 - 00000000 ____D () C:\Program Files\Google
2015-03-11 07:54 - 2015-03-12 00:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-11 07:54 - 2015-03-11 08:01 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-11 07:54 - 2015-03-11 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-11 07:13 - 2008-04-14 00:47 - 00083072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wdmaud.sys
2015-03-11 07:13 - 2008-04-14 00:47 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys
2015-03-11 07:13 - 2008-04-14 00:45 - 00060800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sysaudio.sys
2015-03-11 07:13 - 2008-04-14 00:45 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00172416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kmixer.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00056576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swmidi.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00052864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dmusic.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\splitter.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00002944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\drmkaud.sys
2015-03-11 07:13 - 2008-04-14 00:15 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mskssrv.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspclock.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00004992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mspqm.sys
2015-03-11 07:13 - 2008-04-14 00:09 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys
2015-03-11 07:13 - 2008-04-13 22:09 - 00142592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aec.sys
2015-03-11 07:13 - 2008-04-13 22:09 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys
2015-03-11 07:12 - 2008-04-14 05:42 - 00129536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksproxy.ax
2015-03-11 07:12 - 2008-04-14 05:42 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2015-03-11 07:12 - 2008-04-14 05:41 - 00004096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksuser.dll
2015-03-11 07:12 - 2008-04-14 05:41 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksuser.dll
2015-03-11 07:12 - 2008-04-14 00:49 - 00146048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\portcls.sys
2015-03-11 07:12 - 2008-04-14 00:49 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-03-11 07:12 - 2008-04-14 00:15 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\drmk.sys
2015-03-11 07:12 - 2008-04-14 00:15 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2015-03-11 07:07 - 2015-03-11 08:17 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-03-11 07:07 - 2015-03-11 08:17 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-03-11 07:06 - 2015-03-11 07:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3020338$
2015-03-11 07:06 - 2015-03-11 07:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013410$
2015-03-11 07:05 - 2015-03-11 07:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2015-03-11 06:35 - 2015-03-11 06:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2492386$
2015-03-11 06:34 - 2015-03-11 07:06 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2015-03-11 06:34 - 2015-03-11 07:06 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2015-03-11 06:34 - 2015-03-11 06:35 - 00008838 _____ () C:\WINDOWS\KB2492386.log
2015-03-11 06:34 - 2015-03-11 06:34 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-03-11 06:34 - 2015-03-11 06:34 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2015-03-11 06:33 - 2015-03-11 07:06 - 00012139 _____ () C:\WINDOWS\KB3020338.log
2015-03-11 06:33 - 2015-03-11 07:06 - 00010037 _____ () C:\WINDOWS\KB2808679.log
2015-03-11 06:33 - 2015-03-11 06:34 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2015-03-11 06:33 - 2015-03-11 06:33 - 00003416 _____ () C:\WINDOWS\basecsp.log
2015-03-11 06:33 - 2015-03-11 06:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallbasecsp$
2015-03-11 06:33 - 2015-03-11 06:33 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2015-03-11 06:25 - 2015-03-11 09:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-03-11 06:17 - 2015-03-11 23:12 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-11 06:17 - 2015-03-11 06:27 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-03-11 06:14 - 2015-03-11 06:15 - 00036217 _____ () C:\WINDOWS\KB3032359-IE8.log
2015-03-11 06:11 - 2015-03-11 06:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 06:10 - 2015-03-11 06:10 - 00026405 _____ () C:\WINDOWS\KB3035132.log
2015-03-11 06:10 - 2015-03-11 06:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3046049$
2015-03-11 06:10 - 2015-03-11 06:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3035132$
2015-03-11 06:10 - 2015-03-11 06:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3033395$
2015-03-11 06:09 - 2015-03-11 06:09 - 00024881 _____ () C:\WINDOWS\KB3029944.log
2015-03-11 06:09 - 2015-03-11 06:09 - 00024600 _____ () C:\WINDOWS\KB3023562.log
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3039066$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3034344$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3033889$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3032323$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3029944$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3023562$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3021674$
