Solved Another crudware machine

broni · 2014/10/27

Click Start, click Run, type sysdm.cpl, and then click OK.
On the Advanced tab, click Settings under Startup and Recovery.
Under System Startup, click Edit. This will open boot.ini file in Notepad.
In your case Notepad window will be empty.

Copy following text:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect
Click to expand...

and paste it into open Notepad window.
Go File>Save
Close Notepad.

Restart computer and see if you can run BootCheck.

elcajongunsfan · 2014/10/27

Same issue, clicking on edit sez the same about notepad.exe is not a valid win32 application

broni · 2014/10/27

Possibly Notepad properties are not correct because this: c:\docs and settings\pcuser\notepad.exe is not correct path.

Find Notepad under Start>All Programs, right click on it and click "Properties ".
Make sure you have these values:

Target: %windir%\system32\notepad.exe
Start in: %windir%

elcajongunsfan · 2014/10/27

It does work, just not for the boot.ini editing

%SystemRoot%\system32\notepad.exe

%HOMEDRIVE%%HOMEPATH%

Doing a dir /a in that docs and settings\pcuser\ directory shows a zero length notepad.exe

broni · 2014/10/27

Where exactly do you see this value?
%HOMEDRIVE%%HOMEPATH%
Under "Start in "?
If so it's incorrect.
%HOMEDRIVE% is your C drive but %HOMEPATH% points to \Documents and Settings\{username}
Let me check my XP installation.
Hold on for a sec.

elcajongunsfan · 2014/10/27

Under the properties of notepad.exe in start in....

broni · 2014/10/27

Looks same on my XP.
Hold on...

broni · 2014/10/27

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator

Copy the content of the following box and paste it into the main textfield:
Code:
:filefind
notepad.exe
boot.ini
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

elcajongunsfan · 2014/10/27

SystemLook 30.07.11 by jpshortstuff
Log created at 19:25 on 27/10/2014 by pcuser
Administrator - Elevation successful

No Context: Code:

========== filefind ==========

Searching for "notepad.exe "
C:\Documents and Settings\pcuser\notepad.exe --a---- 0 bytes [19:04 26/04/2013] [19:04 26/04/2013] D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\notepad.exe --a--c- 69120 bytes [11:06 24/05/2010] [12:42 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C
C:\WINDOWS\$NtServicePackUninstall$\notepad.exe -----c- 69120 bytes [20:17 24/05/2010] [10:00 04/08/2004] 388B8FBC36A8558587AFC90FB23A3B99
C:\WINDOWS\ServicePackFiles\i386\notepad.exe -----c- 69120 bytes [20:22 24/05/2010] [12:42 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C
C:\WINDOWS\system32\notepad.exe --a---- 69120 bytes [10:00 04/08/2004] [12:42 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C
C:\WINDOWS\system32\dllcache\notepad.exe --a--c- 69120 bytes [11:06 24/05/2010] [12:42 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C

Searching for "boot.ini "
No files found.

-= EOF =-

broni · 2014/10/27

For whatever reason your computer wants to use this Notepad:
C:\Documents and Settings\pcuser\notepad.exe
but that file is empty (0 bytes).
Go ahead and delete notepad.exe from the above location.
Then copy notepad.exe from here: C:\WINDOWS\notepad.exe and paste it into C:\Documents and Settings\pcuser folder.

See if that will cure Notepad issue.

elcajongunsfan · 2014/10/27

Ok, that fixed that issue and I was asked if I want to create a new boot.ini

This is what i pasted in:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect

So save it and then reboot? This is idiot proof, right?

Thanks

broni · 2014/10/27

Yes...lol.

After rebooting re-run Combofix and it should allow you to install Recovery Console.

elcajongunsfan · 2014/10/27

ComboFix 14-10-27.01 - pcuser 10/27/2014 19:54:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1583 [GMT -7:00]
Running from: c:\documents and settings\pcuser\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-28 )))))))))))))))))))))))))))))))
.
.
2014-10-28 02:47 . 2014-10-28 02:47 39464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F86034A-7D08-4ACD-A543-63D9E45CAEB1}\MpKsl975b1df8.sys
2014-10-28 02:37 . 2008-04-14 12:42 69120 ----a-w- c:\documents and settings\pcuser\notepad.exe
2014-10-28 01:26 . 2014-10-20 10:37 8901368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F86034A-7D08-4ACD-A543-63D9E45CAEB1}\mpengine.dll
2014-10-27 23:51 . 2014-10-28 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-27 23:28 . 2014-10-27 23:37 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-27 23:28 . 2014-10-27 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-10-26 23:59 . 2014-10-20 10:37 8901368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-26 19:25 . 2014-10-26 19:25 -------- d-----w- c:\documents and settings\pcuser\Application Data\Oracle
2014-10-26 19:25 . 2014-10-26 19:25 -------- d-----w- c:\program files\Common Files\Java
2014-10-26 19:25 . 2014-10-26 19:25 -------- d-----w- c:\documents and settings\pcuser\Local Settings\Application Data\Sun
2014-10-26 19:25 . 2014-10-26 19:24 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-10-26 19:25 . 2014-10-26 19:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-26 04:58 . 2014-10-26 05:08 -------- d-----w- c:\windows\system32\MRT
2014-10-26 04:19 . 2014-10-26 04:19 17903792 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-10-26 04:13 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-10-26 04:10 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2014-10-26 04:10 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2014-10-26 04:10 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2014-10-26 04:09 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-10-26 04:09 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-10-26 04:09 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-10-26 03:43 . 2014-10-28 00:33 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-26 03:43 . 2014-10-27 23:50 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-26 03:43 . 2014-10-01 18:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-26 03:43 . 2014-10-26 03:53 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-26 03:43 . 2014-10-26 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-10-26 03:37 . 2014-10-26 03:37 -------- d-----w- c:\windows\ERUNT
2014-10-26 03:29 . 2014-10-26 17:46 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-26 19:27 . 2012-04-12 19:35 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-26 19:27 . 2011-12-22 20:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41 . 2010-08-04 18:15 231568 ------w- c:\windows\system32\MpSigStub.exe
2013-07-12 00:20 . 2013-07-12 00:20 0 ----a-w- c:\program files\GUTA6E.tmp
2013-07-08 07:15 . 2013-07-08 07:15 0 ----a-w- c:\program files\GUT4D2.tmp
2013-07-06 08:15 . 2013-07-06 08:15 0 ----a-w- c:\program files\GUT120.tmp
2012-03-29 01:48 . 2012-03-29 01:48 0 ----a-w- c:\program files\GUTA.tmp
2012-03-28 17:48 . 2012-03-28 17:48 0 ----a-w- c:\program files\GUT79.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 12:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 12:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 12:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 12:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB975467_0$\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389_0$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2004-08-04 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2009-02-09 . 2F868BFFBF50524653D7FE0D99AFB064 . 715264 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-04 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntdll.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2004-08-04 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 05:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-14 05:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 05:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 12:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 12:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[7] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\sp3qfe\ntkrnlpa.exe
[7] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-03-07 . 9ED39805DF38061BB031D0F2B20DFB77 . 2028544 . . [5.1.2600.6368] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-03-07 . 9C8E896FCF103F943EB3F405A974447D . 2070016 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2859537$\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 2C9091C3350E369BBB2464AABE2FD7CA . 2027520 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . 61CCE48F7BD00E0E4D5CDE206F2DDC1B . 2026496 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . 115964D2E8323D9DE4FF5B74795AA0D5 . 2021888 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 243223E3FB74B68DFFBB41989F33DFB3 . 2020864 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe
[-] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2005-03-30 . 02FE8020C3A758FE2A8C45CBF4FD17CB . 2015232 . . [5.1.2600.2643] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
.
[-] 2008-04-14 12:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 12:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.

