Solved Copy errors from XP CD and Windows Component Wizard

Sorry for late response. I've fallen ill and have a headache, if I look at the screen it gets worse.

Combofix deleted many legitimate files mainly in the c:\documents and settings/admin folder, can they selectively be reversed?

ComboFix 14-03-05.01 - Admin 03/05/2014 15:41:10.1.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3550.2592 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\.-
c:\documents and settings\Admin\_socket.pyd
c:\documents and settings\Admin\_ssl.pyd
c:\documents and settings\Admin\14.mp4
c:\documents and settings\Admin\14.wav
c:\documents and settings\Admin\251.bmp
c:\documents and settings\Admin\51.wav
c:\documents and settings\Admin\ac32wav.exe
c:\documents and settings\Admin\apetowav.exe
c:\documents and settings\Admin\avc2avi.exe
c:\documents and settings\Admin\avi2mpg1.exe
c:\documents and settings\Admin\avi2raw.exe
c:\documents and settings\Admin\barf.exe
c:\documents and settings\Admin\bmplogsadd.exe
c:\documents and settings\Admin\bz2.pyd
c:\documents and settings\Admin\dumppo.exe
c:\documents and settings\Admin\faac.exe
c:\documents and settings\Admin\ffmpeg.exe
c:\documents and settings\Admin\hping.exe
c:\documents and settings\Admin\ic.exe
c:\documents and settings\Admin\js32.dll
c:\documents and settings\Admin\lame_enc.dll
c:\documents and settings\Admin\libgpac.dll
c:\documents and settings\Admin\MP4Box.exe
c:\documents and settings\Admin\MultiDecimate.exe
c:\documents and settings\Admin\My Documents\Online Games.url
c:\documents and settings\Admin\My Documents\Your Scanner.url
c:\documents and settings\Admin\nsf2wav.exe
c:\documents and settings\Admin\opusdec.exe
c:\documents and settings\Admin\opusenc.exe
c:\documents and settings\Admin\paq8kx_v7.exe
c:\documents and settings\Admin\paq9a.exe
c:\documents and settings\Admin\ProcessMD.exe
c:\documents and settings\Admin\Recent\114.8152847372861561499582989287279525787654348743829483175969152747964437162562282122882189482949554797864971
c:\documents and settings\Admin\Recent\127.46486742249769452958258774484772541288156157891942123641478946668817497992637978416662942317659969812955418
c:\documents and settings\Admin\Recent\139.664544142867221723358851295354144981817696759316393239336572641487433156591197387887567522835444457367694833281888516213277696393362732299925742
c:\documents and settings\Admin\Recent\175.11314935646434159868473592737674732762332366683234534651915975829834145312644248214244266461774942185558962463558
c:\documents and settings\Admin\Recent\2439155223372928169956933338873214878959548471939676645847179832134143719344736116961718466269528365756723732562312.674859
c:\documents and settings\Admin\Recent\261.599642389351424749662461582681719976263557498226273933657866894842217788236388663691978593416818732955447412714
c:\documents and settings\Admin\Recent\326.434129779895633541717221473793574886597442535712914215115311947993882188719843443354242632919821341725364382245766581462937979959922452284947456
c:\documents and settings\Admin\Recent\349114965889571541814523455218575597769431931.875912296791185989113945512611179285162897751766786451174833421816198213769751538656735727
c:\documents and settings\Admin\Recent\414.4824935225434615775274167899236672591396217688895486368628314861534331538897325756521585528828293769743381828559294491324
c:\documents and settings\Admin\Recent\422.79461984619478271834841113531479496784437471716834461598217355211413531889918273748384371414231542654931778736
c:\documents and settings\Admin\Recent\459.14243437951835571395656464882163446317484356826839631796175447682827322276425432975971157815531839858787586159815
c:\documents and settings\Admin\Recent\521.8457771599112376179652269665544558595259988949645758422278571522414786435382161914129495523283595952146364576
c:\documents and settings\Admin\Recent\544.37511588717888634682189692889316227861781564763827153321274919283991468275873654486595343916737884611838822
c:\documents and settings\Admin\Recent\55289154432422787113348798583157992671429424148689922824898314444374936897832334842346162435574251484656769946.35295394868
c:\documents and settings\Admin\Recent\574.812739951567428669338884581839326421733987616125332569192932711277252339396976632118422291155989192978383952927
c:\documents and settings\Admin\Recent\595.27874137564132911491441627493767722443499511467512499578999877288691774797977883311471356216824762612841945
c:\documents and settings\Admin\Recent\655.216298774231663283348494939154994132361286287154133553223287825546342817182566423443243717339427852868915492171712498938
c:\documents and settings\Admin\Recent\811.42577266747325543251883114873639399521289519271696453835262253283676248277175213368812529299455836943928241966469677
c:\documents and settings\Admin\Recent\821.66381495597663117849992586123654666813674386769569517135224269772399233639169768249491272358947869951832428
c:\documents and settings\Admin\Recent\875.4258222936236129599239252333176471688863158927178959443193986584191375761826244782645263161293576428396362
c:\documents and settings\Admin\Recent\889.115867192994316956138692851245617863223652752651786656942659994862563223223415469428834829711518368889148732723252695939233433969322971476462842
c:\documents and settings\Admin\Recent\948.8318736516619666582835548128685154376183497695682368224845969457197474712434284891425542851731357768652529962
c:\documents and settings\Admin\starcraft_power_saver.exe
c:\documents and settings\Admin\Start Menu\Programs\1964.lnk
c:\documents and settings\Admin\unicodedata.pyd
c:\documents and settings\Admin\VFRLCM.exe
c:\documents and settings\Admin\wget.exe
c:\documents and settings\Admin\x264_x86.exe
c:\documents and settings\Admin\zlib.pyd
C:\Thumbs.db
c:\windows\~df73e5.tmp
c:\windows\~df73e6.tmp
c:\windows\~df73e7.tmp
c:\windows\~df73e8.tmp
c:\windows\Readme.txt
c:\windows\system\RICHTX32.OCX
c:\windows\system32\msssc.dll
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\x264.exe
c:\windows\twain_16.dll
c:\windows\wininit.ini
C:\windowsupdateagent30-x86.exe
C:\x
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COM+_MESSAGES
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-02-05 to 2014-03-05 )))))))))))))))))))))))))))))))
.
.
2014-02-27 18:04 . 2014-02-27 18:04 -------- d-----w- c:\program files\Common Files\Skype
2014-02-27 18:03 . 2014-03-05 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! for Skype
2014-02-27 18:02 . 2014-02-27 18:02 -------- d-----w- c:\program files\Yuna Software
2014-02-27 13:36 . 2014-02-27 13:36 2126 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-02-27 13:36 . 2014-02-27 13:36 -------- d-----w- C:\VTRoot
2014-02-27 13:29 . 2014-03-02 16:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2014-02-27 13:27 . 2014-02-27 13:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-02-27 13:27 . 2014-02-27 13:28 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2014-02-27 13:25 . 2014-02-27 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2014-02-27 13:24 . 2014-02-27 13:24 -------- d-----w- C:\first_launch
2014-02-27 13:23 . 2014-02-27 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2014-02-27 12:20 . 2014-02-27 12:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2014-02-27 12:15 . 2014-02-27 12:35 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-27 12:15 . 2014-02-27 12:35 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-27 12:15 . 2013-10-11 02:14 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-27 12:15 . 2014-02-27 12:15 -------- d-----w- c:\program files\Avira
2014-02-26 12:21 . 2014-03-02 16:05 -------- d-----w- C:\FRST
2014-02-26 12:15 . 2014-02-26 12:15 -------- d-----w- c:\windows\ERUNT
2014-02-26 12:04 . 2014-02-26 12:11 -------- d-----w- C:\AdwCleaner
2014-02-25 14:23 . 2014-02-25 15:16 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-25 14:23 . 2014-02-25 15:15 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-25 14:13 . 2014-02-25 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2014-02-25 14:13 . 2014-02-25 14:13 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Pro
2014-02-25 14:11 . 2014-02-25 14:15 -------- d-----w- c:\program files\DAEMON Tools Pro
2014-02-25 14:06 . 2014-02-25 14:06 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-02-24 16:09 . 2014-02-24 16:09 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2014-02-24 16:09 . 2014-02-24 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-24 16:09 . 2014-02-24 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-24 16:09 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-24 15:14 . 2001-08-17 20:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2014-02-24 15:14 . 2001-08-17 20:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2014-02-24 15:14 . 2001-08-17 20:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2014-02-24 15:14 . 2008-04-14 07:10 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2014-02-24 15:14 . 2001-08-17 20:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2014-02-24 15:14 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2014-02-24 15:14 . 2001-08-17 20:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2014-02-24 15:14 . 2008-04-14 12:42 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2014-02-24 15:14 . 2001-08-17 20:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2014-02-24 15:12 . 2001-08-18 05:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2014-02-24 15:11 . 2001-08-17 20:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2014-02-24 15:10 . 2008-04-14 07:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2014-02-24 15:09 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2014-02-24 15:08 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2014-02-24 15:07 . 2001-08-17 20:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2014-02-24 15:06 . 2001-08-18 05:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2014-02-24 15:05 . 2001-08-17 19:10 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys
2014-02-24 15:04 . 2001-08-17 19:17 29531 -c--a-w- c:\windows\system32\dllcache\dgapci.sys
2014-02-24 15:03 . 2008-04-14 12:41 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2014-02-24 15:02 . 2008-04-14 05:04 57856 -c--a-w- c:\windows\system32\dllcache\atinbtxx.sys
2014-02-24 15:01 . 2008-04-14 07:57 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2014-02-24 14:50 . 2008-04-14 12:00 605696 -c--a-w- c:\windows\system32\dllcache\getuname.dll
2014-02-24 14:50 . 2008-04-14 12:00 605696 ----a-w- c:\windows\system32\getuname.dll
2014-02-24 14:50 . 2008-04-14 12:00 80384 -c--a-w- c:\windows\system32\dllcache\charmap.exe
2014-02-24 14:50 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\charmap.exe
2014-02-24 14:50 . 2008-04-14 12:00 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2014-02-24 14:50 . 2008-04-14 12:00 114688 ----a-w- c:\windows\system32\calc.exe
2014-02-24 14:50 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\sol.exe
2014-02-24 14:50 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\winmine.exe
2014-02-24 14:50 . 2008-04-14 12:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2014-02-24 14:50 . 2008-04-14 12:00 126976 ----a-w- c:\windows\system32\mshearts.exe
2014-02-24 14:50 . 2008-04-14 12:00 55296 -c--a-w- c:\windows\system32\dllcache\freecell.exe
2014-02-24 14:50 . 2008-04-14 12:00 55296 ----a-w- c:\windows\system32\freecell.exe
2014-02-24 14:18 . 2014-02-24 14:18 -------- d-----w- c:\windows\system32\temp
2014-02-24 14:18 . 2014-02-24 14:18 -------- d-----w- c:\program files\BurnInTest
2014-02-24 13:53 . 2008-04-14 12:00 281088 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2014-02-24 13:53 . 2008-04-14 12:00 281088 ----a-w- c:\program files\Windows NT\Pinball\PINBALL.EXE
2014-02-24 11:29 . 2008-04-14 12:00 184320 -c--a-w- c:\windows\system32\dllcache\accwiz.exe
2014-02-24 11:29 . 2008-04-14 12:00 184320 ----a-w- c:\windows\system32\accwiz.exe
2014-02-24 11:28 . 2008-04-14 12:00 68608 ----a-w- c:\windows\system32\access.cpl
2014-02-23 18:25 . 2008-04-14 12:00 131584 ----a-w- c:\windows\system32\sndrec32.exe
2014-02-23 17:23 . 2014-02-23 17:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Skype
2014-02-23 16:52 . 2008-04-14 12:00 123392 -c--a-w- c:\windows\system32\dllcache\mplay32.exe
2014-02-23 16:52 . 2008-04-14 12:00 123392 ----a-w- c:\windows\system32\mplay32.exe
2014-02-23 16:24 . 2008-04-14 12:00 347136 ----a-w- c:\windows\system32\hypertrm.dll
2014-02-23 16:20 . 2008-04-14 12:00 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2014-02-23 16:20 . 2008-04-14 12:00 539136 ----a-w- c:\program files\Windows NT\dialer.exe
2014-02-23 15:37 . 2008-04-14 12:00 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2014-02-23 15:37 . 2008-04-14 12:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2014-02-23 15:37 . 2008-04-14 12:00 102912 -c--a-w- c:\windows\system32\dllcache\clipbrd.exe
2014-02-23 15:37 . 2008-04-14 12:00 102912 ----a-w- c:\windows\system32\clipbrd.exe
2014-02-23 15:33 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2014-02-23 15:33 . 2008-04-14 12:00 966656 ----a-w- c:\program files\MSN\MSNCoreFiles\OOBE\obemetal.dll
2014-02-23 15:33 . 2008-04-14 12:00 86016 ----a-w- c:\program files\MSN\MSNCoreFiles\OOBE\obepopc.dll
2014-02-23 15:33 . 2008-04-14 12:00 77824 ----a-w- c:\program files\MSN\MSNCoreFiles\OOBE\obemtllc.dll
2014-02-23 15:33 . 2008-04-14 12:00 229376 ----a-w- c:\program files\MSN\MSNCoreFiles\OOBE\obelog.dll
2014-02-23 15:33 . 2008-04-14 12:00 884712 ----a-w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