2015-03-11 06:09 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3004361$
2015-03-11 06:08 - 2015-03-11 06:09 - 00024076 _____ () C:\WINDOWS\KB3019215.log
2015-03-11 06:08 - 2015-03-11 06:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3019215$
2015-03-11 06:08 - 2015-03-11 06:08 - 00023838 _____ () C:\WINDOWS\KB3013126.log
2015-03-11 06:08 - 2015-03-11 06:08 - 00023786 _____ () C:\WINDOWS\KB2989935.log
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013126$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3011780$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3006226$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993958$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2989935$
2015-03-11 06:08 - 2015-03-11 06:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2918614$
2015-03-11 06:07 - 2015-03-11 06:08 - 00024199 _____ () C:\WINDOWS\KB2918614.log
2015-03-11 06:07 - 2015-03-11 06:07 - 00022825 _____ () C:\WINDOWS\KB2998579.log
2015-03-11 06:07 - 2015-03-11 06:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2998579$
2015-03-11 05:45 - 2015-03-11 05:45 - 00021625 _____ () C:\WINDOWS\KB2961072.log
2015-03-11 05:45 - 2015-03-11 05:45 - 00020864 _____ () C:\WINDOWS\KB2957503.log
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993651$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2961072$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2015-03-11 05:45 - 2015-03-11 05:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2939576$
2015-03-11 05:41 - 2015-03-11 05:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2926765$
2015-03-11 05:41 - 2015-03-11 05:41 - 00018897 _____ () C:\WINDOWS\KB2934207.log
2015-03-11 05:41 - 2015-03-11 05:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2015-03-11 05:36 - 2015-03-11 05:36 - 00019694 _____ () C:\WINDOWS\KB2868038.log
2015-03-11 05:36 - 2015-03-11 05:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-03-11 05:33 - 2015-03-11 06:26 - 00015122 _____ () C:\WINDOWS\KB2686509.log
2015-03-11 05:33 - 2015-03-11 05:33 - 00022190 _____ () C:\WINDOWS\KB2393802.log
2015-03-11 05:33 - 2015-03-11 05:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-03-11 05:30 - 2015-03-11 05:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2015-03-11 05:30 - 2015-03-11 05:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2015-03-11 05:30 - 2015-03-11 05:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2015-03-11 05:28 - 2015-03-11 05:28 - 00022283 _____ () C:\WINDOWS\KB956572.log
2015-03-11 05:28 - 2015-03-11 05:28 - 00015981 _____ () C:\WINDOWS\KB961118.log
2015-03-11 05:28 - 2015-03-11 05:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2015-03-11 05:28 - 2015-03-11 05:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2015-03-11 05:26 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-03-11 05:26 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-03-11 05:23 - 2015-03-11 06:09 - 00051249 _____ () C:\WINDOWS\KB3033889.log
2015-03-11 05:23 - 2015-03-11 06:08 - 00049004 _____ () C:\WINDOWS\KB3006226.log
2015-03-11 05:23 - 2015-03-11 05:45 - 00047242 _____ () C:\WINDOWS\KB2957509.log
2015-03-11 05:21 - 2015-03-11 06:10 - 00052701 _____ () C:\WINDOWS\KB3046049.log
2015-03-11 05:21 - 2015-03-11 05:30 - 00035281 _____ () C:\WINDOWS\KB960859.log
2015-03-11 05:21 - 2009-01-09 15:19 - 01089593 ____C () C:\WINDOWS\system32\dllcache\ntprint.cat
2015-03-11 05:16 - 2015-03-11 06:10 - 00053233 _____ () C:\WINDOWS\KB3034344.log
2015-03-11 05:16 - 2015-03-11 06:09 - 00051735 _____ () C:\WINDOWS\KB3039066.log
2015-03-11 05:15 - 2015-03-11 06:10 - 00054033 _____ () C:\WINDOWS\KB3033395.log
2015-03-11 05:15 - 2015-03-11 05:42 - 00045648 _____ () C:\WINDOWS\KB2926765.log
2015-03-11 05:13 - 2015-03-11 05:45 - 00046686 _____ () C:\WINDOWS\KB2939576.log
2015-03-11 05:08 - 2015-03-11 06:09 - 00052191 _____ () C:\WINDOWS\KB3032323.log
2015-03-11 05:08 - 2015-03-11 06:09 - 00050134 _____ () C:\WINDOWS\KB3021674.log
2015-03-11 05:07 - 2015-03-11 06:08 - 00049675 _____ () C:\WINDOWS\KB2993958.log
2015-03-11 05:06 - 2015-03-11 06:09 - 00050646 _____ () C:\WINDOWS\KB3004361.log
2015-03-11 05:06 - 2015-03-11 05:45 - 00049123 _____ () C:\WINDOWS\KB2993651.log
2015-03-11 05:05 - 2015-03-11 05:30 - 00045461 _____ () C:\WINDOWS\KB968389.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 00:27 - 2005-02-09 04:43 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Temp
2015-03-11 23:13 - 2005-02-09 05:04 - 01282221 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-11 23:12 - 2005-02-09 04:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-11 23:12 - 2005-02-08 20:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-11 23:12 - 2005-02-08 20:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-11 23:12 - 2003-03-31 08:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-11 23:11 - 2005-02-09 04:43 - 00000178 ___SH () C:\Documents and Settings\Ratman\ntuser.ini
2015-03-11 23:11 - 2005-02-09 04:42 - 00032642 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-11 12:47 - 2005-02-09 04:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-11 08:58 - 2005-02-09 06:41 - 00000000 ____D () C:\Program Files\360
2015-03-11 08:01 - 2005-02-09 18:15 - 00000000 ____D () C:\Documents and Settings\Ratman\Local Settings\Application Data\Adobe