elcajongunsfan · 2014/10/27

[-] 2008-04-14 12:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 12:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\sp3qfe\ntoskrnl.exe
[7] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-03-07 . 8C39722F8C291F1BBCCE80EE23065897 . 2149888 . . [5.1.2600.6368] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-03-07 . 3FD65320312C8411B72E33DA8661D36A . 2193408 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2859537$\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . DD5A89274B47499CCFF7ADCA3A3C560E . 2148864 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . A144D60B35E6DD14CCB9649B5E0D1092 . 2148352 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 4F1BBAF9BA10B29022FB3F5FAC32D022 . 2143744 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-02-06 . 19A791C5DFE59AA9BB1461C4957004F6 . 2142720 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe
[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2005-03-30 . D5B44CEB743886F36222928CE2536C44 . 2135552 . . [5.1.2600.2643] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-04 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-05-30 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-05-30 170520]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480]
"JobHisInit "= "c:\program files\RMClient\JobHisInit.exe" [2003-05-30 135168]
"MplSetUp "= "c:\program files\RMClient\MplSetUp.exe" [2000-11-05 40960]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2013-03-06 520424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir "= "rmdir" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 22:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2013-04-22 17:05 720064 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-05-30 02:00 141848 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-07-31 17:22 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 22:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc "=2 (0x2)
"gupdate "=2 (0x2)
"helpsvc "=2 (0x2)
"PolicyAgent "=2 (0x2)
"RemoteRegistry "=2 (0x2)
"seclogon "=2 (0x2)
"WebClient "=2 (0x2)
"Util BatBrowse "=2 (0x2)
"Update BatBrowse "=2 (0x2)
"sdCoreService "=2 (0x2)
"sdAuxService "=2 (0x2)
"PCTechHotlineSvc "=2 (0x2)
"CltMngSvc "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe "=
.
R1 MpKsl975b1df8;MpKsl975b1df8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F86034A-7D08-4ACD-A543-63D9E45CAEB1}\MpKsl975b1df8.sys [10/27/2014 7:47 PM 39464]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [8/1/2012 7:24 PM 21992]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL975B1DF8
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-26 07:40 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:27]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-10 05:21]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-10 05:21]
.
2014-10-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11]
.
2014-10-27 c:\windows\Tasks\User_Feed_Synchronization-{CC932386-5783-4C63-AF1C-7A83ACC779E0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:13091;
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: candy%20crush%20saga.com
Trusted Zone: facebook.com\apps
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
FF - ProfilePath - c:\documents and settings\pcuser\Application Data\Mozilla\Firefox\Profiles\9mic4unz.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-27 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Jsip]
"ImagePath "= "c:\program files\Jsip\Jsip.exe -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Jsip]
@Denied: (A B 2 3) (Everyone)
"Type "=dword:00000010
"Start "=dword:00000002
"ErrorControl "=dword:00000001
"ImagePath "=expand: "c:\\Program Files\\Jsip\\Jsip.exe -service "
"DisplayName "= "Jsip "
"ObjectName "= "LocalSystem "
"Description "= "This Jsip service is page assistant in all browsers. "
"FailureActions "=hex:01,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,74,00,6d,
00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-10-27 20:03:26
ComboFix-quarantined-files.txt 2014-10-28 03:03
ComboFix2.txt 2014-10-28 01:19
.
Pre-Run: 47,380,574,208 bytes free
Post-Run: 47,366,365,184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - BDB06373CD629661DDBAB73CC0631DB7
8F558EB6672622401DA993E1E865C861

broni · 2014/10/27

Excellent!