2014-02-23 15:33 . 2008-04-14 12:00 1327320 ----a-w- c:\program files\MSN\MSNCoreFiles\Install\msnsusii.exe
2014-02-23 15:33 . 2008-04-14 12:00 11053008 ----a-w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
2014-02-23 15:32 . 2008-04-14 12:00 538624 ----a-w- c:\windows\system32\spider.exe
2014-02-23 15:05 . 2008-04-14 12:00 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2014-02-23 15:05 . 2008-04-14 12:00 35328 ----a-w- c:\windows\system32\iprip.dll
2014-02-23 14:56 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys
2014-02-23 14:17 . 2001-08-18 05:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2014-02-23 14:15 . 2008-04-14 12:00 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2014-02-23 14:12 . 2008-04-14 12:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2014-02-23 14:12 . 2008-04-14 12:00 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2014-02-23 13:52 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2014-02-23 13:52 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2014-02-23 13:52 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2014-02-23 13:52 . 2008-04-14 12:00 16535 ----a-r- c:\windows\SET129.tmp
2014-02-23 13:51 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET11D.tmp
2014-02-23 13:51 . 2008-04-14 12:00 1296669 ----a-r- c:\windows\SET119.tmp
2014-02-23 11:11 . 2008-04-14 12:00 16535 ----a-r- c:\windows\SET12B.tmp
2014-02-23 11:11 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET11F.tmp
2014-02-23 11:10 . 2008-04-14 12:00 1296669 ----a-r- c:\windows\SET11C.tmp
2014-02-22 20:48 . 2014-02-22 20:48 -------- d-----w- c:\program files\Common Files\EZB Systems
2014-02-22 20:48 . 2014-02-22 20:48 -------- d-----w- c:\program files\UltraISO
2014-02-22 11:30 . 2013-09-24 19:04 1505104 ------w- c:\windows\system32\msvcr100d.dll
2014-02-22 10:40 . 2008-04-14 12:00 16535 ----a-r- c:\windows\SET1A8.tmp
2014-02-22 10:40 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET19C.tmp
2014-02-22 10:40 . 2008-04-14 12:00 1296669 ----a-r- c:\windows\SET199.tmp
2014-02-22 09:42 . 2014-02-24 17:23 -------- d-----w- C:\I386
2014-02-21 21:26 . 2014-02-21 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\EurekaLog
2014-02-21 15:39 . 2014-02-21 15:43 -------- d-----w- c:\windows\system32\MRT
2014-02-21 13:57 . 2008-04-14 12:00 214528 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2014-02-21 13:11 . 2008-04-14 12:00 16535 ----a-r- c:\windows\SET1A4.tmp
2014-02-21 13:11 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET198.tmp
2014-02-21 13:11 . 2008-04-14 12:00 1296669 ----a-r- c:\windows\SET195.tmp
2014-02-19 18:35 . 2014-02-21 09:32 -------- d-----w- c:\documents and settings\Admin\Application Data\X-Chat 2
2014-02-19 18:18 . 2014-02-19 18:55 -------- d-----w- c:\program files\xchat
2014-02-11 20:16 . 2014-02-11 20:16 -------- d-----w- c:\program files\IVONA
2014-02-11 19:16 . 2014-02-11 19:22 -------- d-----w- c:\program files\dspeech
2014-02-09 20:42 . 2014-02-09 20:42 -------- d-----w- c:\documents and settings\Admin\Application Data\Tumbywood Software
2014-02-09 20:42 . 2014-02-09 20:42 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Tumbywood_Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-01 03:27 . 2013-08-25 12:40 87616 ----a-w- c:\windows\PSSDNSVC.EXE
2014-03-01 03:27 . 2013-08-25 12:31 26 ----a-w- c:\documents and settings\Admin\coutndown hibernate.bat
2014-02-21 14:21 . 2012-08-06 22:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 14:21 . 2012-08-06 22:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-20 18:00 . 2013-10-27 20:27 112640 ----a-w- c:\windows\system32\ff_vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bandwidth Monitor Pro "= "c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2005-02-16 225280]
"DAEMON Tools Pro Agent "= "c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2013-02-07 17706088]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemGuardAlerter "= "c:\program files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe" [2005-11-08 386560]
"ioloDelayModule "= "c:\program files\iolo\System Mechanic Professional 6\delay.exe" [2005-06-09 96256]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2006-05-10 94208]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1 "= "c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"NUSB3MON "= "c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"RUSB3MON "= "c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"NvBackend "= "c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2012-09-23 108392]
"RTHDCPL "= "RTHDCPL.EXE" [2009-11-03 18782720]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-27 684600]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
"MessengerPlusForSkypeService "= "c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2014-02-16 128000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0??\0UDBDef c:\program files\DiskTrix\UltimateDefrag\UDBootCfg.xml
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=" "
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Text2Go.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Text2Go.lnk
backup=c:\windows\pss\Text2Go.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
backup=c:\windows\pss\PGPtray.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 12:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 22:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2006-08-01 13:35 67112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 04:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2013-03-29 23:07 2081792 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
2005-06-09 03:31 96256 ----a-w- c:\program files\iolo\System Mechanic Professional 6\Delay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2006-05-10 16:48 94208 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pg2.exe]
2005-09-19 01:40 1421824 ----a-w- c:\program files\PeerGuardian2\pg2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-07-19 09:38 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 09:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-07 20:14 17706088 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2005-11-08 18:04 545280 ----a-w- c:\program files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-27 00:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 11:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker]
2005-11-08 18:04 751104 ----a-w- c:\program files\iolo\System Mechanic Professional 6\PopupBlocker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
2005-12-22 20:46 1282048 ----a-w- c:\program files\Acesoft\Tracks Eraser Pro\te.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBoxTray]
2011-12-19 12:48 946480 ----a-w- c:\windows\system32\VBoxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2007-11-22 21:49 12889088 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp\\winamp.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
.
R0 IoloFilter;IoloFilter;c:\windows\system32\drivers\IoloFltr.sys [11/8/2007 9:25 PM 65024]
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\drivers\OCDE.sys [8/9/2004 1:34 PM 26384]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/25/2014 7:06 AM 685816]
R0 VBoxGuest;VirtualBox Guest Driver;c:\windows\system32\drivers\VBoxGuest.sys [8/1/2012 10:04 PM 107312]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [9/16/2012 11:54 AM 11448]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2/27/2014 5:15 AM 37352]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [5/7/2013 12:00 AM 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/24/2013 10:54 AM 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [11/14/2013 11:38 AM 587864]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/24/2013 10:54 AM 30552]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [9/2/2005 8:56 AM 6144]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [10/6/2013 10:17 PM 14272]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [9/6/2013 11:13 AM 22560]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/8/2012 10:29 PM 188328]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/8/2012 10:28 PM 94632]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/27/2014 5:15 AM 440376]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [8/15/2013 2:41 AM 90112]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [4/14/2008 5:00 AM 14336]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/17/2007 8:09 PM 3712]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2/27/2014 11:02 AM 128000]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2/5/2014 9:12 AM 1494304]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [9/25/2013 7:48 PM 85768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [9/25/2013 7:48 PM 177800]
R3 VBoxMouse;VirtualBox Guest Mouse Service;c:\windows\system32\drivers\VBoxMouse.sys [8/1/2012 10:04 PM 85808]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/19/2011 1:12 PM 104872]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2012 3:35 PM 116136]
S1 VBoxSF;VirtualBox Shared Folders;c:\windows\system32\drivers\VBoxSF.sys [8/1/2012 10:04 PM 227632]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/7/2013 1:10 PM 161384]
S2 VBoxService;VirtualBox Guest Additions Service;system32\VBoxService.exe --> system32\VBoxService.exe [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Admin\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Admin\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2012 7:45 PM 1684736]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [9/24/2013 10:53 AM 131288]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/12/2013 1:16 PM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/12/2013 1:16 PM 9160]
S3 NTice;NTice;c:\windows\system32\drivers\ntice.sys [9/2/2006 12:48 AM 1246338]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [8/11/2012 4:58 PM 13064]
S3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [8/25/2013 5:40 AM 87616]
S3 sdd;sdd;c:\windows\system32\DRIVERS\sddmini.sys --> c:\windows\system32\DRIVERS\sddmini.sys [?]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [1/10/2008 2:16 PM 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [5/10/2013 3:11 PM 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [5/10/2013 3:11 PM 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [5/10/2013 3:13 PM 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [5/10/2013 3:14 PM 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [5/10/2013 3:12 PM 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [1/10/2008 2:50 PM 90800]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2/27/2013 5:46 PM 84904]
S3 VBoxVideo;VBoxVideo;c:\windows\system32\drivers\VBoxVideo.sys [8/1/2012 10:04 PM 104240]
S4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2/27/2014 5:15 AM 1011768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 14:21]
.
2014-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2014-03-05 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Add Text - file://c:\program files\Tumbywood Software\Text2Go\AddTextContextMenu.htm
IE: Check Text - file://c:\program files\Tumbywood Software\Text2Go\CheckSelectedContextMenu.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Speak - file://c:\program files\Tumbywood Software\Text2Go\SpeakSelectedContextMenu.htm
IE: Text2Go - file://c:\program files\Tumbywood Software\Text2Go\Text2GoContextMenu.htm
IE: Use as Text2Go Artwork - file://c:\program files\Tumbywood Software\Text2Go\AddArtworkContextMenu.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mpuxkbdf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
MSConfigStartUp-ASUS Update Checker - c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-ctfmon - d:\windows\system32\ctfmon.exe
MSConfigStartUp-Eraser - c:\program files\Eraser\eraser.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
MSConfigStartUp-Norton Ghost 12 - c:\program files\Norton Ghost\Agent\VProTray.exe
MSConfigStartUp-Zone Labs Client - c:\progra~1\ZONELA~1\ZONEAL~1\zapro.exe
MSConfigStartUp-{E08DEE40-05E6-1033-0914-040616010001} - c:\program files\Common Files\{E08DEE40-05E6-1033-0914-040616010001}\Update.exe
MSConfigStartUp-{E08DEE40-05E7-1033-0914-040616010001} - c:\program files\Common Files\{E08DEE40-05E7-1033-0914-040616010001}\Update.exe
AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F01&SUBSYS_00C1A0A0 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F01&SUBSYS_00C1A0A0\HXFSETUP.EXE
AddRemove-Messenger Plus! - c:\program files\Yuna Software\Messenger Plus!\Uninstall.exe
AddRemove-Oracle VM VirtualBox Guest Additions - c:\program files\Oracle\VirtualBox Guest Additions\uninst.exe
AddRemove-TreeSize Professional_is1 - c:\program files\JAM Software\TreeSize Professional\unins000.exe
AddRemove-Wav2MP3 Wizard_is1 - c:\program files\Wav2MP3 Wizard\unins000.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-05 16:20
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\guard32.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\guard32.dll
c:\windows\system32\WSOCK32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(404)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
.
**************************************************************************
.
Completion time: 2014-03-05 16:28:41 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-05 23:28
.
Pre-Run: 133,729,734,656 bytes free
Post-Run: 133,537,988,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlog
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C084BEA9DC90276F1BB4D164BA3FAD68
8F558EB6672622401DA993E1E865C861