2015-03-11 07:48 - 2005-02-12 03:42 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-03-11 07:48 - 2005-02-12 03:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPPORTDIR
2015-03-11 07:47 - 2005-02-08 20:29 - 00545744 _____ () C:\WINDOWS\setupapi.log
2015-03-11 07:13 - 2005-02-09 04:08 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-03-11 07:06 - 2005-02-09 21:50 - 00019006 _____ () C:\WINDOWS\system32\TZLog.log
2015-03-11 07:06 - 2005-02-08 20:30 - 01265350 _____ () C:\WINDOWS\FaxSetup.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00624027 _____ () C:\WINDOWS\ocgen.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00487861 _____ () C:\WINDOWS\tsoc.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00430562 _____ () C:\WINDOWS\comsetup.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00259901 _____ () C:\WINDOWS\ntdtcsetup.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00194171 _____ () C:\WINDOWS\iis6.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00070381 _____ () C:\WINDOWS\ocmsn.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00063801 _____ () C:\WINDOWS\msgsocm.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-03-11 07:06 - 2005-02-08 20:30 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-03-11 07:06 - 2005-02-08 20:25 - 00000000 ____D () C:\WINDOWS\security
2015-03-11 07:05 - 2005-02-08 20:30 - 00608094 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-11 06:35 - 2005-02-09 04:09 - 00159506 _____ () C:\WINDOWS\updspapi.log
2015-03-11 06:34 - 2005-02-09 06:43 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-03-11 06:34 - 2005-02-09 04:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-03-11 06:34 - 2005-02-08 20:25 - 00000000 ____D () C:\WINDOWS\Help
2015-03-11 06:19 - 2005-02-09 04:12 - 00090467 _____ () C:\WINDOWS\spupdsvc.log
2015-03-11 06:17 - 2005-02-12 02:14 - 00013560 _____ () C:\Documents and Settings\Ratman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-03-11 06:17 - 2005-02-11 04:49 - 00096664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 06:16 - 2005-02-09 04:43 - 00000000 ____D () C:\Documents and Settings\Ratman
2015-03-11 06:15 - 2005-02-09 07:01 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-03-11 06:10 - 2005-02-09 21:59 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 05:57 - 2005-02-09 04:37 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-11 05:36 - 2005-02-09 18:08 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-03-11 05:30 - 2005-02-09 04:16 - 00019815 _____ () C:\WINDOWS\wmsetup.log
2015-03-11 05:04 - 2005-03-11 06:26 - 00003482 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-03-11 05:02 - 2005-03-11 06:24 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-03-06 13:56 - 2003-03-31 08:00 - 00153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\schannel.dll
2015-03-06 13:56 - 2003-03-31 08:00 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-26 03:55 - 2003-03-31 08:00 - 01891840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\win32k.sys
2015-02-26 03:55 - 2003-03-31 08:00 - 01891840 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-19 22:39 - 2003-03-31 08:00 - 00294400 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\dllcache\atmfd.dll
2015-02-19 22:39 - 2003-03-31 08:00 - 00294400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-02-18 01:26 - 2003-03-31 08:00 - 08463872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shell32.dll
2015-02-18 01:26 - 2003-03-31 08:00 - 08463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-02-12 15:07 - 2009-03-08 08:39 - 11086848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 15:07 - 2009-03-08 08:32 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 15:07 - 2009-03-08 08:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 15:07 - 2009-03-08 08:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2015-02-12 15:07 - 2005-02-09 10:12 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 11086848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 02006528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2015-02-12 15:07 - 2005-02-09 10:11 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-02-12 15:07 - 2005-02-09 04:37 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 06009344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 06009344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2015-02-12 15:07 - 2003-03-31 08:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 15:07 - 2003-03-31 08:00 - 01217536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 01217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00630784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00420864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vbscript.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00348160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dxtmsft.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2015-02-12 15:07 - 2003-03-31 08:00 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2015-02-12 02:01 - 2005-02-09 04:12 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-11 22:01 - 2003-03-31 08:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2015-02-11 22:01 - 2003-03-31 08:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