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

elcajongunsfan · 2014/10/27

# AdwCleaner v4.002 - Report created 27/10/2014 at 20:18:52
# DB v
# Updated 27/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : pcuser - 745REGMSO-07
# Running from : C:\Documents and Settings\pcuser\Desktop\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v33.0.1 (x86 en-US)

[9mic4unz.default] - Line Deleted : # Mozilla User Preferences
[9mic4unz.default] - Line Deleted :
[9mic4unz.default] - Line Deleted : /* Do not edit this file.
[9mic4unz.default] - Line Deleted : *
[9mic4unz.default] - Line Deleted : * If you make changes to this file while the application is running,
[9mic4unz.default] - Line Deleted : * the changes will be overwritten when the application exits.
[9mic4unz.default] - Line Deleted : *
[9mic4unz.default] - Line Deleted : * To make a manual change to preferences, you can visit the URL about:config
[9mic4unz.default] - Line Deleted : */
[9mic4unz.default] - Line Deleted :
[9mic4unz.default] - Line Deleted : user_pref( "app.update.lastUpdateTime.addon-background-update-timer ", 1414455090);
[9mic4unz.default] - Line Deleted : user_pref( "app.update.lastUpdateTime.background-update-timer ", 1414452422);
[9mic4unz.default] - Line Deleted : user_pref( "app.update.lastUpdateTime.blocklist-background-update-timer ", 1414455210);
[9mic4unz.default] - Line Deleted : user_pref( "app.update.lastUpdateTime.browser-cleanup-thumbnails ", 1414463059);
[9mic4unz.default] - Line Deleted : user_pref( "app.update.lastUpdateTime.experiments-update-timer ", 1414452864);
[9mic4unz.default] - Line Deleted : user_pref( "app.update.lastUpdateTime.search-engine-update-timer ", 1414452302);
[9mic4unz.default] - Line Deleted : user_pref( "browser.cache.disk.capacity ", 358400);
[9mic4unz.default] - Line Deleted : user_pref( "browser.cache.disk.smart_size.first_run ", false);
[9mic4unz.default] - Line Deleted : user_pref( "browser.cache.disk.smart_size.use_old_max ", false);
[9mic4unz.default] - Line Deleted : user_pref( "browser.cache.disk.smart_size_cached_value ", 358400);
[9mic4unz.default] - Line Deleted : user_pref( "browser.cache.frecency_experiment ", 4);
[9mic4unz.default] - Line Deleted : user_pref( "browser.download.importedFromSqlite ", true);
[9mic4unz.default] - Line Deleted : user_pref( "browser.download.lastDir ", "C:\\Documents and Settings\\pcuser\\Desktop ");
[9mic4unz.default] - Line Deleted : user_pref( "browser.download.panel.shown ", true);
[9mic4unz.default] - Line Deleted : user_pref( "browser.download.useDownloadDir ", false);
[9mic4unz.default] - Line Deleted : user_pref( "browser.migration.version ", 22);
[9mic4unz.default] - Line Deleted : user_pref( "browser.newtabpage.enhanced ", true);
[9mic4unz.default] - Line Deleted : user_pref( "browser.newtabpage.storageVersion ", 1);
[9mic4unz.default] - Line Deleted : user_pref( "browser.pagethumbnails.storage_version ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "browser.places.smartBookmarksVersion ", 7);
[9mic4unz.default] - Line Deleted : user_pref( "browser.privatebrowsing.autostart ", true);
[9mic4unz.default] - Line Deleted : user_pref( "browser.rights.3.shown ", true);
[9mic4unz.default] - Line Deleted : user_pref( "browser.sessionstore.upgradeBackup.latestBuildID ", "20141023194920 ");
[9mic4unz.default] - Line Deleted : user_pref( "browser.shell.checkDefaultBrowser ", false);
[9mic4unz.default] - Line Deleted : user_pref( "browser.slowStartup.averageTime ", 4317);
[9mic4unz.default] - Line Deleted : user_pref( "browser.slowStartup.samples ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "browser.startup.homepage_override.buildID ", "20141023194920 ");
[9mic4unz.default] - Line Deleted : user_pref( "browser.startup.homepage_override.mstone ", "33.0.1 ");
[9mic4unz.default] - Line Deleted : user_pref( "browser.syncPromoViewsLeftMap ", "{\ "passwords\ ":4} ");
[9mic4unz.default] - Line Deleted : user_pref( "browser.uiCustomization.state ", "{\ "placements\ ":{\ "PanelUI-contents\ ":[\ "edit-controls\ ",\ "zoom-controls\ ",\ "new-window-button\ ",\ "privatebrowsing-button\ ",\ "save-page-button\ ",\ "print-but[...]
[9mic4unz.default] - Line Deleted : user_pref( "browser.uitour.whitelist.add.260 ", " ");
[9mic4unz.default] - Line Deleted : user_pref( "browser.uitour.whitelist.add.340 ", " ");
[9mic4unz.default] - Line Deleted : user_pref( "browser.urlbar.autocomplete.enabled ", false);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.healthreport.lastDataSubmissionRequestedTime ", "1414452310326 ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.healthreport.lastDataSubmissionSuccessfulTime ", "1414452312569 ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.healthreport.nextDataSubmissionTime ", "1414538712569 ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.healthreport.service.firstRun ", true);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.policy.dataSubmissionPolicyAccepted ", true);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.policy.dataSubmissionPolicyAcceptedVersion ", 2);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.policy.dataSubmissionPolicyNotifiedTime ", "1414452126988 ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.policy.dataSubmissionPolicyResponseTime ", "1414452259023 ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.policy.dataSubmissionPolicyResponseType ", "accepted-info-bar-dismissed ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.policy.firstRunTime ", "1414295949075 ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.current.activeTicks ", 24);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.current.clean ", true);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.current.firstPaint ", 2179);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.current.main ", 1094);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.current.sessionRestored ", 2373);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.current.startTime ", "1414466114621 ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.current.totalTime ", 141);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.currentIndex ", 14);
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.10 ", "{\ "s\ ":1414454969378,\ "a\ ":194,\ "t\ ":1128,\ "c\ ":true,\ "m\ ":1,\ "fp\ ":1139,\ "sr\ ":1329} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.11 ", "{\ "s\ ":1414456227576,\ "a\ ":76,\ "t\ ":1641,\ "c\ ":true,\ "m\ ":1078,\ "fp\ ":2220,\ "sr\ ":2452} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.12 ", "{\ "s\ ":1414459214994,\ "a\ ":754,\ "t\ ":5056,\ "c\ ":true,\ "m\ ":3060,\ "fp\ ":5322,\ "sr\ ":5620} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.13 ", "{\ "s\ ":1414465471882,\ "a\ ":102,\ "t\ ":558,\ "c\ ":true,\ "m\ ":2794,\ "fp\ ":4932,\ "sr\ ":5221} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.6 ", "{\ "s\ ":1414452040115,\ "a\ ":53,\ "t\ ":410,\ "c\ ":true,\ "m\ ":20452,\ "fp\ ":24381,\ "sr\ ":28018} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.7 ", "{\ "s\ ":1414452537743,\ "a\ ":2,\ "t\ ":11,\ "c\ ":true,\ "m\ ":187,\ "fp\ ":1185,\ "sr\ ":1666} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.8 ", "{\ "s\ ":1414452743160,\ "a\ ":9,\ "t\ ":161,\ "c\ ":true,\ "m\ ":188,\ "fp\ ":1195,\ "sr\ ":1686} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.previous.9 ", "{\ "s\ ":1414454939624,\ "a\ ":5,\ "t\ ":27,\ "c\ ":true,\ "m\ ":2936,\ "fp\ ":5237,\ "sr\ ":5722} ");
[9mic4unz.default] - Line Deleted : user_pref( "datareporting.sessions.prunedIndex ", 5);
[9mic4unz.default] - Line Deleted : user_pref( "dom.mozApps.used ", true);
[9mic4unz.default] - Line Deleted : user_pref( "extensions.blocklist.pingCountTotal ", 2);
[9mic4unz.default] - Line Deleted : user_pref( "extensions.blocklist.pingCountVersion ", 2);
[9mic4unz.default] - Line Deleted : user_pref( "extensions.databaseSchema ", 16);
[9mic4unz.default] - Line Deleted : user_pref( "extensions.enabledAddons ", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.1 ");
[9mic4unz.default] - Line Deleted : user_pref( "extensions.getAddons.cache.lastUpdate ", 1414455090);
[9mic4unz.default] - Line Deleted : user_pref( "extensions.getAddons.databaseSchema ", 5);
[9mic4unz.default] - Line Deleted : user_pref( "extensions.hotfix.lastVersion ", "20140527.01.3 ");
[9mic4unz.default] - Line Deleted : user_pref( "extensions.lastAppVersion ", "33.0.1 ");
[9mic4unz.default] - Line Deleted : user_pref( "extensions.lastPlatformVersion ", "33.0.1 ");
[9mic4unz.default] - Line Deleted : user_pref( "extensions.pendingOperations ", false);
[9mic4unz.default] - Line Deleted : user_pref( "extensions.shownSelectionUI ", true);
[9mic4unz.default] - Line Deleted : user_pref( "gecko.buildID ", "20141023194920 ");
[9mic4unz.default] - Line Deleted : user_pref( "gecko.mstone ", "33.0.1 ");
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.direct2d ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.layers.direct3d10 ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.layers.direct3d10-1 ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.layers.direct3d11 ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.layers.direct3d9 ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.layers.opengl ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.stagefright ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.suggested-driver-version ", "6.1400.1000.5218 ");
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.webgl.angle ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.webgl.msaa ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "gfx.blacklist.webgl.opengl ", 3);
[9mic4unz.default] - Line Deleted : user_pref( "idle.lastDailyNotification ", 1414455764);
[9mic4unz.default] - Line Deleted : user_pref( "media.gmp-gmpopenh264.lastUpdate ", 1414336140);
[9mic4unz.default] - Line Deleted : user_pref( "media.gmp-gmpopenh264.version ", "1.1 ");
[9mic4unz.default] - Line Deleted : user_pref( "media.gmp-manager.lastCheck ", 1414452125);
[9mic4unz.default] - Line Deleted : user_pref( "network.cookie.prefsMigrated ", true);
[9mic4unz.default] - Line Deleted : user_pref( "pdfjs.migrationVersion ", 2);
[9mic4unz.default] - Line Deleted : user_pref( "places.database.lastMaintenance ", 1414452311);
[9mic4unz.default] - Line Deleted : user_pref( "places.history.expiration.transient_current_max_pages ", 53413);
[9mic4unz.default] - Line Deleted : user_pref( "plugin.disable_full_page_plugin_for_types ", "application/pdf ");
[9mic4unz.default] - Line Deleted : user_pref( "plugin.importedState ", true);
[9mic4unz.default] - Line Deleted : user_pref( "privacy.sanitize.migrateFx3Prefs ", true);
[9mic4unz.default] - Line Deleted : user_pref( "signon.importedFromSqlite ", true);
[9mic4unz.default] - Line Deleted : user_pref( "storage.vacuum.last.index ", 1);
[9mic4unz.default] - Line Deleted : user_pref( "storage.vacuum.last.places.sqlite ", 1414338014);
[9mic4unz.default] - Line Deleted : user_pref( "toolkit.startup.last_success ", 1414466115);
[9mic4unz.default] - Line Deleted : user_pref( "toolkit.telemetry.previousBuildID ", "20141023194920 ");

-\\ Google Chrome v38.0.2125.104

*************************

AdwCleaner[R0].txt - [25504 octets] - [25/10/2014 20:29:54]
AdwCleaner[R1].txt - [1003 octets] - [26/10/2014 10:42:54]
AdwCleaner[R2].txt - [12055 octets] - [27/10/2014 20:17:55]
AdwCleaner[S0].txt - [25486 octets] - [25/10/2014 20:32:29]
AdwCleaner[S1].txt - [1059 octets] - [26/10/2014 10:46:07]
AdwCleaner[S2].txt - [12192 octets] - [27/10/2014 20:18:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [12253 octets] ##########

elcajongunsfan · 2014/10/27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Microsoft Windows XP x86
Ran by pcuser on Mon 10/27/2014 at 20:21:32.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/27/2014 at 20:25:44.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

elcajongunsfan · 2014/10/27

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by pcuser (administrator) on 745REGMSO-07 on 27-10-2014 20:27:14
Running from C:\Documents and Settings\pcuser\Desktop
Loaded Profile: pcuser (Available profiles: pcuser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-08-03] (Analog Devices, Inc.)
HKLM\...\Run: [JobHisInit] => C:\Program Files\RMClient\JobHisInit.exe [135168 2003-05-29] ()
HKLM\...\Run: [MplSetUp] => C:\Program Files\RMClient\MplSetUp.exe [40960 2000-11-04] (RICOH CO.,LTD.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] ( (Microsoft Corporation))
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect "

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:13091;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64962993B2DACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {246A41D6-8573-909C-93FF-2DADB0FCBF14} URL =
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = https://www.google.com/search?q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.12 68.105.29.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\pcuser\Application Data\Mozilla\Firefox\Profiles\9mic4unz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-24]

Chrome:
=======
CHR Profile: C:\Documents and Settings\pcuser\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\pcuser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\pcuser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "Jsip" service was unlocked successfully. <===== ATTENTION

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-26] (Oracle Corporation)
U2 Jsip; C:\Program Files\Jsip\Jsip.exe [391168 2014-06-22] () [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation) [File not signed]
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-26] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [339456 2009-07-20] (Analog Devices, Inc.) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R3 b57w2k; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [161792 2007-06-06] (Broadcom Corporation) [File not signed]
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) [File not signed]
S3 HidIr; C:\WINDOWS\System32\DRIVERS\hidir.sys [19200 2008-04-14] (Microsoft Corporation) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\system32\Drivers\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [6008704 2008-04-02] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46592 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2004-08-04] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) [File not signed]
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation) [File not signed]
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [445696 2007-05-14] (Ralink Technology, Corp.) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SIUSBXP; C:\WINDOWS\System32\drivers\SiUSBXp.sys [21992 2012-04-02] (Silicon Laboratories)
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32128 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [15104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-04] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\DOCUME~1\pcuser\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 20:27 - 2014-10-27 20:27 - 00033738 _____ () C:\Documents and Settings\pcuser\Desktop\FRST.txt
2014-10-27 20:26 - 2014-10-27 20:27 - 00000000 ____D () C:\FRST
2014-10-27 20:25 - 2014-10-27 20:26 - 00000590 _____ () C:\Documents and Settings\pcuser\Desktop\JRT.txt
2014-10-27 20:20 - 2014-10-27 20:20 - 00012334 _____ () C:\Documents and Settings\pcuser\Desktop\AdwCleaner[S2].txt
2014-10-27 20:16 - 2014-10-27 20:16 - 01998336 _____ () C:\Documents and Settings\pcuser\Desktop\adwcleaner_4.002.exe
2014-10-27 20:16 - 2014-10-27 20:16 - 01706144 _____ (Thisisu) C:\Documents and Settings\pcuser\Desktop\JRT.exe
2014-10-27 20:12 - 2014-10-27 20:17 - 01104896 _____ (Farbar) C:\Documents and Settings\pcuser\Desktop\FRST.exe
2014-10-27 20:03 - 2014-10-27 20:27 - 00000000 ____D () C:\Documents and Settings\pcuser\Local Settings\temp
2014-10-27 20:03 - 2014-10-27 20:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-27 20:03 - 2014-10-27 20:03 - 00058807 _____ () C:\ComboFix.txt
2014-10-27 20:03 - 2014-10-27 20:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-27 20:03 - 2014-10-27 20:03 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-10-27 19:51 - 2014-10-27 19:44 - 00000193 _____ () C:\Boot.bak
2014-10-27 19:51 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-10-27 19:50 - 2014-10-27 19:51 - 00000000 _RSHD () C:\cmdcons
2014-10-27 19:38 - 2014-10-27 19:51 - 00000310 __RSH () C:\boot.ini
2014-10-27 19:37 - 2008-04-14 05:42 - 00069120 _____ (Microsoft Corporation) C:\Documents and Settings\pcuser\notepad.exe
2014-10-27 19:25 - 2014-10-27 19:29 - 00002090 _____ () C:\Documents and Settings\pcuser\Desktop\SystemLook.txt
2014-10-27 19:24 - 2014-10-27 19:24 - 00139264 _____ () C:\Documents and Settings\pcuser\Desktop\SystemLook.exe
2014-10-27 18:40 - 2014-10-27 18:40 - 00010153 _____ () C:\Documents and Settings\pcuser\Desktop\BootCheck.zip
2014-10-27 18:19 - 2014-10-27 20:04 - 00058807 _____ () C:\Documents and Settings\pcuser\Desktop\combofix.txt
2014-10-27 18:12 - 2014-10-27 18:12 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-10-27 18:12 - 2014-10-27 18:12 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-10-27 18:12 - 2014-10-27 18:12 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-10-27 18:12 - 2014-10-27 18:12 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-10-27 18:12 - 2014-10-27 18:12 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-10-27 17:59 - 2014-10-27 20:03 - 00000000 ____D () C:\Qoobox
2014-10-27 17:59 - 2014-10-27 18:16 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-27 17:59 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-27 17:59 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-27 17:59 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-27 17:59 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-27 17:59 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-27 17:59 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-27 17:59 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-27 17:59 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-27 17:59 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-27 17:57 - 2014-10-27 17:57 - 05591695 ____R (Swearware) C:\Documents and Settings\pcuser\Desktop\ComboFix.exe
2014-10-27 16:51 - 2014-10-27 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-27 16:50 - 2014-10-27 17:50 - 00000000 ____D () C:\Documents and Settings\pcuser\Desktop\mbar
2014-10-27 16:47 - 2014-10-27 16:47 - 00004351 _____ () C:\Documents and Settings\pcuser\Desktop\rk1.txt
2014-10-27 16:46 - 2014-10-27 16:46 - 00003230 _____ () C:\Documents and Settings\pcuser\Desktop\rk.txt
2014-10-27 16:28 - 2014-10-27 16:37 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-27 16:28 - 2014-10-27 16:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-10-27 16:27 - 2014-10-27 16:27 - 14349744 _____ (Malwarebytes Corp.) C:\Documents and Settings\pcuser\Desktop\mbar-1.07.0.1012.exe
2014-10-27 16:26 - 2014-10-27 16:27 - 16281688 _____ () C:\Documents and Settings\pcuser\Desktop\RogueKiller.exe
2014-10-26 12:25 - 2014-10-26 12:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-26 12:25 - 2014-10-26 12:25 - 00000000 ____D () C:\Documents and Settings\pcuser\Local Settings\Application Data\Sun
2014-10-26 12:25 - 2014-10-26 12:25 - 00000000 ____D () C:\Documents and Settings\pcuser\Application Data\Oracle
2014-10-26 12:25 - 2014-10-26 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-26 12:25 - 2014-10-26 12:24 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-26 12:25 - 2014-10-26 12:24 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-26 12:25 - 2014-10-26 12:24 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-26 12:25 - 2014-10-26 12:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-26 12:25 - 2014-10-26 12:24 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-26 11:17 - 2014-10-26 11:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2839229$
2014-10-26 11:11 - 2014-10-26 11:23 - 00019680 _____ () C:\WINDOWS\KB2839229.log
2014-10-26 08:07 - 2014-10-26 08:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-26 08:03 - 2014-10-26 08:04 - 00009653 _____ () C:\Documents and Settings\pcuser\Desktop\dds.txt
2014-10-26 08:03 - 2014-10-26 08:03 - 00026387 _____ () C:\Documents and Settings\pcuser\Desktop\attach.txt
2014-10-26 07:59 - 2014-10-26 07:59 - 00000354 _____ () C:\mar.txt
2014-10-26 03:01 - 2014-10-26 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-10-26 03:01 - 2014-10-26 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-10-25 23:01 - 2014-10-25 23:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-10-25 23:01 - 2014-10-25 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-10-25 22:58 - 2014-10-25 22:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-10-25 22:57 - 2014-10-25 22:57 - 00014555 _____ () C:\WINDOWS\KB2834886.log
2014-10-25 22:57 - 2014-10-25 22:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-10-25 22:55 - 2014-10-25 22:56 - 00016023 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-10-25 22:51 - 2014-10-25 22:51 - 00014338 _____ () C:\WINDOWS\KB2900986.log
2014-10-25 22:51 - 2014-10-25 22:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-10-25 22:48 - 2014-10-25 22:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-10-25 22:47 - 2014-10-25 22:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-10-25 22:44 - 2014-10-26 10:56 - 00042882 _____ () C:\WINDOWS\KB2862335.log
2014-10-25 22:44 - 2014-10-25 22:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-10-25 22:42 - 2014-10-25 22:42 - 00013751 _____ () C:\WINDOWS\KB2834904-v2.log
2014-10-25 22:42 - 2014-10-25 22:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-10-25 22:27 - 2014-10-25 22:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-25 22:26 - 2014-10-25 22:26 - 00013403 _____ () C:\WINDOWS\KB2904266.log
2014-10-25 22:26 - 2014-10-25 22:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-10-25 22:26 - 2014-10-25 22:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-10-25 22:20 - 2014-10-25 22:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-10-25 22:19 - 2014-10-25 22:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-10-25 22:19 - 2014-10-25 22:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-10-25 22:11 - 2014-10-25 22:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-10-25 22:10 - 2014-10-25 22:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-10-25 22:10 - 2014-10-25 22:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-10-25 21:58 - 2014-10-25 22:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-25 21:55 - 2014-10-25 21:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-10-25 21:54 - 2014-10-26 10:55 - 00065296 _____ () C:\WINDOWS\KB2868038.log
2014-10-25 21:48 - 2014-10-25 21:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-10-25 21:43 - 2014-10-25 21:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-10-25 21:41 - 2014-10-25 21:41 - 00010356 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-10-25 21:37 - 2014-10-26 03:01 - 00006223 _____ () C:\WINDOWS\updspapi.log
2014-10-25 21:37 - 2014-10-25 21:37 - 00012848 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-10-25 21:27 - 2014-10-25 21:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-10-25 21:26 - 2014-10-25 21:28 - 00006236 _____ () C:\WINDOWS\KB2914368.log
2014-10-25 21:19 - 2014-10-25 21:19 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-10-25 21:14 - 2014-10-26 03:01 - 00024365 _____ () C:\WINDOWS\KB2847311.log
2014-10-25 21:14 - 2014-10-25 23:02 - 00022298 _____ () C:\WINDOWS\KB2868626.log
2014-10-25 21:14 - 2014-10-25 23:01 - 00021493 _____ () C:\WINDOWS\KB2922229.log
2014-10-25 21:14 - 2014-10-25 22:58 - 00021293 _____ () C:\WINDOWS\KB2916036.log
2014-10-25 21:13 - 2014-10-25 22:48 - 00020728 _____ () C:\WINDOWS\KB2898715.log
2014-10-25 21:13 - 2014-10-25 22:47 - 00019410 _____ () C:\WINDOWS\KB2929961.log
2014-10-25 21:13 - 2013-07-02 19:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-10-25 21:12 - 2014-10-25 22:26 - 00019403 _____ () C:\WINDOWS\KB2876217.log
2014-10-25 21:12 - 2014-10-25 22:20 - 00019500 _____ () C:\WINDOWS\KB2930275.log
2014-10-25 21:12 - 2014-10-25 22:19 - 00018523 _____ () C:\WINDOWS\KB2864063.log
2014-10-25 21:12 - 2014-10-25 22:19 - 00018003 _____ () C:\WINDOWS\KB2862152.log
2014-10-25 21:11 - 2014-10-26 10:56 - 00060366 _____ () C:\WINDOWS\KB2859537.log
2014-10-25 21:11 - 2014-10-25 22:11 - 00016865 _____ () C:\WINDOWS\KB2850869.log
2014-10-25 21:11 - 2014-10-25 22:10 - 00017178 _____ () C:\WINDOWS\KB2876331.log
2014-10-25 21:10 - 2014-10-26 03:01 - 00023854 _____ () C:\WINDOWS\KB2893294.log
2014-10-25 21:10 - 2013-07-16 17:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2014-10-25 21:10 - 2013-07-16 17:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-10-25 21:10 - 2013-07-16 17:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-10-25 21:09 - 2014-10-25 21:48 - 00016107 _____ () C:\WINDOWS\KB2892075.log
2014-10-25 21:09 - 2013-08-08 17:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-10-25 21:09 - 2013-08-08 17:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-10-25 21:09 - 2009-03-18 04:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-10-25 20:53 - 2014-10-26 08:12 - 00152521 _____ () C:\Documents and Settings\pcuser\Desktop\mbar.txt
2014-10-25 20:43 - 2014-10-27 17:33 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 20:43 - 2014-10-27 16:50 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-25 20:43 - 2014-10-25 20:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-25 20:43 - 2014-10-25 20:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-25 20:43 - 2014-10-25 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-25 20:43 - 2014-10-25 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-25 20:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-25 20:37 - 2014-10-25 20:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-25 20:29 - 2014-10-27 20:18 - 00000000 ____D () C:\AdwCleaner
2014-10-25 20:26 - 2014-10-25 20:26 - 00688992 ____R (Swearware) C:\Documents and Settings\pcuser\Desktop\dds.com
2014-10-25 20:11 - 2014-10-26 11:17 - 00189830 _____ () C:\WINDOWS\iis6.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00173124 _____ () C:\WINDOWS\FaxSetup.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00082768 _____ () C:\WINDOWS\ocgen.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00078990 _____ () C:\WINDOWS\tsoc.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00058067 _____ () C:\WINDOWS\comsetup.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00053724 _____ () C:\WINDOWS\msmqinst.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00035132 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00030324 _____ () C:\WINDOWS\netfxocm.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00011900 _____ () C:\WINDOWS\MedCtrOC.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00009576 _____ () C:\WINDOWS\ocmsn.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00008708 _____ () C:\WINDOWS\tabletoc.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00008652 _____ () C:\WINDOWS\msgsocm.log
2014-10-25 20:11 - 2014-10-26 11:17 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-25 20:11 - 2014-10-26 03:01 - 00001393 _____ () C:\WINDOWS\imsins.BAK
2014-10-25 20:11 - 2014-10-25 20:11 - 00010179 _____ () C:\WINDOWS\KB940157Uninst.log
2014-10-25 19:45 - 2014-10-25 19:45 - 00000000 ____D () C:\WINDOWS\pss
2014-10-25 19:39 - 2014-10-26 11:06 - 00000326 _____ () C:\WINDOWS\setupact.log
2014-10-25 19:39 - 2014-10-25 19:39 - 00000000 _____ () C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 20:22 - 2013-07-31 23:46 - 01443061 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-27 20:20 - 2010-05-24 04:08 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-10-27 20:20 - 2010-05-24 04:08 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-10-27 20:20 - 2004-08-04 03:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-27 20:19 - 2013-11-09 22:21 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 20:19 - 2012-04-12 12:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-27 20:19 - 2010-05-24 11:20 - 00000178 ___SH () C:\Documents and Settings\pcuser\ntuser.ini
2014-10-27 20:19 - 2010-05-24 11:19 - 00032402 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-27 20:19 - 2010-05-24 11:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-27 20:03 - 2013-05-14 03:14 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-10-27 20:00 - 2004-08-04 03:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-10-27 19:48 - 2010-05-24 11:17 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-10-27 19:46 - 2013-11-09 22:21 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 19:44 - 2012-01-19 18:04 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-10-27 18:19 - 2010-05-24 11:19 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-27 18:12 - 2010-05-24 04:05 - 00061440 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-10-27 18:12 - 2010-05-24 04:05 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-10-27 18:12 - 2010-05-24 04:04 - 44826624 _____ () C:\WINDOWS\system32\config\software.bak
2014-10-27 18:12 - 2010-05-24 04:04 - 06291456 _____ () C:\WINDOWS\system32\config\system.bak
2014-10-27 18:12 - 2010-05-24 04:04 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-10-27 16:23 - 2010-08-04 09:28 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{CC932386-5783-4C63-AF1C-7A83ACC779E0}.job
2014-10-26 12:27 - 2012-04-12 12:35 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-26 12:27 - 2011-12-22 15:34 - 00000000 ____D () C:\Documents and Settings\pcuser\Local Settings\Application Data\Adobe
2014-10-26 12:27 - 2011-12-22 13:08 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-26 12:24 - 2012-04-14 12:58 - 00000000 ____D () C:\Program Files\Java
2014-10-26 11:23 - 2014-07-01 09:36 - 00520813 _____ () C:\WINDOWS\setupapi.log
2014-10-26 08:07 - 2013-08-01 22:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-26 03:17 - 2010-05-24 04:05 - 00698440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-25 23:04 - 2010-05-24 14:25 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-25 23:01 - 2011-02-22 12:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-25 22:55 - 2010-05-24 13:59 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-10-25 22:54 - 2010-05-24 04:06 - 00608844 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 22:41 - 2004-08-04 03:00 - 00000684 _____ () C:\WINDOWS\win.ini
2014-10-25 22:26 - 2010-05-24 12:59 - 00040290 _____ () C:\WINDOWS\system32\TZLog.log
2014-10-25 21:38 - 2010-05-24 14:32 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-10-25 20:54 - 2010-05-24 12:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2_0$
2014-10-25 20:53 - 2013-11-09 22:19 - 00000000 ____D () C:\Program Files\FLV Player
2014-10-25 20:20 - 2014-04-14 20:19 - 00000140 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2014-10-25 20:08 - 2011-12-22 11:27 - 00000000 ____D () C:\Program Files\PC Tools Security
2014-10-25 20:08 - 2011-12-22 11:27 - 00000000 ____D () C:\Program Files\Common Files\PC Tools
2014-10-25 20:08 - 2010-08-04 10:04 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-10-03 10:03 - 2010-05-24 13:00 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\Documents and Settings\pcuser\acrobatreader.exe
C:\Documents and Settings\pcuser\flashplayer.exe
C:\Documents and Settings\pcuser\notepad.exe

Some content of TEMP:
====================
C:\Documents and Settings\pcuser\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\pcuser\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\TEMP\Local Settings\temp\jre-6u31-windows-i586-iftw-rv.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

elcajongunsfan · 2014/10/27

Thanks,, I'll be back tomorrow at 5 pm...I really appreciate your work on this

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-10-2014 01
Ran by pcuser at 2014-10-27 20:28:02
Running from C:\Documents and Settings\pcuser\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.7.2316 - CDBurnerXP)
Critical Security Update (HKCU\...\Critical Security Update) (Version: - JNLP)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
Jsip (HKLM\...\Jsip) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.1 (x86 en-US)) (Version: 33.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
mPlayer version 1.0 (HKLM\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
PrintMaster 2012 Platinum (HKLM\...\5354-7805-5584-7014) (Version: 4.0.0.200 - Encore Software Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartDeviceMonitor for Client (HKLM\...\PMClient) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wireless USB Card (HKLM\...\{1EEAEAD7-95F3-489C-AB71-D188D530A951}) (Version: 6.0.1 - Netopia)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1060284298-1409082233-839522115-1003_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-1409082233-839522115-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

26-10-2014 03:10:22 Removed WeatherBug
26-10-2014 03:11:03 Removed Uninstall Helper
26-10-2014 03:13:20 Removed CWA Reminder by We-Care.com v4.1.22.3
26-10-2014 04:09:02 Software Distribution Service 3.0
26-10-2014 04:25:18 Software Distribution Service 3.0
26-10-2014 06:24:03 Microsoft Antimalware Checkpoint
26-10-2014 10:00:21 Software Distribution Service 3.0
26-10-2014 14:12:51 Software Distribution Service 3.0
26-10-2014 14:23:46 Software Distribution Service 3.0
26-10-2014 15:33:04 Software Distribution Service 3.0
26-10-2014 17:54:31 Software Distribution Service 3.0
26-10-2014 18:16:29 Software Distribution Service 3.0
26-10-2014 18:22:33 Software Distribution Service 3.0
26-10-2014 19:24:39 Installed Java 7 Update 71
26-10-2014 23:59:39 Software Distribution Service 3.0
27-10-2014 23:49:16 before mbar
28-10-2014 00:07:14 Malwarebytes Anti-Rootkit Restore Point
28-10-2014 00:15:48 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 03:00 - 2014-10-27 18:13 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{CC932386-5783-4C63-AF1C-7A83ACC779E0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2001-07-31 10:17 - 2001-07-31 10:17 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2010-08-04 11:31 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE "
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1060284298-1409082233-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1060284298-1409082233-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-1060284298-1409082233-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1060284298-1409082233-839522115-1000 - Limited - Disabled)
pcuser (S-1-5-21-1060284298-1409082233-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\pcuser
SUPPORT_388945a0 (S-1-5-21-1060284298-1409082233-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (IPX)
Description: WAN Miniport (IPX)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IPX) #2
Description: WAN Miniport (IPX)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2014 10:51:12 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (10/25/2014 10:46:28 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description:

Error: (10/25/2014 10:46:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (10/25/2014 10:40:57 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (10/25/2014 10:10:20 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description:

Error: (10/25/2014 10:10:20 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (10/25/2014 09:50:33 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description:

Error: (10/25/2014 09:50:33 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (10/25/2014 08:55:53 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description:

Error: (10/25/2014 08:55:53 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

System errors:
=============
Error: (10/27/2014 08:20:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (10/27/2014 08:20:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Client Service for NetWare service terminated with the following error:
%%2

Error: (10/27/2014 07:46:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (10/27/2014 07:45:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Client Service for NetWare service terminated with the following error:
%%2

Error: (10/27/2014 06:13:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (10/27/2014 06:13:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Client Service for NetWare service terminated with the following error:
%%2

Error: (10/27/2014 06:03:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Jsip service terminated unexpectedly. It has done this 2 time(s).

Error: (10/27/2014 06:03:02 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Jsip Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (10/27/2014 06:02:06 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Jsip Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (10/27/2014 06:02:06 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Jsip Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of memory in use: 21%
Total physical RAM: 2037.54 MB
Available physical RAM: 1596.92 MB
Total Pagefile: 3930.27 MB
Available Pagefile: 3667.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:44.08 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 72617261)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2014/10/27

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Log in or Sign up

Solved Another crudware machine

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Share This Page

Log in or Sign up

Solved Another crudware machine

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Share This Page

Useful Searches