Solved I can't connect to the internet except in safe mode.

[tizapaine]

When back in normal mode nothing happened IE still wont open.

 

[Broni]

Don't change any settings and post fresh FSS log.

 

[tizapaine]

Farbar Service Scanner Version: 08-01-2014
Ran by Administrator (administrator) on 03-02-2014 at 16:23:39
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(15) cmdHlp(19) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x1A0000000500000001000000020000000300000004000000130000000B00000008000000090000000A00000006000000070000000C0000000D0000000E0000000F0000001000000011000000120000001400000015000000160000001700000018000000190000001A000000
IpSec Tag value is correct.
**** End of log ****

 

[tizapaine]

Well I don't seem to be getting anywhere,
Windows is telling me to activate this copy, but how ?.For me it is getting very frustating, it must be the same for you also, seeing we can't connect to internet.
You still with me Broni,

Ed.

 

[Broni]

• Please download comintrep.zip and save it to your desktop[/*]
• Unzip downloaded file. It'll create cintrepair folder. Inside that folder you'll find CIntRep.exe file[/*]
• Double click on CIntRep.exe to run the tool[/*]
• Place a checkmark next to the following entries:[/*]

• Reset Internet Protocol (TCP/IP)[/*]
• Repair Winsock (Reset Catalog)[/*]
• Renew Internet Connections[/*]
• Flush DNS Resolver Cache[/*]
• Repair Internet Explorer xxxx[/*]
• Clear Windows Update History[/*]
• Repair Windows / Automatic Updates[/*]
• Repair SSL / HTTPS / Cryptography[/*]
• Reset Windows Firewall Configuration[/*]
• Restore the default hosts file[/*]
• Repair Workgroup Computers view[/*]

• Click Go![/*]
• Ignore any error messages for now[/*]
• Click OK to reboot your computer[/*]
• Check your internet access[/*]

 

[tizapaine]

OK done that, nothing changed. still cannot connect in normal mode, even though I'm told that I'm connected to lan.
I have 1 day left to activate windows.

 

[Broni]

Which AV program did you uninstall, MSE or AVG?

 

[tizapaine]

It was AVG.

 

[tizapaine]

What happens if I don't activate windows as this is the last day to do so, where do we go to now ?.
I'm not that tech.savie , I just cannot understand why if my computer says I'm connect to internet why does it not open in normal mode but will do so in safe mode.

 

[Broni]

Did you use AVG Remover to uninstall AVG?

Something is blocking your browser in normal mode.

Follow post #2 from here: http://social.microsoft.com/Forums/...date-windows-xp-online?forum=genuinewindowsxp to see if you can validate your Windows.

 

[tizapaine]

Well I'm stuffed at the moment, Microsoft wont let me log on until I activate my copy of windows, I will try and ring Microsoft tomorrow.
I can't even use safe mode.
AVG was removed by its own uninstall program.
There is nothing I can do until I activate windows I think.

 

[Broni]

Let me know how it went.

 

[tizapaine]

Windows has been activated.
Ran ( cintrepair ), and nothing has changed still cannot connect normally.
internet speed on task bar is saying 1.0 Gbps.

Still able to use safe mode.

I did a scan with malwarebyte and noticed wording for, AVG,, Mcfee,, Norman. but I think they could be left overs because I though they were deleted.

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

• Link 1
• Link 2

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[tizapaine]

RogueKiller V8.8.5 [Feb 3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 02/06/2014 17:34:55
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST3500413AS +++++
--- User ---
[MBR] 6f72c4674917b37541b8231aa2eeca9d
[BSP] 2cb650027b0d6ab85024e78affd212be : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_02062014_173455.txt >>
RKreport[0]_S_02062014_173317.txt

 

[tizapaine]

I'm having trouble with MBAR, when I first ran the scan yesterday It went for about 3 hours and got stuck in one spot, so last night I tried again and let it run over niight ,
this morning it is stuck in the same spot, :::::.
------ETTINGS\TEMP\MpCmdRUN-D-20FFC3D1-F96A-40f1-81FD-EA9C5847B465.LOCK.
I ran this in normal mode, thats right ya.
Gee I must really have something bad in my computer.

 

[Broni]

Re-run FRST.
Make sure you put a checkmark in Addition.txt box so two logs are created.

 

[tizapaine]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2014
Ran by Administrator (administrator) on VERITON-65D9F13 on 07-02-2014 11:08:45
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\WINDOWS\system32\tlntsvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Nero AG) C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
(A4Tech Co.,Ltd.) C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20145368 2013-12-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [PhilipsRemote] - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe [69632 2002-10-24] ()
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [iKeyWorks] - C:\Program Files\A4Tech\Keyboard\Ikeymain.exe [65536 2012-04-04] (A4Tech Co.,Ltd.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-583907252-1801674531-500\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1004336348-583907252-1801674531-500\...\Run: [ISUSPM] - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
SearchScopes: HKCU - DefaultScope {D7CBCAA0-D279-4927-9FB0-756AB5C87445} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {D7CBCAA0-D279-4927-9FB0-756AB5C87445} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {29B27261-6B27-4127-A673-482962FE82EB} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1384231888281
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: FindWide
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\nchen-customized-web-search.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\privitize.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\yahoo_ff.xml
FF Extension: MixiDJ Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\ffxtlbr@mixidj.com [2013-05-05]
FF Extension: PrivDog - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\PrivDog@AdTrustMedia.com [2014-01-25]
FF Extension: NCH EN - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2013-07-22]
FF Extension: Torntv 2 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\torntv2@torntv.com.xpi [2013-06-25]
FF Extension: Torntv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\torntv@torntv.com.xpi [2012-11-17]
FF Extension: Start Page - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-01-25]
FF Extension: Qantas Frequent Flyer Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\{a154b67f-376c-4644-a5d2-bad67c0e5f90}.xpi [2013-07-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2013-08-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://au.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://au.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://au.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=402027&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (PrivDog) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2013-12-09]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-11-25]
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-11-25]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-29]
CHR Extension: (Slick Savings) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-11-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-11-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2013-11-25]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
========================== Services (Whitelisted) =================
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 MaxBackServiceInt; "C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-03-27] (Cisco Systems, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2013-12-03] (Creative)
S3 APL531; C:\WINDOWS\System32\Drivers\OVTX16.sys [154112 2010-10-28] (Omnivision Technologies, Inc.)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.)
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15704 2013-09-24] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [587864 2013-11-14] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30552 2013-09-24] (COMODO)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36608 2011-05-16] (Infineon Technologies AG)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [96216 2013-09-24] (COMODO)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [52312 2014-02-06] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107224 2014-02-06] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2013-12-03] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RTL8187B; C:\WINDOWS\System32\DRIVERS\wg111v3.sys [341504 2009-07-31] (Realtek Semiconductor Corporation )
S0 Soluto; C:\WINDOWS\System32\DRIVERS\Soluto.sys [51144 2012-09-06] (Soluto LTD.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2012-10-02] ()
R2 UacFlt; C:\WINDOWS\System32\DRIVERS\uacbflt.sys [21276 2002-06-14] (Micronas GmbH)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 androidusb; System32\Drivers\androidusb.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S1 MpKsl22239b4c; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46C3CDF-B3DB-478C-9FF7-9CAA426474EC}\MpKsl22239b4c.sys [X]
S3 RTLWUSB; system32\DRIVERS\wg111v2.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 taphss; No ImagePath
U1 WS2IFSL;
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-02-07 11:08 - 2014-02-07 11:09 - 00020544 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-07 11:05 - 2014-02-07 11:05 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-06 17:40 - 2014-02-06 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-06 17:40 - 2014-02-06 21:52 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-06 17:38 - 2014-02-06 17:38 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-06 17:37 - 2014-02-06 21:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar
2014-02-06 17:34 - 2014-02-06 17:34 - 00001317 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport[0]_D_02062014_173455.txt
2014-02-06 17:27 - 2014-02-06 17:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
2014-02-06 17:25 - 2014-02-06 17:21 - 03796480 _____ () C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
2014-02-06 17:23 - 2014-02-06 17:24 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-02-06 17:21 - 2014-02-06 17:21 - 03796480 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
2014-02-06 14:08 - 2014-02-06 14:08 - 00011212 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
2014-02-06 12:20 - 2014-02-07 04:12 - 00104656 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-04 11:32 - 2014-02-04 11:32 - 00000000 ____D () C:\6e13aa418c81916a85273cd99568cb
2014-02-02 14:35 - 2014-02-02 14:35 - 00000000 ____D () C:\19c71df5d9beff9b4b54
2014-01-31 11:15 - 2014-02-07 11:08 - 00000000 ____D () C:\FRST
2014-01-30 16:57 - 2014-01-30 16:57 - 00027934 _____ () C:\Documents and Settings\Administrator\My Documents\attach.txt
2014-01-30 16:57 - 2014-01-30 16:57 - 00015969 _____ () C:\Documents and Settings\Administrator\My Documents\dds.txt
2014-01-29 15:17 - 2014-01-29 15:17 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\thmhtvhy.sys
2014-01-29 15:13 - 2014-01-29 15:13 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\avsxyhfe.sys
2014-01-28 20:52 - 2014-02-07 11:07 - 00000237 _____ () C:\WINDOWS\wiadebug.log
2014-01-28 20:52 - 2014-02-07 11:07 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-01-28 20:52 - 2014-01-28 20:52 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-01-28 20:51 - 2014-02-07 04:12 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-01-28 20:46 - 2014-02-07 11:09 - 01315514 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-27 15:14 - 2014-01-27 15:15 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-27 14:32 - 2014-01-27 14:32 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-01-27 13:21 - 2014-01-27 13:21 - 00000000 ____D () C:\d8e371acf69840d372
2014-01-25 20:36 - 2014-01-25 20:36 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-01-24 21:12 - 2014-01-24 21:12 - 00000000 ____D () C:\1a443f8837eeb4b3b47499
2014-01-24 19:06 - 2014-01-24 19:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-24 16:36 - 2014-01-24 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
2014-01-24 16:35 - 2011-08-01 22:15 - 00008818 _____ () C:\WINDOWS\system32\netathuw.cat
2014-01-24 16:35 - 2011-07-28 19:06 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuw.sys
2014-01-24 16:35 - 2011-07-28 19:06 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\athuw.sys
2014-01-19 20:34 - 2014-01-19 20:34 - 00006686 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
==================== One Month Modified Files and Folders =======
2014-02-07 11:09 - 2014-02-07 11:08 - 00020544 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-07 11:09 - 2014-01-28 20:46 - 01315514 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-07 11:08 - 2014-01-31 11:15 - 00000000 ____D () C:\FRST
2014-02-07 11:08 - 2012-10-04 13:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 11:07 - 2014-01-28 20:52 - 00000237 _____ () C:\WINDOWS\wiadebug.log
2014-02-07 11:07 - 2014-01-28 20:52 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-02-07 11:07 - 2013-11-19 13:03 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-07 11:07 - 2013-05-05 23:36 - 00000290 _____ () C:\WINDOWS\Tasks\Express FilesUpdate.job
2014-02-07 11:07 - 2011-07-21 21:44 - 00000328 ___SH () C:\WINDOWS\Tasks\MNYCCYR.job
2014-02-07 11:07 - 2011-05-16 14:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-07 11:07 - 2003-04-01 01:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-07 11:05 - 2014-02-07 11:05 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-07 11:05 - 2011-05-16 14:40 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-07 04:12 - 2014-02-06 12:20 - 00104656 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-07 04:12 - 2014-01-28 20:51 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-06 21:53 - 2014-02-06 17:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-06 21:52 - 2014-02-06 17:40 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-06 21:52 - 2014-02-06 17:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar
2014-02-06 21:50 - 2011-05-16 14:40 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-06 19:42 - 2013-12-09 19:42 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-02-06 17:38 - 2014-02-06 17:38 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-06 17:35 - 2014-02-06 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
2014-02-06 17:34 - 2014-02-06 17:34 - 00001317 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport[0]_D_02062014_173455.txt
2014-02-06 17:24 - 2014-02-06 17:23 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-02-06 17:21 - 2014-02-06 17:25 - 03796480 _____ () C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
2014-02-06 17:21 - 2014-02-06 17:21 - 03796480 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
2014-02-06 15:33 - 2011-05-17 00:27 - 00000211 ___SH () C:\boot.ini
2014-02-06 15:33 - 2003-04-01 01:00 - 00000685 _____ () C:\WINDOWS\win.ini
2014-02-06 15:33 - 2003-04-01 01:00 - 00000256 _____ () C:\WINDOWS\system.ini
2014-02-06 15:29 - 2011-05-16 14:40 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 14:08 - 2014-02-06 14:08 - 00011212 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
2014-02-06 12:56 - 2011-05-16 15:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-06 12:16 - 2011-05-17 00:31 - 00622558 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-06 11:51 - 2011-05-16 16:07 - 00001374 ____C () C:\WINDOWS\system32\wpa.bak
2014-02-06 11:41 - 2011-05-22 09:22 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-04 11:32 - 2014-02-04 11:32 - 00000000 ____D () C:\6e13aa418c81916a85273cd99568cb
2014-02-03 19:31 - 2011-09-18 21:43 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-02 14:35 - 2014-02-02 14:35 - 00000000 ____D () C:\19c71df5d9beff9b4b54
2014-01-31 20:32 - 2011-05-22 20:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-01-30 16:57 - 2014-01-30 16:57 - 00027934 _____ () C:\Documents and Settings\Administrator\My Documents\attach.txt
2014-01-30 16:57 - 2014-01-30 16:57 - 00015969 _____ () C:\Documents and Settings\Administrator\My Documents\dds.txt
2014-01-30 16:36 - 2011-05-16 16:18 - 00001919 ____C () C:\WINDOWS\epplauncher.mif
2014-01-30 13:40 - 2011-05-17 00:24 - 00000000 ____D () C:\WINDOWS\pchealth
2014-01-29 15:17 - 2014-01-29 15:17 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\thmhtvhy.sys
2014-01-29 15:13 - 2014-01-29 15:13 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\avsxyhfe.sys
2014-01-28 23:01 - 2011-12-15 11:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
2014-01-28 22:54 - 2011-05-16 14:34 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-01-28 20:52 - 2014-01-28 20:52 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-01-27 20:40 - 2013-12-12 17:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-01-27 20:38 - 2013-12-11 18:16 - 00000000 ____D () C:\Recuva
2014-01-27 16:03 - 2011-05-18 21:24 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-01-27 15:19 - 2011-05-17 00:24 - 00000000 ____D () C:\WINDOWS\Help
2014-01-27 15:15 - 2014-01-27 15:14 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-27 15:15 - 2011-05-17 00:24 - 00000000 ____D () C:\WINDOWS\Media
2014-01-27 14:32 - 2014-01-27 14:32 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-01-27 13:21 - 2014-01-27 13:21 - 00000000 ____D () C:\d8e371acf69840d372
2014-01-27 12:56 - 2011-05-16 14:34 - 00000000 ____D () C:\Program Files\Online Services
2014-01-26 20:20 - 2013-04-10 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813170$
2014-01-26 14:24 - 2011-05-16 15:30 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-01-26 14:13 - 2013-12-09 19:34 - 00000000 ___SD () C:\Documents and Settings\All Users\Application Data\Shared Space
2014-01-26 14:13 - 2013-02-05 15:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Ebay Selling
2014-01-25 20:51 - 2011-05-22 12:20 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-25 20:47 - 2012-01-07 21:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-01-25 20:36 - 2014-01-25 20:36 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-01-25 20:36 - 2013-08-21 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-25 10:40 - 2012-09-12 14:46 - 00000456 ____H () C:\WINDOWS\Tasks\Norton Security Scan for Administrator.job
2014-01-24 22:32 - 2013-04-03 08:53 - 00000000 ____D () C:\Program Files\LG Electronics
2014-01-24 21:12 - 2014-01-24 21:12 - 00000000 ____D () C:\1a443f8837eeb4b3b47499
2014-01-24 20:20 - 2011-05-20 15:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-01-24 19:16 - 2013-07-11 12:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-24 19:10 - 2011-05-20 15:34 - 83425928 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-24 19:06 - 2014-01-24 19:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-24 17:10 - 2012-01-31 14:21 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-24 17:09 - 2011-05-16 15:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-24 16:55 - 2013-11-14 10:51 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-01-24 16:53 - 2013-03-28 12:46 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-01-24 16:36 - 2014-01-24 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
2014-01-24 16:35 - 2011-05-16 15:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-24 15:54 - 2012-06-12 13:14 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-01-24 15:53 - 2013-12-09 17:41 - 00000000 ____D () C:\Program Files\MediaMonkey
2014-01-24 15:46 - 2011-10-18 12:29 - 00000000 ____D () C:\Program Files\IObit
2014-01-24 14:44 - 2013-03-28 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TP-LINK
2014-01-19 20:34 - 2014-01-19 20:34 - 00006686 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
2014-01-19 18:32 - 2011-05-18 15:47 - 00231584 ____C (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 13:37 - 2012-01-31 14:21 - 00000785 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2014-01-19 13:37 - 2011-05-16 14:40 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-01-16 17:25 - 2013-12-15 17:31 - 00000000 ____D () C:\5949b32e9d93995e4642
2014-01-16 17:25 - 2012-08-27 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-01-16 17:21 - 2011-05-18 18:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-01-16 17:19 - 2011-05-19 14:07 - 00000000 ____D () C:\Program Files\Google
2014-01-12 13:37 - 2013-12-09 17:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\MediaMonkey
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================

 

[tizapaine]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-02-2014
Ran by Administrator at 2014-02-07 11:09:48
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
==================== Installed Programs ======================
(Version: 6.5 - Ulead Systems) <==== ATTENTION
A4Tech iKeyWorks 7.72 (Version: - ) <==== ATTENTION
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152 - Adobe Systems Incorporated) <==== ATTENTION
Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated) <==== ATTENTION
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated) <==== ATTENTION
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden <==== ATTENTION
AMD Catalyst Install Manager (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) <==== ATTENTION
Apple Application Support (Version: 2.3.4 - Apple Inc.) <==== ATTENTION
Apple Software Update (Version: 2.1.3.127 - Apple Inc.) <==== ATTENTION
Belarc Advisor 8.1 (Version: - ) <==== ATTENTION
BlazePhoto 2.0 (Version: - ) <==== ATTENTION
Brother MFL-Pro Suite MFC-J430W (Version: 1.0.19.0 - Brother Industries, Ltd.) <==== ATTENTION
CCleaner (Version: 4.08 - Piriform) <==== ATTENTION
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden <==== ATTENTION
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden <==== ATTENTION
DVD Decoder Pak for Windows XP (Version: 1.0.0 - roddy2000@hotbox.ru) <==== ATTENTION
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden <==== ATTENTION
Express Burn Disc Burning Software (Version: - NCH Software) <==== ATTENTION
Express Rip (Version: 1.92 - NCH Software) <==== ATTENTION
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden <==== ATTENTION
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden <==== ATTENTION
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden <==== ATTENTION
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
InstantShareAlert (Version: 1.00.0000 - HP) Hidden <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (Version: 6.14.10.5218 - Intel Corporation) <==== ATTENTION
Intel(R) Network Connections Drivers (Version: 18.3 - Intel) <==== ATTENTION
Intel® Management Engine Interface (Version: - Intel Corporation) <==== ATTENTION
Internet Explorer (Enable DEP) (Version: - ) <==== ATTENTION
IrfanView (remove only) (Version: 4.35 - Irfan Skiljan) <==== ATTENTION
Java 7 Update 45 (Version: 7.0.450 - Oracle) <==== ATTENTION
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden <==== ATTENTION
Java(TM) 6 Update 45 (Version: 6.0.450 - Oracle) <==== ATTENTION
JYKRecorder (Version: 1.0.0 - JiaYinKing) <==== ATTENTION
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) <==== ATTENTION
MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
MCCI(r)Firmware Update Driver for MTK (Version: 1.00.0000 - MCCI) <==== ATTENTION
Microsoft .NET Framework 1.1 (Version: - ) <==== ATTENTION
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden <==== ATTENTION
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - ) <==== ATTENTION
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - ) <==== ATTENTION
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Automated Troubleshooting Services Shim (Version: - ) <==== ATTENTION
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation) <==== ATTENTION
Microsoft PowerPoint Viewer (Version: 14.0.7015.1000 - Microsoft Corporation) <==== ATTENTION
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) <==== ATTENTION
Microsoft User-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) <==== ATTENTION
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden <==== ATTENTION
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0 - Mozilla) <==== ATTENTION
Mozilla Maintenance Service (Version: 22.0 - Mozilla) <==== ATTENTION
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden <==== ATTENTION
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden <==== ATTENTION
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) <==== ATTENTION
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) <==== ATTENTION
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation) <==== ATTENTION
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation) <==== ATTENTION
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation) <==== ATTENTION
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation) <==== ATTENTION
Nero 11 Mini Repack (Version: - ) <==== ATTENTION
Nero Backup Drivers (Version: 1.0.10000.1.0 - Nero AG) <==== ATTENTION
neroxml (Version: 1.0.0 - Nero AG) Hidden <==== ATTENTION
Nuance PaperPort 12 (Version: 12.1.0000 - Nuance Communications, Inc.) <==== ATTENTION
Nuance PDF Viewer Plus (Version: 5.30.3290 - Nuance Communications, Inc) <==== ATTENTION
OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation) <==== ATTENTION
OVT Scanner 16Bit (HKCU Version: 1.1 - Author) <==== ATTENTION
OVT Scanner 16Bit (Version: 1.1 - Author) Hidden <==== ATTENTION
PanoStandAlone (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
PaperPort Image Printer (Version: 1.00.0001 - Nuance Communications, Inc.) <==== ATTENTION
Photo Express LE <==== ATTENTION
Picasa 3 (Version: 3.9 - Google, Inc.) <==== ATTENTION
Picasa Uploader (Version: 0.5 - UNKNOWN) <==== ATTENTION
Picasa Uploader (Version: 0.5 - UNKNOWN) Hidden <==== ATTENTION
QuickTime (Version: 7.74.80.86 - Apple Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (Version: 5.10.0.7083 - Realtek Semiconductor Corp.) <==== ATTENTION
Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden <==== ATTENTION
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden <==== ATTENTION
Scansoft PDF Professional (Version: - ) Hidden <==== ATTENTION
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden <==== ATTENTION
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.) <==== ATTENTION
Skype™ 6.10 (Version: 6.10.104 - Skype Technologies S.A.) <==== ATTENTION
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden <==== ATTENTION
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
System Requirements Lab for Intel (Version: 4.5.15.0 - Husdawg, LLC) <==== ATTENTION
TL-WN822N/TL-WN821N Driver (Version: 1.0.0 - TP-LINK) <==== ATTENTION
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden <==== ATTENTION
Uninstall OVT Scanner 16-bit (Version: - ) <==== ATTENTION
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation) <==== ATTENTION
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation) <==== ATTENTION
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden <==== ATTENTION
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN) <==== ATTENTION
WavePad Sound Editor (Version: 5.48 - NCH Software) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden <==== ATTENTION
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden <==== ATTENTION
Windows Driver Package - OmniVision (APL531) Image (01/01/2010 2.0.0.1) (Version: 01/01/2010 2.0.0.1 - OmniVision) <==== ATTENTION
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation) <==== ATTENTION
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden <==== ATTENTION
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden <==== ATTENTION
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation) <==== ATTENTION
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden <==== ATTENTION
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden <==== ATTENTION
Windows Management Framework Core (Version: - Microsoft Corporation) <==== ATTENTION
Windows Media Format 11 runtime (Version: - ) <==== ATTENTION
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden <==== ATTENTION
Windows Media Player 11 (Version: - ) <==== ATTENTION
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden <==== ATTENTION
==================== Restore Points =========================
28-01-2014 11:54:55 System Checkpoint
29-01-2014 05:04:12 Software Distribution Service 3.0
30-01-2014 06:43:48 Software Distribution Service 3.0
31-01-2014 01:39:54 Software Distribution Service 3.0
31-01-2014 09:26:06 Software Distribution Service 3.0
01-02-2014 00:19:56 Feb.2014
01-02-2014 02:49:45 Software Distribution Service 3.0
02-02-2014 00:20:27 Software Distribution Service 3.0
02-02-2014 03:31:20 Software Distribution Service 3.0
03-02-2014 00:17:34 Software Distribution Service 3.0
04-02-2014 00:10:43 Software Distribution Service 3.0
06-02-2014 00:42:28 Software Distribution Service 3.0
06-02-2014 01:32:37 Software Distribution Service 3.0
06-02-2014 06:37:35 Erestore
06-02-2014 16:01:12 Software Distribution Service 3.0
==================== Hosts content: ==========================
2003-04-01 01:00 - 2014-02-06 14:45 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\Express FilesUpdate.job => C:\Program Files\ExpressFiles\EFUpdater.exe
Task: C:\WINDOWS\Tasks\expressburnShakeIcon.job => C:\Program Files\NCH Software\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\MNYCCYR.job => ?
Task: C:\WINDOWS\Tasks\Norton Security Scan for Administrator.job => C:\PROGRA~1\NORTON~3\Engine\373~1.16\Nss.exe
==================== Loaded Modules (whitelisted) =============
2008-04-14 15:41 - 2008-04-14 15:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 15:42 - 2008-04-14 15:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-06-29 16:15 - 2002-10-02 04:47 - 00024576 _____ () C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Directorps.dll
2012-06-29 16:56 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:22446EB0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Faulty Device Manager Devices =============
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (02/07/2014 11:09:48 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (02/06/2014 09:53:33 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error: (02/06/2014 09:52:56 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (02/06/2014 05:41:06 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (02/06/2014 05:38:33 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (02/06/2014 05:32:46 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Error: (02/06/2014 05:32:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Error: (02/06/2014 05:32:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (02/06/2014 05:32:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error: (02/06/2014 05:32:03 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

System errors:
=============
Error: (02/05/2014 07:13:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Soluto
Error: (02/05/2014 07:11:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cmdGuard
Fips
intelppm
MpFilter
Soluto
Error: (02/05/2014 07:10:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/05/2014 07:10:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/05/2014 07:10:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/05/2014 07:10:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/05/2014 07:10:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/05/2014 07:10:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/05/2014 07:09:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/05/2014 07:09:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (02/07/2014 11:09:48 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.
Error: (02/06/2014 09:53:33 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
Error: (02/06/2014 09:52:56 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.
Error: (02/06/2014 05:41:06 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.
Error: (02/06/2014 05:38:33 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.
Error: (02/06/2014 05:32:46 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.
Error: (02/06/2014 05:32:43 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.
Error: (02/06/2014 05:32:43 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.
Error: (02/06/2014 05:32:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
Error: (02/06/2014 05:32:03 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 3062 MB
Available physical RAM: 2328.75 MB
Total Pagefile: 6981 MB
Available Pagefile: 6464.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.75 GB) (Free:68.1 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: E90BE90B)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================

 

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:

:regfind
*Cleaner*
:folderfind
*Cleaner*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[tizapaine]

SystemLook 30.07.11 by jpshortstuff
Log created at 12:12 on 07/02/2014 by Administrator
Administrator - Elevation successful
========== regfind ==========
Searching for "*Cleaner*"
No data found.
========== folderfind ==========
Searching for "*Cleaner*"
C:\Norman Malware Cleaner d------ [06:54 01/07/2011]
C:\Documents and Settings\Administrator\Application Data\FixCleaner d------ [09:27 29/08/2012]
C:\Documents and Settings\Administrator\Application Data\PC Cleaners d------ [11:31 23/03/2012]
C:\Documents and Settings\Administrator\Application Data\Auslogics\Registry Cleaner d------ [10:05 14/01/2012]
C:\Documents and Settings\Administrator\Application Data\Auslogics\Rescue\Auslogics Registry Cleaner d------ [10:04 14/01/2012]
C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Eusing Free Registry Cleaner-25092011-204805 d------ [10:48 25/09/2011]
C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner d------ [05:15 30/08/2013]
C:\Program Files\CCleaner d------ [05:15 30/08/2013]
-= EOF =-

 

[Broni]

OK, I'll be back in 15 minutes to continue...

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[tizapaine]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-02-2014
Ran by Administrator at 2014-02-07 13:08:23 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Norman Malware Cleaner
C:\Documents and Settings\Administrator\Application Data\FixCleaner
C:\Documents and Settings\Administrator\Application Data\PC Cleaners
C:\Documents and Settings\Administrator\Application Data\Auslogics\Registry Cleaner
C:\Documents and Settings\Administrator\Application Data\Auslogics\Rescue\Auslogics Registry Cleaner
C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Eusing Free Registry Cleaner-25092011-204805
C:\Program Files\Common Files\Spigot
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-11-25]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-11-25]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
Toolbar: HKLM - No Name - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {29B27261-6B27-4127-A673-482962FE82EB} - No File
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=2&q=
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\nchen-customized-web-search.xml
CHR HomePage: hxxp://au.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://au.yahoo.com?fr=fpc-comodo"
CHR Extension: (Slick Savings) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-11-28]
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15704 2013-09-24] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [587864 2013-11-14] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30552 2013-09-24] (COMODO)
C:\WINDOWS\System32\DRIVERS\cmderd.sys
C:\WINDOWS\System32\DRIVERS\cmdguard.sys
C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [96216 2013-09-24] (COMODO)
C:\WINDOWS\System32\DRIVERS\inspect.sys
2014-02-06 19:42 - 2013-12-09 19:42 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\MNYCCYR.job => ?
Task: C:\WINDOWS\Tasks\Norton Security Scan for Administrator.job => C:\PROGRA~1\NORTON~3\Engine\373~1.16\Nss.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:22446EB0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
C:\Documents and Settings\Administrator\Local Settings\Temp\ntdll_dump.dll
*****************
C:\Norman Malware Cleaner => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\FixCleaner => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\PC Cleaners => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Auslogics\Registry Cleaner => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Auslogics\Rescue\Auslogics Registry Cleaner => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Eusing Free Registry Cleaner-25092011-204805 => Moved successfully.
C:\Program Files\Common Files\Spigot => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Value deleted successfully.
HKCR\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Value deleted successfully.
HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{29B27261-6B27-4127-A673-482962FE82EB} => Value deleted successfully.
HKCR\CLSID\{29B27261-6B27-4127-A673-482962FE82EB} => Key not found.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\nchen-customized-web-search.xml => Moved successfully.
CHR HomePage: hxxp://au.yahoo.com?fr=fpc-comodo ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://au.yahoo.com?fr=fpc-comodo" ==> The Chrome "Settings" can be used to fix the entry.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Moved successfully.
cmderd => Service deleted successfully.
cmdGuard => Service deleted successfully.
cmdHlp => Service deleted successfully.
C:\WINDOWS\System32\DRIVERS\cmderd.sys => Moved successfully.
C:\WINDOWS\System32\DRIVERS\cmdguard.sys => Moved successfully.
C:\WINDOWS\System32\DRIVERS\cmdhlp.sys => Moved successfully.
Inspect => Service deleted successfully.
C:\WINDOWS\System32\DRIVERS\inspect.sys => Moved successfully.
C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job not found.
Could not move "C:\WINDOWS\Tasks\MNYCCYR.job" => Scheduled to move on reboot.
C:\WINDOWS\Tasks\Norton Security Scan for Administrator.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":22446EB0" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => "1B5B4F1" ADS removed successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-07 13:09:41)<=
C:\WINDOWS\Tasks\MNYCCYR.job => Is moved successfully.
==== End of Fixlog ====

 

[Broni]

Check your internet connection.