==================== Files in the root of some directories =======

2005-02-09 05:31 - 2015-03-11 07:10 - 0000115 _____ () C:\Documents and Settings\Ratman\Application Data\LogFile.txt

Some content of TEMP:
====================
C:\Documents and Settings\Ratman\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Ratman\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsxzzm.dll
C:\Documents and Settings\Ratman\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Ratman\Local Settings\Temp\ReiSysUpdate.exe
C:\Documents and Settings\Ratman\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

rthompson · 2015/03/11

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Ratman at 2015-03-12 00:28:16
Running from C:\Documents and Settings\Ratman\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Internet Security (Disabled - Up to date) {D737F2DE-FA43-4036-AF5B-911612E2D674}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Dropbox (HKU\S-1-5-21-2052111302-879983540-725345543-1004\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.77 - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.2 - Tweaking.com)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.9.0042.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052111302-879983540-725345543-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ratman\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-03-2015 05:10:08 Software Distribution Service 3.0
11-03-2015 05:28:00 Software Distribution Service 3.0
11-03-2015 06:18:32 Printer Driver Microsoft XPS Document Writer Installed
11-03-2015 06:22:10 Software Distribution Service 3.0
11-03-2015 06:25:52 Installed Windows XP KB2686509.
11-03-2015 06:33:38 Software Distribution Service 3.0
11-03-2015 07:12:22 Software Distribution Service 3.0
11-03-2015 07:46:10 Configured LabelPrint
11-03-2015 08:05:29 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 08:00 - 2005-02-11 05:21 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-11 08:10 - 2015-03-11 08:10 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-11 08:10 - 2015-03-11 08:10 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-11 17:13 - 2015-03-11 17:13 - 02921984 _____ () C:\Program Files\AVAST Software\Avast\defs\15031101\algo.dll
2015-03-11 08:10 - 2015-03-11 08:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => " "= "Driver "