 

Thanks.

Everything seems ok software-wise but I wasn't able to get a new USB soundcard working which worked on another computer.

Before I follow your new instructions, tell me how to restore the following files combofix deleted because these are legitimate:

c:\documents and settings\Admin\.-
c:\documents and settings\Admin\_socket.pyd
c:\documents and settings\Admin\_ssl.pyd
c:\documents and settings\Admin\14.mp4
c:\documents and settings\Admin\14.wav
c:\documents and settings\Admin\251.bmp
c:\documents and settings\Admin\51.wav
c:\documents and settings\Admin\ac32wav.exe
c:\documents and settings\Admin\apetowav.exe
c:\documents and settings\Admin\avc2avi.exe
c:\documents and settings\Admin\avi2mpg1.exe
c:\documents and settings\Admin\avi2raw.exe
c:\documents and settings\Admin\barf.exe
c:\documents and settings\Admin\bmplogsadd.exe
c:\documents and settings\Admin\bz2.pyd
c:\documents and settings\Admin\dumppo.exe
c:\documents and settings\Admin\faac.exe
c:\documents and settings\Admin\ffmpeg.exe
c:\documents and settings\Admin\hping.exe
c:\documents and settings\Admin\ic.exe
c:\documents and settings\Admin\js32.dll
c:\documents and settings\Admin\lame_enc.dll
c:\documents and settings\Admin\libgpac.dll
c:\documents and settings\Admin\MP4Box.exe
c:\documents and settings\Admin\MultiDecimate.exe
c:\documents and settings\Admin\My Documents\Online Games.url
c:\documents and settings\Admin\My Documents\Your Scanner.url
c:\documents and settings\Admin\nsf2wav.exe
c:\documents and settings\Admin\opusdec.exe
c:\documents and settings\Admin\opusenc.exe
c:\documents and settings\Admin\paq8kx_v7.exe
c:\documents and settings\Admin\paq9a.exe
c:\documents and settings\Admin\ProcessMD.exe

 

Does that include "Code: "?

 

Ok that's what I did and dragged it into combofix but then it started scanning like before so I stopped it before something happened to the already-quarantined files. Is this normal? Does it really need to take half an hour to deep scan all over again just to restore quarantined files?

 

.Yes.

 

While it restored the quarantined files it merely copied them without preserving the timestamps. I had to manually cut and paste from the quarantine folder.

I'll post the rest of the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Admin on Fri 03/07/2014 at 15:03:04.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] msgplusservice
Successfully deleted: [Service] msgplusservice



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05D-F841-452A-A600-E8D8BBEA63DA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.animationpackage
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.skinpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.soundpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\messenger plus! for skype



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn "
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\messenger plus! for skype "
Failed to delete: [Folder] "C:\Program Files\yuna software "



~~~ FireFox

Emptied folder: C:\Documents and Settings\Admin\Application Data\mozilla\firefox\profiles\mpuxkbdf.default\minidumps [4 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 15:15:31.78
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 3/7/2014 3:17:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: | Country: | Language: | Date Format:

3.47 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 77.61% Memory free
5.31 Gb Paging File | 4.45 Gb Available in Paging File | 83.80% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 300.00 Gb Total Space | 124.10 Gb Free Space | 41.37% Space Free | Partition Type: NTFS
Drive D: | 29.80 Gb Total Space | 4.21 Gb Free Space | 14.12% Space Free | Partition Type: FAT32
Drive F: | 59.64 Gb Total Space | 0.11 Gb Free Space | 0.18% Space Free | Partition Type: exFAT
Drive G: | 59.62 Gb Total Space | 0.01 Gb Free Space | 0.02% Space Free | Partition Type: exFAT
Drive I: | 4.01 Gb Total Space | 1.40 Gb Free Space | 34.84% Space Free | Partition Type: NTFS
Drive J: | 199.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: exFAT
Drive N: | 465.74 Gb Total Space | 0.06 Gb Free Space | 0.01% Space Free | Partition Type: exFAT
Drive Q: | 20.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: exFAT

Computer Name: XP1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- C:\Program Files\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Shred With Tracks Eraser Pro] -- C:\Program Files\Acesoft\Tracks Eraser Pro\fileshred.exe %1 (Acesoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26B5D684-75D6-44B9-BBFF-D4100F43092A}" = Sony Ericsson PC Suite
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.7.2
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.2
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{74F15BB4-5DA6-4DDE-A091-F8DEE3C9E425}" = Text2Go
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7E9F464A-4118-4A5D-85D9-F50FDAD1754F}" = AudioPaint
"{8FDEDFA3-C1F2-4A8D-8727-7759D4C433E4}" = Oracle VM VirtualBox 4.2.6
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{901D1D88-408D-48E5-80DD-CC3145BD8456}" = COMODO Firewall
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8D189F5-A5BD-4F59-94C3-BD39662B96F7}" = Ableton Live 9 Suite
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BA96A695-E9CE-4B2A-919A-540B73E7A78E}" = Microsoft Platform SDK (3790.1830)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5B68FB3-B5B7-44B9-986A-D3772662F71D}" = TCC LE 13.0
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E5682FDA-E8C5-497D-ADE0-F5B2089940D5}" = Dead Disc Doctor
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1" = Eassos PartitionGuru Professional 3.7.0
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"3.0.100.39_is1" = Disktrix UltimateDefrag 3.0
"7-Zip" = 7-Zip 4.23
"8461-7759-5462-8226" = Vuze
"ACDSee 32" = ACDSee 32
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"Advanced ZIP Password Recovery" = Advanced ZIP Password Recovery
"AOL Instant Messenger" = AOL Instant Messenger
"Arena 3.0_is1" = Arena 3.0
"ArtMoney SE_is1" = ArtMoney SE v7.22
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avidemux 2.4" = Avidemux 2.4
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Bandwidth Monitor Pro" = Bandwidth Monitor Pro
"Bink and Smacker" = Bink and Smacker
"cedocida" = Cedocida DV Codec
"CloneSpy" = CloneSpy 3.1
"Corel Applications" = Corel Applications
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.2f
"DataNumen RAR Repair v2.1" = DataNumen RAR Repair v2.1
"DiamondCS Port Explorer_is1" = DiamondCS Port Explorer v2.000
"Download Accelerator Plus Beta" = Download Accelerator Plus Beta
"EditPad Pro 6" = JGsoft EditPad Pro 6 v.6.4.5
"Ethereal" = Ethereal 0.99.0
"FamilyKeyLogger" = Family Keylogger v2.83 (remove only)
"Fraps" = Fraps
"Free Fire Screensaver" = Free Fire Screensaver
"FreshDevices - FreshUI_is1" = FreshUI
"GameCheater 1.2" = GameCheater 1.2
"Gimp" = Gimp 2.8.1
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"Hermetic Stego 5.17_is1" = Hermetic Stego 5.17
"HWiNFO32_is1" = HWiNFO32 Version 4.22
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IVONA 2" = IVONA 2
"jdownloader09" = JDownloader 0.9
"Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MediaInfo" = MediaInfo 0.7.64
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Midi2Wav Recorder" = Midi2Wav Recorder
"MKVToolNix" = MKVToolNix 6.7.0 [20140102-565]
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"MsgPlus! Plugin" = Messenger Plus! 3
"Music MasterWorks_is1" = Music MasterWorks v3.60
"Neat Video for VirtualDub_is1" = Neat Video v3.4.0 Pro plug-in for VirtualDub
"Nero - Burning Rom!UninstallKey" = Nero 6
"NetConceal Anonymizer" = NetConceal Anonymizer
"Ninotech Date Edit" = Ninotech Date Edit 4.0
"NirSoft ShellExView" = NirSoft ShellExView
"Notepad++" = Notepad++
"Osmo4" = Osmo4/GPAC (remove only)
"PasswordTools" = PasswordTools
"PeerGuardian_is1" = PeerGuardian 2.0
"PerformanceTest 7_is1" = PerformanceTest v7.0
"PerformanceTest 8_is1" = PerformanceTest v8.0
"PowerISO" = PowerISO
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"System Mechanic Professional 6_is1" = iolo technologies' System Mechanic Professional 6
"SysTracer" = SysTracer v2.4
"Tag&Rename_is1" = Tag&Rename 3.4.6
"TCC LE 13.0 13.06.77" = TCC LE 13.0
"ToneGen" = NCH Tone Generator
"Tweak UI 2.10" = Tweak UI
"UltraISO_is1" = UltraISO Premium V9.36
"Unlocker" = Unlocker 1.9.0
"Visual C++ 6.0 Standard Edition" = Microsoft Visual C++ 6.0 Standard Edition
"VLC media player" = VLC media player 2.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Password" = Windows Password
"WinGimp-2.0_is1" = GIMP 2.4.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XXConsole" = XXConsole: Super Console Generator ver 0.96
"XYplorer" = XYplorer 11.50
"zbattle.net_is1" = zbattle.net 1.09 SR-1 beta
"ZD-spc_is1" = ZD-spc

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{801A00A1-4DFF-4D92-8D4B-96AC89731309}_is1" = Voice Converter version 1.0
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2014 5:48:55 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 5:49:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 5:49:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:42:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:42:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:44:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:44:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 9:13:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 9:13:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 9:40:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ Application Events ]
Error - 3/1/2014 5:48:55 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 5:49:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 5:49:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:42:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:42:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:44:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 7:44:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 9:13:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 9:13:56 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/1/2014 9:40:19 PM | Computer Name = XP1 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 3/5/2014 10:25:02 PM | Computer Name = XP1 | Source = Service Control Manager | ID = 7000
Description = The VirtualBox Guest Additions Service service failed to start due
to the following error: %%1053

Error - 3/5/2014 10:25:02 PM | Computer Name = XP1 | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
following error: %%2

Error - 3/5/2014 10:25:02 PM | Computer Name = XP1 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/5/2014 10:25:02 PM | Computer Name = XP1 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1083

Error - 3/5/2014 10:25:27 PM | Computer Name = XP1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
VBoxSF

Error - 3/5/2014 10:25:58 PM | Computer Name = XP1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 3/6/2014 12:20:59 PM | Computer Name = XP1 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Lexar JumpDrive
USB Device.

Error - 3/6/2014 12:21:01 PM | Computer Name = XP1 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Lexar USB Flash
Drive USB Device.

Error - 3/6/2014 12:21:03 PM | Computer Name = XP1 | Source = Removable Storage Service | ID = 262162
Description = RSM cannot manage library PhysicalDrive3. The initial inventory of
the library failed.

Error - 3/6/2014 12:21:14 PM | Computer Name = XP1 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Lexar JumpDrive
USB Device.


< End of report >

 

OTL logfile created on: 3/7/2014 3:17:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: | Country: | Language: | Date Format:

3.47 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 77.61% Memory free
5.31 Gb Paging File | 4.45 Gb Available in Paging File | 83.80% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 300.00 Gb Total Space | 124.10 Gb Free Space | 41.37% Space Free | Partition Type: NTFS
Drive D: | 29.80 Gb Total Space | 4.21 Gb Free Space | 14.12% Space Free | Partition Type: FAT32
Drive F: | 59.64 Gb Total Space | 0.11 Gb Free Space | 0.18% Space Free | Partition Type: exFAT
Drive G: | 59.62 Gb Total Space | 0.01 Gb Free Space | 0.02% Space Free | Partition Type: exFAT
Drive I: | 4.01 Gb Total Space | 1.40 Gb Free Space | 34.84% Space Free | Partition Type: NTFS
Drive J: | 199.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: exFAT
Drive N: | 465.74 Gb Total Space | 0.06 Gb Free Space | 0.01% Space Free | Partition Type: exFAT
Drive Q: | 20.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: exFAT

Computer Name: XP1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 14:21:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2014/02/27 05:35:33 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/02/27 05:34:12 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/02/27 05:34:02 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/02/27 05:33:59 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/02/18 11:00:53 | 008,769,536 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
PRC - [2013/12/09 19:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/09 19:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/11/20 12:24:06 | 007,022,808 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe
PRC - [2013/11/11 14:58:48 | 001,576,152 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
PRC - [2013/10/20 01:23:22 | 004,832,192 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2013/09/24 10:53:26 | 001,857,752 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2011/09/20 08:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2011/09/16 13:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/19 04:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/08 11:04:38 | 000,195,584 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
PRC - [2005/11/08 11:04:36 | 000,386,560 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
PRC - [2005/02/16 16:48:18 | 000,225,280 | ---- | M] (Pro²soft) -- C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
PRC - [2002/09/20 08:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 19:14:16 | 000,394,824 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/07/24 00:13:18 | 000,357,888 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtXml4.dll
MOD - [2012/03/18 12:10:52 | 008,499,712 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
MOD - [2012/03/18 12:07:57 | 002,347,520 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
MOD - [2012/03/18 12:07:57 | 000,200,704 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\imageformats\qjpeg4.dll
MOD - [2012/03/18 12:07:55 | 000,863,744 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtNetwork4.dll
MOD - [2012/03/18 12:07:54 | 000,026,624 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\imageformats\qgif4.dll
MOD - [2012/01/15 17:50:08 | 000,370,688 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\libsndfile.dll
MOD - [2012/01/15 17:50:00 | 000,390,656 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\lame_enc.dll
MOD - [2010/07/04 14:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008/04/29 00:05:14 | 000,327,680 | ---- | M] () -- C:\Program Files\DAP\DAPIEBar.dll
MOD - [2008/04/14 05:00:00 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/11/08 11:05:40 | 000,447,488 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\Search and Recover\FileTerminator.dll
MOD - [2005/11/08 11:04:38 | 000,195,584 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
MOD - [2005/11/08 11:04:36 | 000,386,560 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
MOD - [2000/03/16 01:01:00 | 000,080,896 | ---- | M] () -- C:\JoneSoft\Time Stamp Modifier\JSCMExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2014/02/28 20:27:56 | 000,087,616 | ---- | M] (Systems Internals) [On_Demand | Stopped] -- C:\WINDOWS\PSSDNSVC.EXE -- (PsShutdownSvc)
SRV - [2014/02/27 05:35:33 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/02/27 05:34:14 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/02/27 05:34:02 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/02/21 07:21:50 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 01:33:31 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/09 19:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/10/20 01:23:22 | 004,832,192 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/09/24 10:53:28 | 000,131,288 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/02/07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/19 04:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008/04/14 05:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2005/11/08 11:04:38 | 000,195,584 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe -- (IOLO_SRV)
SRV - [2005/10/28 10:59:30 | 000,027,648 | ---- | M] (Acesoft) [On_Demand | Stopped] -- C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe -- (Autocomplete)
SRV - [2002/09/20 08:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\v124nt.sys -- (V124)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\tonesnt.sys -- (Tones)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sddmini.sys -- (sdd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rksample.sys -- (Rksample)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV561AV.SYS -- (PID_0928)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\k56nt.sys -- (K56)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\fsksnt.sys -- (Fsks)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\fallback.sys -- (Fallback)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\cnxtdiag.sys -- (Cnxtdiag)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\basic2.sys -- (basic2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abg5txft)
DRV - [2014/02/27 05:35:43 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/02/27 05:35:43 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014/02/25 07:06:42 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2013/11/14 11:38:08 | 000,587,864 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2013/10/10 19:14:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/10/10 19:14:14 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/10/06 22:17:38 | 000,014,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hmd.sys -- (HMD)
DRV - [2013/09/24 10:54:00 | 000,096,216 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2013/09/24 10:54:00 | 000,030,552 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/09/24 10:54:00 | 000,015,704 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/09/06 11:13:11 | 000,022,560 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2013/08/14 19:05:31 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2013/05/07 00:00:16 | 000,036,112 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2013/03/07 08:49:20 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2013/03/07 08:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012/12/19 15:36:24 | 000,188,328 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/12/19 15:36:10 | 000,104,872 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/12/19 15:35:16 | 000,116,136 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012/12/19 15:35:16 | 000,094,632 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/12/19 15:35:16 | 000,084,904 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/08/27 18:43:18 | 000,177,800 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2012/08/27 18:43:16 | 000,085,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/12/19 05:48:24 | 000,227,632 | ---- | M] (Oracle Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\VBoxSF.sys -- (VBoxSF)
DRV - [2011/12/19 05:48:24 | 000,107,312 | ---- | M] (Oracle Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VBoxGuest.sys -- (VBoxGuest)
DRV - [2011/12/19 05:48:22 | 000,085,808 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxMouse.sys -- (VBoxMouse)
DRV - [2011/12/19 05:48:20 | 000,104,240 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxVideo.sys -- (VBoxVideo)
DRV - [2010/08/25 18:39:02 | 000,013,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\prwntdrv.sys -- (prwntdrv)
DRV - [2009/11/03 18:39:04 | 005,940,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/08/03 19:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/05 19:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/05 14:16:00 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/12 03:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/08/06 17:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/09/02 00:49:05 | 001,246,338 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ntice.sys -- (NTice)
DRV - [2006/05/25 00:53:06 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/05/15 06:49:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Funic.sys -- (se2Funic)
DRV - [2006/05/15 06:49:42 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Fobex.sys -- (SE2Fobex)
DRV - [2006/05/15 06:49:40 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Fmgmt.sys -- (SE2Fmgmt)
DRV - [2006/05/15 06:49:40 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Fnd5.sys -- (se2Fnd5)
DRV - [2006/05/15 06:49:36 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Fmdm.sys -- (SE2Fmdm)
DRV - [2006/05/15 06:49:36 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Fmdfl.sys -- (SE2Fmdfl)
DRV - [2006/05/15 06:49:32 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Fbus.sys -- (SE2Fbus)
DRV - [2006/05/10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/05/10 09:56:18 | 000,056,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2006/05/10 09:56:08 | 000,013,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/10/24 14:59:04 | 000,065,024 | ---- | M] (iolo Technologies) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\IoloFltr.sys -- (IoloFilter)
DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 13:34:24 | 000,026,384 | ---- | M] (ZTekWare.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\OCDE.sys -- (OCDE)
DRV - [2004/05/29 05:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2002/05/06 02:01:10 | 000,028,320 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [1995/11/07 02:57:00 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-1482476501-682003330-1003\..\SearchScopes,Backup.Old.DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-823518204-1482476501-682003330-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-823518204-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..browser.search.defaultenginename: "Search "
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledAddons: tsconverter%40sogame.cat:2.0.0
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.8.8
FF - prefs.js..extensions.enabledItems: tsconverter@sogame.cat:2.0.0
FF - prefs.js..network.proxy.ftp: "localhost "
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher: "localhost "
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "localhost "
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost "
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.ssl: "localhost "
FF - prefs.js..network.proxy.ssl_port: 8118
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/15 01:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/15 01:33:20 | 000,000,000 | ---D | M]

[2009/01/24 20:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/12/14 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ckwkef0c.test\extensions
[2013/12/14 15:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ckwkef0c.test\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/03/07 14:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mpuxkbdf.default\extensions
[2013/12/31 07:08:14 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mpuxkbdf.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/12/20 21:02:30 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mpuxkbdf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2013/10/14 16:28:08 | 000,000,000 | ---D | M] (TimeStamp Converter) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mpuxkbdf.default\extensions\tsconverter@sogame.cat
[2013/12/10 17:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\pci27uoa.Free\extensions
[2013/12/10 17:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\pci27uoa.Free\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/10 17:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\pci27uoa.Free\extensions\staged-xpis
[2012/09/14 18:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\pwbcqoz7.123\extensions
[2012/08/11 17:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\pwbcqoz7.123\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2006/07/18 14:39:16 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\pwbcqoz7.123\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/07 14:05:42 | 000,537,052 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mpuxkbdf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/12/31 07:08:24 | 000,714,654 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\mpuxkbdf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2009/03/18 13:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\pci27uoa.Free\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2014/02/15 01:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/15 01:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 01:33:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2014/03/05 16:19:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DAPBHO Class) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll ()
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Anonymizer Proxy) - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConceal Anonymizer\ProxyNew.dll (Anonymizer Software)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

 

O3 - HKLM\..\Toolbar: (no name) - {1a4ee09d-2bc1-452e-9049-63c6bd3ceb43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAP Bar) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\Delay.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe ()
O4 - HKU\S-1-5-21-823518204-1482476501-682003330-1003..\Run: [Bandwidth Monitor Pro] C:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (Pro²soft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-1482476501-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add Text - C:\Program Files\Tumbywood Software\Text2Go\AddTextContextMenu.htm ()
O8 - Extra context menu item: Check Text - C:\Program Files\Tumbywood Software\Text2Go\CheckSelectedContextMenu.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm File not found
O8 - Extra context menu item: Speak - C:\Program Files\Tumbywood Software\Text2Go\SpeakSelectedContextMenu.htm ()
O8 - Extra context menu item: Text2Go - C:\Program Files\Tumbywood Software\Text2Go\Text2GoContextMenu.htm ()
O8 - Extra context menu item: Use as Text2Go Artwork - C:\Program Files\Tumbywood Software\Text2Go\AddArtworkContextMenu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O12 - Plugin for: .nsf - Reg Error: Value error. File not found
O12 - Plugin for: .spc - Reg Error: Value error. File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0012-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.2.0/jinstall-1_2_0-windows-i586.cab (Java Plug-in 1.2.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10F11122-BC2D-48D6-88AC-7FC411E1D158}: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADFBFD1-CCF2-4519-A80E-9B90C0099C31}: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEB9ABED-5521-4131-8C78-5B5E4C59C174}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/07 15:04:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/02/21 04:17:04 | 000,000,000 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011/09/13 06:27:50 | 000,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (??)
O34 - HKLM BootExecute: (UDBDef C:\Program Files\DiskTrix\UltimateDefrag\UDBootCfg.xml)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 14:20:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2014/03/07 14:05:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/07 13:53:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/03/05 16:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/03/05 15:36:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/03/05 15:31:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/05 15:31:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/05 15:31:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/05 15:30:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/05 15:29:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/03/05 14:03:49 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Admin\Desktop\rkill.exe
[2014/03/03 13:50:34 | 005,187,267 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2014/03/02 09:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\FRST-OlderVersion
[2014/02/27 11:04:45 | 034,827,424 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetupFull.exe
[2014/02/27 11:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2014/02/27 11:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/02/27 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2014/02/27 11:00:46 | 001,183,600 | ---- | C] (Yuna Software) -- C:\Documents and Settings\Admin\Desktop\Setup-PlusForSkype-3.0_FF.exe
[2014/02/27 06:36:34 | 000,000,000 | ---D | C] -- C:\VTRoot
[2014/02/27 06:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2014/02/27 06:27:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2014/02/27 06:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2014/02/27 06:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2014/02/27 06:24:09 | 000,000,000 | ---D | C] -- C:\first_launch
[2014/02/27 06:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2014/02/27 05:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/02/27 05:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Avira
[2014/02/27 05:16:33 | 000,509,872 | ---- | C] (Ask Partner Network) -- C:\Documents and Settings\Admin\My Documents\APNSetup.exe
[2014/02/27 05:15:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2014/02/27 05:15:21 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/02/27 05:15:21 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/02/27 05:15:21 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/02/27 05:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2014/02/26 05:21:18 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/26 05:15:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/26 05:04:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/26 04:23:58 | 001,145,344 | ---- | C] (Farbar) -- C:\Documents and Settings\Admin\Desktop\FRST.exe
[2014/02/26 04:23:42 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\Admin\Desktop\JRT.exe
[2014/02/25 07:23:46 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/25 07:23:00 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/25 07:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\mwb antirootkit
[2014/02/25 07:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2014/02/25 07:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Pro
[2014/02/25 07:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Pro
[2014/02/25 07:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2014/02/25 05:49:39 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Admin\Desktop\mbar-1.07.0.1009.exe
[2014/02/25 05:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\RK_Quarantine
[2014/02/24 10:03:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2014/02/24 09:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2014/02/24 09:09:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/24 09:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/24 09:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/24 09:06:34 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/24 08:25:22 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2014/02/24 08:25:20 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2014/02/24 08:24:44 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2014/02/24 08:24:42 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2014/02/24 08:24:01 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2014/02/24 08:23:58 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2014/02/24 08:23:49 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2014/02/24 08:23:26 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2014/02/24 08:23:05 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2014/02/24 08:23:00 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2014/02/24 08:22:57 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2014/02/24 08:22:54 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2014/02/24 08:22:51 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2014/02/24 08:22:48 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2014/02/24 08:22:45 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2014/02/24 08:22:34 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2014/02/24 08:22:25 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2014/02/24 08:22:23 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2014/02/24 08:22:21 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2014/02/24 08:22:11 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2014/02/24 08:21:46 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2014/02/24 08:21:36 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2014/02/24 08:21:34 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2014/02/24 08:21:16 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2014/02/24 08:21:14 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2014/02/24 08:21:12 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2014/02/24 08:21:10 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2014/02/24 08:21:08 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2014/02/24 08:21:06 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2014/02/24 08:20:39 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2014/02/24 08:20:35 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2014/02/24 08:20:33 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2014/02/24 08:20:31 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2014/02/24 08:20:21 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2014/02/24 08:20:19 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2014/02/24 08:20:07 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2014/02/24 08:20:05 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2014/02/24 08:19:30 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2014/02/24 08:19:29 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2014/02/24 08:19:27 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2014/02/24 08:19:19 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2014/02/24 08:19:07 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2014/02/24 08:18:52 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2014/02/24 08:18:21 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2014/02/24 08:18:19 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2014/02/24 08:18:16 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2014/02/24 08:18:15 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2014/02/24 08:18:11 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2014/02/24 08:17:50 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2014/02/24 08:17:48 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2014/02/24 08:17:46 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2014/02/24 08:17:41 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2014/02/24 08:17:19 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2014/02/24 08:17:18 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2014/02/24 08:17:16 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2014/02/24 08:17:14 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2014/02/24 08:16:38 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2014/02/24 08:16:33 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2014/02/24 08:16:31 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2014/02/24 08:16:22 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2014/02/24 08:16:20 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2014/02/24 08:16:19 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2014/02/24 08:16:17 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2014/02/24 08:16:15 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2014/02/24 08:16:13 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2014/02/24 08:16:11 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2014/02/24 08:16:10 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2014/02/24 08:16:07 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2014/02/24 08:16:00 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2014/02/24 08:15:58 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2014/02/24 08:15:57 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2014/02/24 08:15:57 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2014/02/24 08:15:32 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2014/02/24 08:15:13 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2014/02/24 08:15:08 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2014/02/24 08:15:03 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2014/02/24 08:14:25 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2014/02/24 08:14:22 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2014/02/24 08:14:04 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2014/02/24 08:14:02 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2014/02/24 08:14:00 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2014/02/24 08:13:53 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2014/02/24 08:13:21 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2014/02/24 08:13:15 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2014/02/24 08:13:15 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2014/02/24 08:13:13 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2014/02/24 08:12:50 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2014/02/24 08:12:48 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2014/02/24 08:12:47 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2014/02/24 08:12:45 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2014/02/24 08:12:25 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2014/02/24 08:12:14 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2014/02/24 08:12:13 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2014/02/24 08:12:10 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2014/02/24 08:12:02 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2014/02/24 08:12:00 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2014/02/24 08:11:54 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2014/02/24 08:11:52 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2014/02/24 08:11:51 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2014/02/24 08:11:49 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2014/02/24 08:11:47 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2014/02/24 08:11:46 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2014/02/24 08:11:40 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2014/02/24 08:11:39 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2014/02/24 08:11:37 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2014/02/24 08:11:36 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2014/02/24 08:11:34 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2014/02/24 08:10:50 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2014/02/24 08:10:23 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2014/02/24 08:10:08 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2014/02/24 08:10:06 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2014/02/24 08:10:05 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2014/02/24 08:10:04 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2014/02/24 08:10:03 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2014/02/24 08:10:02 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2014/02/24 08:09:55 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2014/02/24 08:09:54 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2014/02/24 08:09:52 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2014/02/24 08:09:51 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2014/02/24 08:09:48 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2014/02/24 08:09:46 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2014/02/24 08:09:07 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2014/02/24 08:08:36 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2014/02/24 08:07:35 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2014/02/24 08:07:30 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2014/02/24 08:07:11 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2014/02/24 08:07:10 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2014/02/24 08:07:09 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2014/02/24 08:07:01 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2014/02/24 08:06:53 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2014/02/24 08:06:52 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2014/02/24 08:06:49 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2014/02/24 08:06:48 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2014/02/24 08:06:47 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2014/02/24 08:06:46 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2014/02/24 08:06:35 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2014/02/24 08:06:33 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2014/02/24 08:06:32 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2014/02/24 08:05:36 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2014/02/24 08:05:28 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2014/02/24 08:05:19 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2014/02/24 08:05:18 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2014/02/24 08:05:17 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2014/02/24 08:05:15 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2014/02/24 08:05:14 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2014/02/24 08:05:14 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2014/02/24 08:05:13 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2014/02/24 08:05:11 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2014/02/24 08:04:58 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2014/02/24 08:04:57 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2014/02/24 08:04:55 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2014/02/24 08:04:38 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2014/02/24 08:04:37 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2014/02/24 08:04:37 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2014/02/24 08:04:36 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2014/02/24 08:04:35 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2014/02/24 08:04:35 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2014/02/24 08:04:34 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2014/02/24 08:04:33 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2014/02/24 08:04:25 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2014/02/24 08:04:09 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2014/02/24 08:04:03 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2014/02/24 08:03:58 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2014/02/24 08:03:57 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2014/02/24 08:03:57 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2014/02/24 08:03:57 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2014/02/24 08:03:56 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2014/02/24 08:03:55 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2014/02/24 08:03:54 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2014/02/24 08:03:54 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2014/02/24 08:03:53 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2014/02/24 08:03:52 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2014/02/24 08:03:51 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2014/02/24 08:03:30 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2014/02/24 08:03:29 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2014/02/24 08:03:29 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2014/02/24 08:03:29 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2014/02/24 08:03:29 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2014/02/24 08:03:28 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2014/02/24 08:03:28 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2014/02/24 08:03:28 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2014/02/24 08:03:26 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2014/02/24 08:03:26 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2014/02/24 08:03:26 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2014/02/24 08:03:25 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2014/02/24 08:03:24 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2014/02/24 08:03:24 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2014/02/24 08:03:24 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2014/02/24 08:03:24 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2014/02/24 08:03:23 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2014/02/24 08:03:23 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2014/02/24 08:03:20 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2014/02/24 08:03:18 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2014/02/24 08:03:18 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2014/02/24 08:03:17 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2014/02/24 08:03:17 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2014/02/24 08:03:16 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2014/02/24 08:03:16 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2014/02/24 08:03:16 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2014/02/24 08:02:49 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2014/02/24 08:02:44 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2014/02/24 08:02:24 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2014/02/24 08:02:24 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2014/02/24 08:02:23 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2014/02/24 08:02:23 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2014/02/24 08:02:23 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2014/02/24 08:02:21 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2014/02/24 08:02:19 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2014/02/24 08:02:18 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2014/02/24 08:02:18 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2014/02/24 08:02:18 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2014/02/24 07:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BurnInTest
[2014/02/24 07:18:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\temp
[2014/02/24 07:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\BurnInTest
[2014/02/24 07:15:08 | 009,288,008 | ---- | C] (Passmark Software ) -- C:\Documents and Settings\Admin\Desktop\bitpro.exe
[2014/02/24 06:53:21 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe

 

[2014/02/23 10:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Skype
[2014/02/23 10:21:28 | 001,678,496 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[2014/02/23 07:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/02/23 07:16:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2014/02/23 07:16:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2014/02/23 07:16:52 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2014/02/23 07:15:39 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2014/02/23 07:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2014/02/22 13:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UltraISO
[2014/02/22 13:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2014/02/22 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2014/02/22 13:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\My ISO Files
[2014/02/22 02:42:36 | 000,000,000 | ---D | C] -- C:\I386
[2014/02/21 14:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\EurekaLog
[2014/02/21 08:39:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/02/19 11:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\X-Chat 2
[2014/02/19 11:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\xchat
[2014/02/15 01:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/12 14:06:00 | 000,532,549 | ---- | C] (www.cozli.com) -- C:\Documents and Settings\Admin\Desktop\WBICreator.exe
[2014/02/11 13:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\IVONA
[2014/02/11 13:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IVONA
[2014/02/11 12:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\dspeech
[2014/02/09 13:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Tumbywood Software
[2014/02/09 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Tumbywood_Software
[2014/02/09 13:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tumbywood Software
[2014/02/09 13:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tumbywood Software
[2014/02/08 16:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Resource Hacker
[2014/02/08 16:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Hacker
[2014/02/07 20:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/02/07 20:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/25 05:33:59 | 000,207,664 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Admin\psshutdown.exe
[2012/07/28 19:37:09 | 000,016,384 | ---- | C] (Olof Lagerkvist) -- C:\Documents and Settings\Admin\rawcopy.exe
[2010/03/13 23:21:54 | 000,868,352 | ---- | C] (Nero AG) -- C:\Documents and Settings\Admin\neroAacEnc.exe
[2008/06/11 02:09:37 | 000,640,512 | ---- | C] (http://lame.sf.net) -- C:\Documents and Settings\Admin\lame.exe
[2008/06/11 02:09:35 | 000,397,312 | ---- | C] (Nero AG) -- C:\Documents and Settings\Admin\neroAacDec.exe
[2008/06/11 02:09:32 | 000,259,584 | ---- | C] (Nero AG) -- C:\Documents and Settings\Admin\neroAacTag.exe
[2002/11/24 23:00:00 | 000,229,376 | ---- | C] (Befis) -- C:\Documents and Settings\Admin\npnez.dll
[38 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 15:21:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/07 15:08:54 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2014/03/07 15:02:11 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/07 15:02:08 | 3722,498,048 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 15:01:26 | 000,015,864 | ---- | M] () -- C:\00007E00-E82B1ABA
[2014/03/07 15:01:26 | 000,012,288 | ---- | M] () -- C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
[2014/03/07 14:46:06 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2014/03/07 14:21:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2014/03/07 14:17:48 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/07 13:58:08 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Your Scanner.url
[2014/03/07 13:58:07 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Online Games.url
[2014/03/06 14:29:39 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/06 11:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/05 19:16:48 | 000,000,446 | RHS- | M] () -- C:\boot.ini
[2014/03/05 16:39:08 | 000,000,121 | ---- | M] () -- C:\WINDOWS\Winchat.ini
[2014/03/05 16:19:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/05 15:28:19 | 005,187,267 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2014/03/05 14:13:06 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Admin\Desktop\rkill.exe
[2014/03/02 11:39:11 | 029,199,203 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\psychology-a-new-kind-of-sigdev.pdf
[2014/03/02 09:16:49 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2014/03/02 09:16:44 | 000,000,330 | ---- | M] () -- C:\Boot.bak
[2014/03/02 09:04:22 | 001,145,344 | ---- | M] (Farbar) -- C:\Documents and Settings\Admin\Desktop\FRST.exe
[2014/03/02 08:15:25 | 000,618,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/02 08:15:25 | 000,109,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/02 08:12:31 | 000,024,721 | ---- | M] () -- C:\Documents and Settings\Admin\secedit.INTEG.RAW
[2014/02/28 20:27:56 | 000,087,616 | ---- | M] (Systems Internals) -- C:\WINDOWS\PSSDNSVC.EXE
[2014/02/28 20:27:36 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\Admin\coutndown hibernate.bat
[2014/02/27 14:50:15 | 000,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/27 11:05:55 | 034,827,424 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetupFull.exe
[2014/02/27 11:04:20 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/02/27 11:01:00 | 001,183,600 | ---- | M] (Yuna Software) -- C:\Documents and Settings\Admin\Desktop\Setup-PlusForSkype-3.0_FF.exe
[2014/02/27 07:03:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/02/27 06:36:34 | 000,002,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2014/02/27 06:28:32 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2014/02/27 05:35:43 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/02/27 05:35:43 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/02/27 05:30:44 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/02/27 05:16:33 | 000,509,872 | ---- | M] (Ask Partner Network) -- C:\Documents and Settings\Admin\My Documents\APNSetup.exe
[2014/02/26 06:24:26 | 000,053,825 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\logs.zip
[2014/02/26 04:23:44 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\Admin\Desktop\JRT.exe
[2014/02/25 08:16:11 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/25 08:15:49 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/25 07:11:32 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2014/02/25 05:49:54 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Admin\Desktop\mbar-1.07.0.1009.exe
[2014/02/25 05:48:27 | 003,818,496 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2014/02/24 10:03:54 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2014/02/24 09:09:01 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/24 09:06:42 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/24 07:18:19 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\BurnInTest.lnk
[2014/02/24 07:15:20 | 009,288,008 | ---- | M] (Passmark Software ) -- C:\Documents and Settings\Admin\Desktop\bitpro.exe
[2014/02/24 04:36:32 | 000,121,069 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\memtest86+-5.01.usb.installer.zip
[2014/02/23 11:36:36 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2014/02/23 11:19:57 | 000,032,256 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2014/02/23 10:59:01 | 003,617,211 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Skype application data backup.rar
[2014/02/23 10:21:34 | 001,678,496 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Admin\Desktop\SkypeSetup.exe
[2014/02/23 08:30:42 | 000,027,727 | ---- | M] () -- C:\appwiz to install.PNG
[2014/02/23 07:23:26 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/23 07:18:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2014/02/23 07:14:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2014/02/23 07:13:36 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2014/02/23 07:10:58 | 000,024,252 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2014/02/23 07:01:35 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2014/02/23 07:01:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2014/02/23 06:59:56 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2014/02/23 06:01:16 | 000,480,337 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2014/02/23 05:36:19 | 000,055,897 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\memtest86+-5.01.zip
[2014/02/22 04:30:00 | 000,580,118 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\msvcr100d.zip
[2014/02/22 04:25:02 | 003,665,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/02/21 10:06:27 | 000,012,288 | ---- | M] () -- C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
[2014/02/21 10:06:27 | 000,004,096 | ---- | M] () -- C:\00007E00-E82B1ABA_Backup
[2014/02/21 09:23:03 | 002,006,047 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2014/02/21 06:38:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2014/02/21 06:38:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2014/02/21 05:36:01 | 000,003,814 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[38 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/07 14:46:06 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2014/03/07 13:58:19 | 000,960,530 | ---- | C] () -- C:\WINDOWS\System32\x264.exe
[2014/03/07 13:58:14 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\1964.lnk
[2014/03/07 13:58:08 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Your Scanner.url
[2014/03/07 13:58:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Online Games.url
[2014/03/05 16:39:08 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2014/03/05 15:36:26 | 000,000,330 | ---- | C] () -- C:\Boot.bak
[2014/03/05 15:36:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/03/05 15:31:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/05 15:31:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/05 15:31:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/05 15:31:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/05 15:31:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/02 11:38:34 | 029,199,203 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\psychology-a-new-kind-of-sigdev.pdf
[2014/03/02 09:19:05 | 3722,498,048 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/02 08:14:36 | 000,002,036 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2014/03/02 08:11:33 | 000,024,721 | ---- | C] () -- C:\Documents and Settings\Admin\secedit.INTEG.RAW
[2014/02/27 14:49:27 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2014/02/27 14:49:25 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Outlook Express.lnk
[2014/02/27 14:49:23 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Windows Media Player.lnk
[2014/02/27 11:04:20 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/02/27 06:36:34 | 000,002,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2014/02/27 06:35:40 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2014/02/27 06:33:15 | 000,399,782 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/02/27 06:28:32 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2014/02/27 05:15:52 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/02/26 06:24:21 | 000,053,825 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\logs.zip
[2014/02/25 07:11:32 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2014/02/25 05:48:23 | 003,818,496 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2014/02/24 09:09:01 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/24 08:25:19 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2014/02/24 08:25:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2014/02/24 08:13:57 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2014/02/24 08:13:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2014/02/24 08:11:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2014/02/24 08:07:33 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2014/02/24 08:07:31 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2014/02/24 08:07:28 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2014/02/24 08:07:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2014/02/24 08:07:23 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2014/02/24 08:05:17 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2014/02/24 08:05:16 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2014/02/24 08:05:15 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2014/02/24 08:03:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2014/02/24 08:03:05 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2014/02/24 08:03:05 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2014/02/24 08:03:04 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2014/02/24 08:03:03 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2014/02/24 08:03:03 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2014/02/24 08:03:03 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2014/02/24 08:03:03 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2014/02/24 08:03:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2014/02/24 08:02:57 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2014/02/24 07:51:17 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2014/02/24 07:51:16 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2014/02/24 07:51:15 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2014/02/24 07:51:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2014/02/24 07:51:13 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2014/02/24 07:51:12 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2014/02/24 07:51:11 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2014/02/24 07:51:10 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2014/02/24 07:51:09 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2014/02/24 07:51:08 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2014/02/24 07:51:07 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2014/02/23 07:23:26 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/23 07:23:25 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Internet Explorer.lnk
[2014/02/23 07:16:13 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2014/02/23 07:15:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2014/02/23 07:15:41 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2014/02/23 06:52:15 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2014/02/23 06:52:15 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2014/02/23 06:52:15 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2014/02/23 06:52:14 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2014/02/23 06:52:14 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2014/02/23 06:52:14 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2014/02/23 06:52:14 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2014/02/23 06:52:14 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2014/02/23 06:52:14 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2014/02/23 06:52:14 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2014/02/23 06:52:14 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2014/02/23 06:52:14 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2014/02/23 06:52:14 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2014/02/23 06:52:14 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2014/02/23 06:52:14 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2014/02/23 06:52:14 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2014/02/23 06:52:13 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2014/02/23 06:52:13 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2014/02/03 08:53:29 | 000,031,610 | ---- | C] () -- C:\Documents and Settings\Admin\.recently-used.xbel
[2013/12/10 14:27:46 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\cedocida.dll
[2013/12/10 14:27:46 | 000,123,392 | ---- | C] () -- C:\WINDOWS\cedocida.dll
[2013/10/29 16:25:16 | 000,000,134 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2013/10/27 13:27:05 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/10/27 13:27:04 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/10/27 13:27:04 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/10/27 13:27:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/10/19 01:57:57 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\MPQEditor.ini
[2013/10/14 20:57:04 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Adobe BMP Format CS6 Prefs
[2013/10/12 13:16:12 | 002,498,216 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2013/10/12 13:16:12 | 000,087,112 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2013/10/12 13:16:12 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2013/10/12 13:16:12 | 000,013,896 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2013/10/12 13:16:12 | 000,009,160 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2013/10/06 22:17:38 | 000,014,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\hmd.sys
[2013/09/26 21:36:46 | 000,001,573 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2013/08/25 05:31:31 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Admin\coutndown hibernate.bat
[2013/08/14 18:00:48 | 000,200,781 | ---- | C] () -- C:\Documents and Settings\Admin\bmplogsadd.exe
[2013/06/24 22:42:41 | 000,000,334 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2013/05/06 19:43:29 | 020,106,240 | ---- | C] () -- C:\Documents and Settings\Admin\ffmpeg.exe
[2013/04/23 02:47:07 | 000,021,198 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\recently-used.xbel
[2013/04/21 00:35:09 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Adobe PNG Format CS6 Prefs
[2013/04/01 15:35:34 | 000,354,304 | ---- | C] () -- C:\Documents and Settings\Admin\opusenc.exe
[2013/04/01 15:35:34 | 000,334,336 | ---- | C] () -- C:\Documents and Settings\Admin\opusdec.exe
[2013/03/09 17:06:55 | 000,068,419 | ---- | C] () -- C:\WINDOWS\System32\x264vfw-uninstall.exe
[2013/03/08 18:49:50 | 000,001,058 | RHS- | C] () -- C:\Documents and Settings\Admin\ntuser.pol
[2013/03/08 18:41:07 | 000,000,638 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/09/16 11:54:25 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2012/09/16 11:54:23 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2012/09/16 11:54:23 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2012/09/16 11:47:23 | 000,037,268 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2012/09/16 11:43:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012/09/01 21:51:14 | 001,627,136 | ---- | C] () -- C:\WINDOWS\fftw3.dll
[2012/08/19 16:06:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2012/08/15 10:09:48 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\DVDSubEdit.ini
[2012/08/11 16:58:02 | 000,098,696 | ---- | C] () -- C:\WINDOWS\System32\setupprwdrv03.exe
[2012/08/11 16:58:02 | 000,013,064 | ---- | C] () -- C:\WINDOWS\System32\prwntdrv.sys
[2012/08/11 14:21:45 | 000,001,763 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2012/08/06 12:29:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\xxconsole.ini
[2012/08/01 21:01:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bg3rfatodcxeisnxmrgk07sy.ini
[2012/08/01 20:58:09 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/08/01 19:45:04 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012/08/01 19:29:58 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/08/01 19:29:58 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/08/01 19:29:58 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/08/01 19:29:39 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/30 17:58:13 | 000,011,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2012/07/30 17:57:36 | 000,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2012/07/30 17:57:35 | 004,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2006/07/28 20:23:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\.gtk-bookmarks
[2005/08/31 12:25:58 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/07 17:37:15 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\FASTWiz.html
[2005/04/07 17:22:14 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\FASTApp.html

========== ZeroAccess Check ==========

[2012/08/08 18:29:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/14 05:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/10 12:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ableton
[2006/08/04 07:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Aim
[2008/05/29 02:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AQUATRA
[2008/02/05 16:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Auslogics
[2013/12/29 07:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\avidemux
[2013/12/25 02:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Azureus
[2012/08/11 17:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\blekkotb_019
[2014/02/02 15:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CloneSpy
[2014/02/25 07:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Pro
[2005/12/28 09:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\EFSoftware
[2012/08/09 16:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ElevatedDiagnostics
[2012/10/13 18:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\EssentialPIM
[2007/11/30 00:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ethereal
[2014/02/21 14:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\EurekaLog
[2012/08/07 22:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FileZilla
[2012/08/13 20:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FLV Extract
[2006/08/11 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FreeCap
[2012/09/19 18:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRight
[2012/08/06 16:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GlarySoft
[2014/02/03 08:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\gtk-2.0
[2012/08/06 16:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HandBrake
[2006/03/22 08:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Hermetic Systems
[2012/08/06 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ImgBurn
[2007/11/08 21:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\iolo
[2012/08/09 18:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\JAM Software
[2012/08/16 19:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\JGsoft
[2013/12/21 03:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\JP Software
[2012/08/09 01:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Laconic Software
[2005/12/28 09:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\license manager eq
[2012/09/08 19:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Locktime
[2012/08/09 17:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\mkvtoolnix
[2013/10/27 13:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MPC-HC
[2012/10/14 17:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MultiPar
[2007/12/26 18:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2008/01/15 15:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PGP Corporation
[2012/12/27 15:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PowerISO
[2013/04/08 14:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PPStream
[2008/02/18 12:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Printer Info Cache
[2013/08/26 18:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ProcessLasso
[2012/08/06 19:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Publish Providers
[2013/06/24 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ScummVM
[2012/08/13 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Seven Zip
[2008/07/25 02:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sony
[2007/11/14 17:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Subversion
[2012/08/24 18:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SupRip
[2013/11/14 13:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SynthFont
[2008/01/10 14:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Teleca
[2008/09/08 17:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Thunderbird
[2014/02/04 11:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TrueCrypt
[2014/02/09 13:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Tumbywood Software
[2013/10/22 02:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Usenet.nl
[2013/08/24 01:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\WebMon
[2014/02/21 02:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\X-Chat 2
[2012/09/14 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\xsecva
[2012/08/28 18:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XYplorer
[2014/02/04 15:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2013/08/15 02:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASUS OC Profiles
[2012/12/24 19:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2013/12/21 03:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2014/02/25 07:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2013/09/25 19:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/06/12 14:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2012/09/19 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2007/11/08 21:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/09/08 19:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2012/10/29 10:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/06/18 15:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2014/02/24 07:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2012/08/08 16:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/12/21 03:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.2002-09.com.jpsoft
[2014/02/27 06:28:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2008/01/10 14:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2014/02/04 15:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/02/09 13:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tumbywood Software
[2014/02/24 09:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2007/11/08 21:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\Admin\DJ Shog - Stranger on this planet (Vocal Mix).mp4:SummaryInformation
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C57BFC0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

 

All processes killed
========== OTL ==========
Service aswUpdSv stopped successfully!
Service aswUpdSv deleted successfully!
File C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe not found.
Service winachsf stopped successfully!
Service winachsf deleted successfully!
File system32\DRIVERS\HSF_CNXT.sys not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service V124 stopped successfully!
Service V124 deleted successfully!
File system32\DRIVERS\v124nt.sys not found.
Service Tones stopped successfully!
Service Tones deleted successfully!
File system32\DRIVERS\tonesnt.sys not found.
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
File E:\NTGLM7X.sys not found.
Service sdd stopped successfully!
Service sdd deleted successfully!
File system32\DRIVERS\sddmini.sys not found.
Service rtl8139 stopped successfully!
Service rtl8139 deleted successfully!
File system32\DRIVERS\RTL8139.SYS not found.
Service Rksample stopped successfully!
Service Rksample deleted successfully!
File system32\DRIVERS\rksample.sys not found.
Service PID_PEPI stopped successfully!
Service PID_PEPI deleted successfully!
File system32\DRIVERS\LV302V32.SYS not found.
Service PID_0928 stopped successfully!
Service PID_0928 deleted successfully!
File system32\DRIVERS\LV561AV.SYS not found.
Service pepifilter stopped successfully!
Service pepifilter deleted successfully!
File system32\DRIVERS\lv302af.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
File E:\NTACCESS.sys not found.
Service mcdbus stopped successfully!
Service mcdbus deleted successfully!
File system32\DRIVERS\mcdbus.sys not found.
Service LVUSBSta stopped successfully!
Service LVUSBSta deleted successfully!
File system32\drivers\LVUSBSta.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service K56 stopped successfully!
Service K56 deleted successfully!
File system32\DRIVERS\k56nt.sys not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File E:\INSTALL\GMSIPCI.SYS not found.
Service Fsks stopped successfully!
Service Fsks deleted successfully!
File system32\DRIVERS\fsksnt.sys not found.
Service Fallback stopped successfully!
Service Fallback deleted successfully!
File system32\DRIVERS\fallback.sys not found.
Service Cnxtdiag stopped successfully!
Service Cnxtdiag deleted successfully!
File system32\DRIVERS\cnxtdiag.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys not found.
Service basic2 stopped successfully!
Service basic2 deleted successfully!
File system32\DRIVERS\basic2.sys not found.
Service ALSysIO stopped successfully!
Service ALSysIO deleted successfully!
File C:\DOCUME~1\Admin\LOCALS~1\Temp\ALSysIO.sys not found.
Error: No service named abg5txft was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abg5txft deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1a4ee09d-2bc1-452e-9049-63c6bd3ceb43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a4ee09d-2bc1-452e-9049-63c6bd3ceb43}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{1a4ee09d-2bc1-452e-9049-63c6bd3ceb43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.nsf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spc\ deleted successfully.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A deleted successfully.
ADS C:\Documents and Settings\Admin\DJ Shog - Stranger on this planet (Vocal Mix).mp4:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C57BFC0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 3993015 bytes
->Temporary Internet Files folder emptied: 3214276 bytes
->Java cache emptied: 14483119 bytes
->FireFox cache emptied: 729564413 bytes
->Flash cache emptied: 1517003 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4636806 bytes
->FireFox cache emptied: 1898137 bytes
->Flash cache emptied: 2390 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: UpdatusUser.XP1

User: Admin

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 25644494 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 806314 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 749.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: UpdatusUser

User: UpdatusUser.XP1

User: Admin

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: UpdatusUser

User: UpdatusUser.XP1

User: Admin

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03092014_194115

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.80
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CloneSpy 3.1
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 3
Java version out of Date!
Adobe Flash Player 12.0.0.70
Adobe Reader 6 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
iolo System Mechanic Professional 6 IoloSGCtrl.exe
iolo System Mechanic Professional 6 SystemGuardAlerter.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 25-02-2014
Ran by Admin (administrator) on 09-03-2014 at 20:01:14
Running from "C:\Documents and Settings\Admin\Desktop "
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
cmdHlp(268435459) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) VBoxNetFlt(8) VPCNetS2(9)
0x0B0000000500000001000000020000000300000004000000030000100000001007000000080000000600000009000000
IpSec Tag value is correct.

**** End of log ****


I'm not sure if I'm cool with doing that ESET online scanner thing. I don't like the idea of a site having the complete database of all my personal stuff that they're gonna scan for viruses. I do have a lot of false positives that are game hacks, loaders etc.

Can I scan with an offline AV like Avira which I already have?

 

Automatic Scan: completed 2 minutes ago (events: 12013, objects: 11816, time: 00:11:49)

Nothing was found during the scan.

 

I strongly object to upgrading Adobe and Java because Adobe is very bloated in later versions. This version that I have is slow as it is but lightning fast compared to the modern ones.

And I must keep Java 6 because an important application I use frequently malfunctions with Java 7. I used to have Java 7 installed and had to downgrade because of the frequent problems and I didn't know it until someone advised me of this.

I couldn't find anything that starts with "background" in services.msc