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2052111302-879983540-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2052111302-879983540-725345543-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2052111302-879983540-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-2052111302-879983540-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2052111302-879983540-725345543-1000 - Limited - Disabled)
Ratman (S-1-5-21-2052111302-879983540-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ratman
SUPPORT_388945a0 (S-1-5-21-2052111302-879983540-725345543-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2015 09:53:03 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020

Error: (03/11/2015 06:28:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpeedyPC.exe, version 3.2.15.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2015 06:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23661, fault address 0x0014a375.
Processing media-specific event for [iexplore.exe!ws!]

Error: (03/11/2015 06:19:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/11/2005 06:25:57 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:56 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (03/11/2015 11:12:46 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 11:12:32 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/11/2015 10:16:13 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 10:16:00 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/11/2015 09:59:00 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 09:59:00 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (03/11/2015 09:58:57 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/11/2015 08:58:55 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/11/2015 08:58:55 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (03/11/2015 08:58:53 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Microsoft Office Sessions:
=========================
Error: (03/11/2015 09:53:03 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (03/11/2015 06:28:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpeedyPC.exe3.2.15.0hungapp0.0.0.000000000

Error: (03/11/2015 06:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.236610014a375

Error: (03/11/2015 06:19:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/11/2005 06:25:57 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:56 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/11/2005 06:25:55 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 20%
Total physical RAM: 2038.07 MB
Available physical RAM: 1619.88 MB
Total Pagefile: 3931.12 MB
Available Pagefile: 3633.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.24 GB) (Free:24.13 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=37.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2015/03/12

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

rthompson · 2015/03/12

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ratman at 2015-03-12 21:26:45 Run:1
Running from C:\Documents and Settings\Ratman\Desktop
Loaded Profiles: Ratman (Available profiles: Ratman)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-879983540-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Ratman\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
2005-02-09 05:31 - 2015-03-11 07:10 - 0000115 _____ () C:\Documents and Settings\Ratman\Application Data\LogFile.txt
C:\Documents and Settings\Ratman\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Ratman\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsxzzm.dll
C:\Documents and Settings\Ratman\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Ratman\Local Settings\Temp\ReiSysUpdate.exe
C:\Documents and Settings\Ratman\Local Settings\Temp\sqlite3.dll

*****************

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2052111302-879983540-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
BAPIDRV => Service deleted successfully.
CLVirtualBus01 => Service deleted successfully.
cpuz134 => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\Documents and Settings\Ratman\Application Data\LogFile.txt => Moved successfully.
C:\Documents and Settings\Ratman\Local Settings\Temp\dllnt_dump.dll => Moved successfully.
C:\Documents and Settings\Ratman\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsxzzm.dll => Moved successfully.
C:\Documents and Settings\Ratman\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Ratman\Local Settings\Temp\ReiSysUpdate.exe => Moved successfully.
C:\Documents and Settings\Ratman\Local Settings\Temp\sqlite3.dll => Moved successfully.

==== End of Fixlog 21:26:45 ====

broni · 2015/03/12

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

rthompson · 2015/03/12

checkup

Results of screen317's Security Check version 0.99.97
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox (36.0.1)
Google Chrome 35.0.1916.114 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

rthompson · 2015/03/12

Fss

Farbar Service Scanner Version: 17-01-2015
Ran by Ratman (administrator) on 12-03-2015 at 22:20:46
Running from "C:\Documents and Settings\Ratman\Desktop "
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(5) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

rthompson · 2015/03/12

Sophos

No threats found.

broni · 2015/03/12

Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

==============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now ")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

broni · 2015/03/17

The issue seems to be resolved.

Log in or Sign up

Solved Downloaded programs to fix error in windows update

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Downloaded programs to fix error in windows update

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

rthompson Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches