Solved I can't connect to the internet except in safe mode.

I'm now able to connect in normal mode, I'ts quiet scratchy in the way it opens in that when IE is clicked it takes time to open I may click on it a couple of times.
The whole running of the computer is very slow at the moment,
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-02-05.02 - Administrator 08/02/2014 16:03:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2258 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\All Users\Application Data\100
c:\documents and settings\All Users\Application Data\f250a3f87474d38c97dc0679d057db14_c
c:\documents and settings\All Users\Application Data\TEMP
C:\END
C:\install.exe
c:\program files\LyricsTube
c:\program files\LyricsTube\FF\chrome\content\icon.png
c:\program files\LyricsTube\FF\chrome\content\main.js
c:\program files\LyricsTube\FF\chrome\content\overlay.xul
c:\program files\LyricsTube\FF\install.rdf
c:\program files\TelevisionFanaticEI
c:\recuva\desktop_1.ini
c:\recuva\desktop_2.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-01-08 to 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 03:16 . 2014-02-08 03:16 -------- d---a-w- c:\program files\PopularScreensavers_7iEI
2014-02-08 03:03 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0910FA13-433E-45FC-A997-EA7804764B53}\mpengine.dll
2014-02-06 06:40 . 2014-02-06 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-06 06:38 . 2014-02-06 06:38 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-06 01:32 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-04 00:32 . 2014-02-04 00:32 -------- d-----w- C:\6e13aa418c81916a85273cd99568cb
2014-02-02 03:35 . 2014-02-02 03:35 -------- d-----w- C:\19c71df5d9beff9b4b54
2014-01-31 00:15 . 2014-02-07 02:09 -------- d-----w- C:\FRST
2014-01-29 04:17 . 2014-01-29 04:17 410784 ----a-w- c:\windows\system32\drivers\thmhtvhy.sys
2014-01-29 04:13 . 2014-01-29 04:13 410784 ----a-w- c:\windows\system32\drivers\avsxyhfe.sys
2014-01-27 04:14 . 2014-01-27 04:15 -------- dc-h--w- c:\windows\ie8
2014-01-27 03:32 . 2014-01-27 03:32 -------- d-----w- c:\program files\Microsoft ATS
2014-01-27 02:21 . 2014-01-27 02:21 -------- d-----w- C:\d8e371acf69840d372
2014-01-24 10:12 . 2014-01-24 10:12 -------- d-----w- C:\1a443f8837eeb4b3b47499
2014-01-24 05:35 . 2011-07-28 08:06 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys
2014-01-24 05:35 . 2011-07-28 08:06 1763584 ----a-w- c:\windows\system32\athuw.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-08 03:08 . 2012-10-04 02:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-08 03:08 . 2012-10-04 02:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2011-05-18 04:47 231584 -c----w- c:\windows\system32\MpSigStub.exe
2013-12-03 00:07 . 2013-11-14 04:40 359016 ----a-w- c:\windows\vncutil.exe
2013-12-03 00:07 . 2011-05-16 04:31 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL
2013-12-03 00:07 . 2011-05-16 04:31 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2013-12-03 00:07 . 2011-05-16 04:31 9721960 ----a-w- c:\windows\RTLCPL.EXE
2013-12-03 00:07 . 2011-05-16 04:31 1523416 ----a-w- c:\windows\RtlUpd.exe
2013-12-03 00:07 . 2011-05-16 04:31 5589720 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-12-03 00:07 . 2013-11-14 04:40 86232 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2013-12-03 00:07 . 2013-11-14 04:40 129640 ----a-w- c:\windows\RtkAudioService.exe
2013-12-03 00:07 . 2011-05-16 04:31 20145368 ----a-w- c:\windows\RTHDCPL.EXE
2013-12-03 00:07 . 2013-11-14 04:40 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2013-12-03 00:07 . 2011-05-16 04:31 2180712 ----a-w- c:\windows\MicCal.exe
2013-12-03 00:06 . 2013-11-14 04:40 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2013-12-03 00:06 . 2011-05-16 04:31 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2013-12-03 00:06 . 2011-05-16 04:31 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2013-12-03 00:06 . 2011-05-16 04:31 64104 ----a-w- c:\windows\ALCMTR.EXE
2013-11-27 20:21 . 2008-04-13 23:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-14 04:41 . 2013-11-14 04:41 28272 ----a-w- c:\windows\system32\NicCo2.dll
2013-11-14 04:41 . 2007-04-12 01:47 309048 -c--a-w- c:\windows\system32\Prounstl.exe
2013-11-14 04:41 . 2007-01-29 04:36 83808 ----a-w- c:\windows\system32\NicInstE.dll
2013-11-14 04:41 . 2007-04-13 03:33 254336 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2013-11-14 04:41 . 2007-01-17 05:59 121440 ----a-w- c:\windows\system32\e1000msg.dll
2013-11-14 04:40 . 2011-05-16 04:31 1833576 ----a-w- c:\windows\SkyTel.exe
2013-11-14 04:40 . 2013-11-14 04:40 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2013-11-14 04:37 . 2013-11-14 04:37 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2013-11-14 04:37 . 2012-09-16 00:56 294912 ----a-w- c:\windows\system32\igldev32.dll
2013-11-14 04:37 . 2012-09-16 00:56 2342912 ----a-w- c:\windows\system32\iglicd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 57344 ----a-w- c:\windows\system32\igxprd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 3773952 ----a-w- c:\windows\system32\igxpdx32.dll
2013-11-14 04:37 . 2012-09-16 00:56 2685280 ----a-w- c:\windows\system32\igxpdv32.dll
2013-11-14 04:37 . 2012-09-16 00:56 185856 ----a-w- c:\windows\system32\igxpgd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 1730272 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2013-11-14 04:37 . 2012-09-16 00:56 288256 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-11-14 04:37 . 2012-09-16 00:56 279040 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-11-14 04:37 . 2012-09-16 00:56 304640 ----a-w- c:\windows\system32\igfxrita.lrc
2013-11-14 04:37 . 2012-09-16 00:56 303104 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-11-14 04:37 . 2012-09-16 00:56 299008 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-11-14 04:37 . 2012-09-16 00:56 294912 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-11-14 04:37 . 2012-09-16 00:56 291328 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-11-14 04:37 . 2012-09-16 00:56 289280 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-11-14 04:37 . 2012-09-16 00:56 287744 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-11-14 04:37 . 2012-09-16 00:56 279552 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-11-14 04:37 . 2012-09-16 00:56 277504 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-11-14 04:37 . 2012-09-16 00:56 262656 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-11-14 04:37 . 2012-09-16 00:56 249856 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-11-14 04:37 . 2012-09-16 00:56 206848 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-11-14 04:37 . 2012-09-16 00:56 205312 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-11-14 04:37 . 2012-09-16 00:56 141336 ----a-w- c:\windows\system32\igfxtray.exe
2013-11-14 04:37 . 2012-09-16 00:56 51712 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-11-14 04:37 . 2012-09-16 00:56 250392 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-11-14 04:37 . 2012-09-16 00:56 310784 ----a-w- c:\windows\system32\igfxrell.lrc
2013-11-14 04:37 . 2012-09-16 00:56 23552 ----a-w- c:\windows\system32\igfxexps.dll
2013-11-14 04:37 . 2012-09-16 00:56 172568 ----a-w- c:\windows\system32\igfxext.exe
2013-11-14 04:37 . 2012-09-16 00:56 303616 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-11-14 04:37 . 2012-09-16 00:56 303104 ----a-w- c:\windows\system32\igfxresp.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-11-14 04:37 . 2012-09-16 00:56 281088 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-11-14 04:37 . 2012-09-16 00:56 275968 ----a-w- c:\windows\system32\igfxrenu.lrc
2013-11-14 04:37 . 2012-09-16 00:56 652312 ----a-w- c:\windows\system32\igfxcfg.exe
2013-11-14 04:37 . 2012-09-16 00:56 5702656 ----a-w- c:\windows\system32\igfxress.dll
2013-11-14 04:37 . 2012-09-16 00:56 280576 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-11-14 04:37 . 2012-09-16 00:56 252416 ----a-w- c:\windows\system32\igfxrara.lrc
2013-11-14 04:37 . 2012-09-16 00:56 205824 ----a-w- c:\windows\system32\igfxdev.dll
2013-11-14 04:37 . 2012-09-16 00:56 179712 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-11-14 04:37 . 2012-09-16 00:56 178176 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-11-14 04:37 . 2012-09-16 00:56 142360 ----a-w- c:\windows\system32\igfxpers.exe
2013-11-14 04:37 . 2012-09-16 00:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2013-11-14 04:37 . 2012-09-16 00:56 199168 ----a-w- c:\windows\system32\igfxpph.dll
2013-11-14 04:37 . 2012-09-16 00:56 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
2013-11-14 04:37 . 2012-09-16 00:56 173592 ----a-w- c:\windows\system32\hkcmd.exe
2013-11-14 04:37 . 2012-09-16 00:56 93696 ----a-w- c:\windows\system32\hccutils.dll
2013-11-14 00:38 . 2013-11-14 00:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-11-13 19:27 . 2014-01-27 03:32 65184 ----a-w- c:\windows\apppatch\MATSShim.DLL
2013-11-13 02:59 . 2008-04-14 04:41 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-10 02:34 134400 --sha-r- c:\windows\system32\hal.dll
2013-07-04 03:03 2149888 --sha-r- c:\windows\system32\ntoskrnl.exe
2013-01-10 02:34 574976 -csha-r- c:\windows\system32\drivers\ntfs.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[7] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2003-03-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-13 18:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
.
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\mshtml.dll
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll
[-] 2013-03-01 . AE3A26C04C794E5451ADF6872F7D48F4 . 6012928 . . [8.00.6001.23471] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll
[-] 2013-01-08 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll
[-] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
[-] 2012-11-12 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll
[-] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[-] 2012-07-02 . DF599AC52B62DE001E42D36F92B45E68 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll
[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
[-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll
[-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2898785-IE8\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
[7] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\wininet.dll
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\wininet.dll
[-] 2013-03-02 . 43EADBA9F3CD2A5F01B189BD95FCDE95 . 920064 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll
[-] 2013-02-05 . BE30BEF4C13065D09772F9895FCB9D22 . 920064 . . [8.00.6001.23469] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll
[-] 2012-12-26 . B8BEF9519A1B124DEAF94081F6C5A767 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll
[-] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[-] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2898785-IE8\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
[7] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\$NtUninstallKB2876217$\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\$NtUninstallKB2850869$\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-05-03 . 70F7DF7268C6AB388319A03375DAC4E5 . 2028544 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-03-07 . 9ED39805DF38061BB031D0F2B20DFB77 . 2028544 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 2C9091C3350E369BBB2464AABE2FD7CA . 2027520 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-05-03 . 0F1ECE75329996EBDCF2774F9E46623D . 2149888 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntoskrnl.exe
[-] 2013-03-07 . 8C39722F8C291F1BBCCE80EE23065897 . 2149888 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . DD5A89274B47499CCFF7ADCA3A3C560E . 2148864 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-12-03 20145368]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-04-30 421888]
"PhilipsRemote"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2002-10-24 69632]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-14 142360]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2012-04-03 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-14 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-14 173592]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-18 2629632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BlazeVideo\\BlazePhoto 2.0\\BlazePhoto.exe"=
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [22/01/2012 2:13 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [22/01/2012 2:13 PM 12464]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27/05/2012 11:19 AM 24408]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 1:13 PM 38144]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [9/03/2010 12:40 AM 144672]
R2 UacFlt;Philips Composite Class Filter Driver;c:\windows\system32\drivers\uacbflt.sys [14/06/2002 4:40 PM 21276]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 8:13 PM 36608]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [9/09/2012 4:52 PM 51144]
S1 MpKsl22239b4c;MpKsl22239b4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46C3CDF-B3DB-478C-9FF7-9CAA426474EC}\MpKsl22239b4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46C3CDF-B3DB-478C-9FF7-9CAA426474EC}\MpKsl22239b4c.sys [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9/10/2013 10:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/09/2013 10:34 AM 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/11/2013 3:40 PM 1691480]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys --> c:\windows\system32\Drivers\androidusb.sys [?]
S3 APL531;OVT Scanner 16-bit;c:\windows\system32\drivers\OVTX16.sys [25/01/2012 12:33 PM 154112]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [24/01/2014 4:35 PM 1763584]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [29/06/2012 4:57 PM 245760]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2/06/2011 11:08 AM 11336]
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys --> c:\windows\system32\drivers\massfilter_hs.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/02/2014 5:38 PM 52312]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [8/09/2011 1:28 PM 30576]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 3:12 PM 341504]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [3/09/2012 3:40 PM 13024]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys --> c:\windows\system32\DRIVERS\zghsdiag.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:08]
.
2013-07-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-07-09 09:32]
.
2014-02-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} -
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&CUI=UN29370041163711109&UM=1&SearchSource=3&q={searchTerms}&sspv=TB_CER
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=2&q=
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: 2013-12-09 19:26; PrivDog@AdTrustMedia.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\PrivDog@AdTrustMedia.com
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: browser.search.defaultenginename - FindWide
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-OVT Scanner 16-bittt - c:\windows\omniuns.exe USB\VID_05A9&PID_35C1 OVT Scanner 16-bittt
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-08 16:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0cc053b4-5909-416f-84fe-7c3d6c9beac4}]
@Denied: (Full) (Everyone)
"Model"=dword:00000031
"Therad"=dword:00000017
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8c,e0,a1,d6,96,05,9e,fa,b7,ec,23,c2,3f,65,85,bd,0b,fb,7b,48,3c,
a9,00,60,ae,6f,74,62,4b,5b,78,d0,99,f0,ba,7c,e6,fc,ab,e9,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
.
Completion time: 2014-02-08 16:18:54
ComboFix-quarantined-files.txt 2014-02-08 05:18
.
Pre-Run: 72,785,952,768 bytes free
Post-Run: 140,596,396,032 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 09CAFFEBB97481EAB63622F8F351EAE1
8F558EB6672622401DA993E1E865C861
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/08/2014 05:20:16 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Possibly Patched Files.
* C:\WINDOWS\system32\services.exe
* C:\WINDOWS\system32\wbem\wmiprvse.exe
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual
* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic
* Security Center (wuauserv) is not Running.
Startup Type set to: Automatic
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\browser.dll : 78,336 : 07/07/2012 00:58 AM : cfd4e51402da9838b5a04ae680af54a0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2705219\SP3QFE\browser.dll : 78,336 : 07/07/2012 00:58 AM : fc6d1d80588d371f0321e15a75b2f8f2 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2705219$\browser.dll : 77,824 : 04/14/2008 03:41 PM : a06ce3399d16db864f55faeb1f1927a9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\browser.dll : 77,824 : 04/14/2008 05:41 AM : a06ce3399d16db864f55faeb1f1927a9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\browser.dll : 78,336 : 07/07/2012 00:58 AM : cfd4e51402da9838b5a04ae680af54a0 [Pos Repl]
* C:\WINDOWS\System32\comctl32.dll : 617,472 : 08/24/2010 03:12 AM : 93afb83fbc1f9443cac722fca63d73bf [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\comctl32.dll : 617,472 : 04/14/2008 05:41 AM : 06f247492bc786ce5c24a23e178c711a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\comctl32.dll : 617,472 : 08/24/2010 03:12 AM : 93afb83fbc1f9443cac722fca63d73bf [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921,088 : 04/01/2003 01:00 AM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1,054,208 : 04/14/2008 05:42 AM : bd38d1ebe24a46bd3eda059560afba12 [Pos Repl]
+-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll : 1,054,208 : 08/24/2010 03:12 AM : 736b12b725aeb2b07f0241a9f680cb10 [Pos Repl]
* C:\WINDOWS\System32\es.dll : 253,952 : 07/08/2008 07:26 AM : d4991d98f2db73c60d042f1aef79efae [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll : 253,952 : 07/08/2008 07:23 AM : f17f6226bdc0cd5f0bef0daf84d29bec [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\es.dll : 246,272 : 04/14/2008 05:41 AM : 19a799805b24990867b00c120d300c3a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\es.dll : 253,952 : 07/08/2008 07:26 AM : d4991d98f2db73c60d042f1aef79efae [Pos Repl]
* C:\WINDOWS\System32\kernel32.dll : 990,208 : 10/03/2012 03:58 PM : 6fe42512ab1b89f32a7407f261b1d2d0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll : 991,744 : 10/03/2012 03:57 PM : 6cbfeeb384f04681af75f495aa48dd32 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll : 991,744 : 03/22/2009 00:59 AM : da11d9d6ecbdf0f93436a4b7c13f7bec [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2758857$\kernel32.dll : 989,696 : 03/22/2009 01:06 AM : b921fb870c9ac0d509b2ccabbbbe95f3 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\kernel32.dll : 989,696 : 04/14/2008 05:41 AM : c24b983d211c34da8fcc1ac38477971d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\kernel32.dll : 990,208 : 10/03/2012 03:58 PM : 6fe42512ab1b89f32a7407f261b1d2d0 [Pos Repl]
* C:\WINDOWS\System32\mfc40u.dll : 953,856 : 09/18/2010 05:53 PM : e76a5c202e68af5a322d16b5a78f48b9 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll : 953,856 : 09/18/2010 06:18 PM : 842900dedbc8e3e8dbcccb298fd88f65 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll : 927,504 : 04/14/2008 05:41 AM : cddd4416b2b4c7295fe3fdb6dde57e4e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mfc40u.dll : 953,856 : 09/18/2010 05:53 PM : e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]
* C:\WINDOWS\System32\mshtml.dll : 6,020,608 : 10/29/2013 06:57 PM : 680bd97ba5c817bce79162496d51528d [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll : 5,964,800 : 02/23/2011 10:27 AM : 3422847aa07e37076a87d0b7d5044dc6 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll : 5,971,456 : 07/26/2011 02:15 AM : bce7ccebad6c8955d2b4c3b246bd0e57 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll : 5,972,992 : 10/03/2011 07:34 PM : 1240a6b7b470bed0aa6c9fec7ab0ea26 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll : 5,978,624 : 11/05/2011 06:19 AM : 699421e2e1313c18671a703953cae14b [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll : 5,980,160 : 12/18/2011 06:45 AM : 49b88a833eca99efbffc5aae5cc998ed [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll : 5,980,672 : 03/01/2012 09:58 PM : 5dbb0c997ad276bce9d30cd609bdbf67 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll : 6,009,344 : 05/12/2012 01:41 AM : 55f148b94246a77fb4ac33346671cac8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll : 6,010,368 : 07/03/2012 04:48 AM : df599ac52b62de001e42d36f92b45e68 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll : 6,010,368 : 08/29/2012 02:13 AM : cf6b381c3518ab328382429cae206d64 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll : 6,010,880 : 11/13/2012 01:23 AM : 02d8509e2362d777debffc05c022cbf2 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll : 6,011,904 : 01/09/2013 02:03 AM : 99e9e2606fb13adb711935fe8e8e29c1 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll : 6,011,392 : 01/06/2013 04:33 PM : 14fd1caefb6d2749019ac2f54859568c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll : 6,012,928 : 03/01/2013 01:31 PM : ae3a26c04c794e5451adf6872f7d48f4 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll : 6,013,440 : 03/02/2013 01:05 PM : 990f4518e1607f445969c12f014e4e29 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll : 5,953,024 : 05/06/2010 09:36 PM : 9be28f749a7fe7f8f177c6aa2e9da609 [Pos Repl]
+-> C:\WINDOWS\ie8\mshtml.dll : 3,066,880 : 04/14/2008 03:42 PM : a706e122b398fe1ab85cb9b75d044223 [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2898785-IE8\mshtml.dll : 5,937,152 : 03/08/2009 04:41 AM : d469a0eba2ef5c6bee8065b7e3196e5e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mshtml.dll : 3,066,880 : 04/14/2008 05:42 AM : a706e122b398fe1ab85cb9b75d044223 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mshtml.dll : 6,020,608 : 10/29/2013 06:57 PM : 680bd97ba5c817bce79162496d51528d [Pos Repl]
* C:\WINDOWS\System32\mswsock.dll : 245,248 : 06/21/2008 03:02 AM : 943337d786a56729263071623bbb9de5 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll : 245,248 : 06/21/2008 04:43 AM : fcee5fcb99f7c724593365c706d28388 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mswsock.dll : 245,248 : 04/14/2008 05:42 AM : b4138e99236f0f57d4cf49bae98a0746 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mswsock.dll : 245,248 : 06/21/2008 03:02 AM : 943337d786a56729263071623bbb9de5 [Pos Repl]
* C:\WINDOWS\System32\ntkrnlpa.exe : 2,028,544 : 07/04/2013 01:08 PM : 05f3db567eae368ae3bbd7e973490646 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe : 2,069,376 : 12/09/2010 07:39 PM : f67cd97282e0abfaf91a9a1359b16f2d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe : 2,069,376 : 10/25/2011 11:52 PM : db19fff0c805664cb95062c027b11fe9 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe : 2,069,120 : 04/11/2012 11:42 PM : 063a0f8a90d8e2b802e5243fe9aabcf3 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe : 2,069,120 : 05/04/2012 11:41 PM : 8e99a0ce02c1beda6c0935a4dde9ceaa [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe : 2,069,632 : 08/22/2012 00:05 AM : b326d5e256d2f32b23e64f49debce31b [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe : 2,069,760 : 01/07/2013 11:45 AM : 1251d608dfce4b6801ad27a59b74985c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe : 2,070,016 : 03/07/2013 11:53 AM : 9ebeda306e5eabdabcff8b695fcd4cd6 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe : 2,066,176 : 02/06/2009 09:30 PM : 607352b9cb3d708c67f6039097801b5a [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2633171$\ntkrnlpa.exe : 2,027,008 : 12/10/2010 00:07 AM : 9ed77e2307f6ec6f174c063c15aa3b8c [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe : 2,027,008 : 10/25/2011 11:52 PM : 36cac3c8c4c10f4e21bfeabbfe7acffc [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2724197$\ntkrnlpa.exe : 2,026,496 : 05/04/2012 11:32 PM : 87763bb6c95901818050e52c378c9e15 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2799494$\ntkrnlpa.exe : 2,027,520 : 08/21/2012 11:58 PM : 61027ee2d9859a2b41d588d92f256cfb [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2813170$\ntkrnlpa.exe : 2,027,520 : 01/07/2013 11:37 AM : 2c9091c3350e369bbb2464aabe2fd7ca [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2839229$\ntkrnlpa.exe : 2,028,544 : 03/07/2013 11:50 AM : 9ed39805df38061bb031d0f2b20dfb77 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2859537$\ntkrnlpa.exe : 2,028,544 : 05/03/2013 11:38 AM : 70f7df7268c6ab388319a03375dac4e5 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe : 2,070,144 : 07/04/2013 01:08 PM : 4c47b37cf351ffeb1227ced0ff4751d5 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe : 2,065,792 : 04/14/2008 00:01 AM : 109f8e3e3c82e337bb71b6bc9b895d61 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntkrnlpa.exe : 2,070,144 : 07/04/2013 01:08 PM : 4c47b37cf351ffeb1227ced0ff4751d5 [Pos Repl]
* C:\WINDOWS\System32\ntoskrnl.exe : 2,149,888 : 07/04/2013 02:03 PM : afee19399cf992a098309f7fdf87880a [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe : 2,192,768 : 12/10/2010 00:43 AM : a531bbd3de13121c1380ed7dc99082db [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe : 2,192,768 : 10/26/2011 00:34 AM : f512c662874d7545e5bd8005e6800a44 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe : 2,192,640 : 04/12/2012 00:22 AM : 8d061bb825bc606c2b1c6f7452d1baaa [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe : 2,192,640 : 05/05/2012 00:20 AM : 099a0f80a563ebe935f4a9750f96c219 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe : 2,193,024 : 08/22/2012 00:48 AM : eca5980e1a78dbf9cb7f49f76791c0d1 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe : 2,193,152 : 01/07/2013 12:28 AM : ae2fee63789f5df6b19dd9a39e26d03e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe : 2,193,536 : 03/07/2013 12:31 AM : 9fc16e5ebfe88f3c844ffe2e6cb7f1e8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe : 2,189,184 : 02/07/2009 08:35 PM : efe8eace83eaad5849a7a548fb75b584 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe : 2,148,864 : 12/10/2010 00:42 AM : 60e16152d847d7a7b7d3da4c4b8e2120 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe : 2,148,864 : 10/26/2011 00:37 AM : 3b663b9b193d7e1de39a466020f1fd91 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe : 2,148,352 : 05/05/2012 00:16 AM : ac4b3c4a6dc31867034c66663b9b8a38 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2799494$\ntoskrnl.exe : 2,148,864 : 08/22/2012 00:33 AM : b9a14d5875ce262774388bd43ba56ff3 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2813170$\ntoskrnl.exe : 2,148,864 : 01/07/2013 12:19 AM : dd5a89274b47499ccff7adca3a3c560e [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2839229$\ntoskrnl.exe : 2,149,888 : 03/07/2013 12:32 AM : 8c39722f8c291f1bbcce80ee23065897 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2859537$\ntoskrnl.exe : 2,149,888 : 05/03/2013 12:30 AM : 0f1ece75329996ebdcf2774f9e46623d [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe : 2,193,536 : 07/04/2013 01:59 PM : a4a50a53ffbfec545cda85e98af2106b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe : 2,188,928 : 04/14/2008 00:57 AM : 0c89243c7c3ee199b96fcc16990e0679 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntoskrnl.exe : 2,193,536 : 07/04/2013 01:59 PM : a4a50a53ffbfec545cda85e98af2106b [Pos Repl]
* C:\WINDOWS\System32\oakley.dll : 278,528 : 10/13/2013 02:56 AM : 584c4da856450cb22ebbe7a68cc6250f [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB974392\SP3QFE\oakley.dll : 270,336 : 10/13/2009 09:38 PM : 7eadba6d371c60cca9e4db57c28c8045 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2862152$\oakley.dll : 270,336 : 10/13/2009 09:30 PM : c5ff8682eada5b3b27a865f1c3ef9270 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\oakley.dll : 270,336 : 04/14/2008 05:42 AM : 33ceb89b62589e8b12aee9e2d523dade [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\oakley.dll : 278,528 : 10/13/2013 02:56 AM : 584c4da856450cb22ebbe7a68cc6250f [Pos Repl]
* C:\WINDOWS\System32\ole32.dll : 1,289,728 : 08/06/2013 00:30 AM : 59b408e5b8489b0b36a0d783d150edcc [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll : 1,289,216 : 11/02/2011 03:05 AM : 7d9dde1ab4b00ddb173f5a16e9206517 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll : 1,289,216 : 07/16/2010 11:04 PM : 8d51fb47062f2a1a9efeccef338a4c46 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll : 1,288,192 : 07/16/2010 11:05 PM : 7a6a7900b5e322763430ba6fd9a31224 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2876217$\ole32.dll : 1,288,704 : 11/02/2011 03:07 AM : 6bad1bed9872e62049e487fb91ae2f3a [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ole32.dll : 1,287,168 : 04/14/2008 05:42 AM : ecce74bc6168375016450a86a164d976 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ole32.dll : 1,289,728 : 08/06/2013 00:30 AM : 59b408e5b8489b0b36a0d783d150edcc [Pos Repl]
* C:\WINDOWS\System32\rpcss.dll : 401,408 : 02/09/2009 11:10 PM : 6b27a5c03dfb94b4245739065431322c [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll : 401,408 : 02/09/2009 09:56 PM : 9222562d44021b988b9f9f62207fb6f2 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rpcss.dll : 399,360 : 04/14/2008 05:42 AM : 2589fe6015a316c0f5d5112b4da7b509 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rpcss.dll : 401,408 : 02/09/2009 11:10 PM : 6b27a5c03dfb94b4245739065431322c [Pos Repl]
* C:\WINDOWS\System32\schannel.dll : 152,576 : 06/04/2012 03:32 PM : 0f64207b49390c8063c36ae7cbf9c2db [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2541763\SP3QFE\schannel.dll : 151,552 : 04/30/2011 04:23 AM : 6fd5eec3703d7770c9029e774acc2294 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\schannel.dll : 152,064 : 11/17/2011 01:20 AM : d444009f7cd704c89f7f9e62396ed4f1 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2655992\SP3QFE\schannel.dll : 153,088 : 06/04/2012 03:31 PM : 26f1193092b9ac2586deb38dd1cbb25c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll : 147,456 : 06/25/2009 07:41 PM : e513ba8bc33fd00f35d69659b478b1df [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB980436\SP3QFE\schannel.dll : 149,504 : 06/30/2010 11:23 PM : e04b6497b6407d2f444e86b30680dc5a [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2585542$\schannel.dll : 151,552 : 04/30/2011 04:25 AM : abeedd547e939ad827b2e29dec754206 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2655992$\schannel.dll : 152,064 : 11/17/2011 01:21 AM : a645a78fcdabad67067324d7e6cd9f79 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\schannel.dll : 144,384 : 04/14/2008 05:42 AM : c61e8ecffdbf05ff71d079bbd35396b3 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\schannel.dll : 152,576 : 06/04/2012 03:32 PM : 0f64207b49390c8063c36ae7cbf9c2db [Pos Repl]
* C:\WINDOWS\System32\services.exe : 110,592 : 02/06/2009 10:11 PM : 65df52f5b8b6e9bbd183505225c37315 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe : 110,592 : 02/06/2009 10:06 PM : 020ceaaedc8eb655b6506b8c70d53bb6 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\services.exe : 108,544 : 04/14/2008 05:42 AM : 0e776ed5f7cc9f94299e70461b7b8185 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\services.exe : 110,592 : 02/06/2009 10:11 PM : 65df52f5b8b6e9bbd183505225c37315 [Pos Repl]
* C:\WINDOWS\System32\shsvcs.dll : 135,168 : 07/28/2009 10:17 AM : 99bc0b50f511924348be19c7c7313bbf [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll : 135,168 : 07/28/2009 09:13 AM : 888cd7b39c37e13a2419becfaaf0a28c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll : 135,168 : 04/14/2008 05:42 AM : 1926899bf9ffe2602b63074971700412 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\shsvcs.dll : 135,168 : 07/28/2009 10:17 AM : 99bc0b50f511924348be19c7c7313bbf [Pos Repl]
* C:\WINDOWS\System32\spoolsv.exe : 58,880 : 08/18/2010 00:17 AM : 60784f891563fb1b767f70117fc2428f [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe : 58,880 : 08/18/2010 00:19 AM : 258dd5d4283fd9f9a7166be9ae45ce73 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe : 57,856 : 04/14/2008 05:42 AM : d8e14a61acc1d4a6cd0d38aebac7fa3b [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\spoolsv.exe : 58,880 : 08/18/2010 00:17 AM : 60784f891563fb1b767f70117fc2428f [Pos Repl]
* C:\WINDOWS\System32\usp10.dll : 406,016 : 07/10/2013 09:37 PM : 1d845821f5adb076831de4c2818f858b [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB981322\SP3QFE\usp10.dll : 406,016 : 04/17/2010 02:29 AM : f8894bcc961d461674002b4bae7aecc1 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2850869$\usp10.dll : 406,016 : 04/17/2010 02:36 AM : 9e03dc5ab51cfd0190541ce2038d819d [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usp10.dll : 406,016 : 04/14/2008 05:42 AM : 7d7d8501f3cb45d0408cdefa08cdaeff [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usp10.dll : 406,016 : 07/10/2013 09:37 PM : 1d845821f5adb076831de4c2818f858b [Pos Repl]
* C:\WINDOWS\System32\wbem\wmiprvse.exe : 227,840 : 02/06/2009 09:10 PM : 798a9e6828997eef4517ada8a2259831 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe : 227,840 : 02/06/2009 09:15 PM : f520ab392d58c0a1070268032d809382 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe : 218,112 : 04/14/2008 05:42 AM : 0ffae66e6d5b1c87cbd22d1f3b6079fd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 227,840 : 02/06/2009 09:10 PM : 798a9e6828997eef4517ada8a2259831 [Pos Repl]
* C:\WINDOWS\System32\wdigest.dll : 54,272 : 06/25/2009 07:25 PM : 3aaf9b35939ff9e58ccd18d41655c2fc [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\wdigest.dll : 54,272 : 06/25/2009 07:41 PM : d9dcec3fa1b27689fc56e34c38d3f148 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wdigest.dll : 49,152 : 04/14/2008 05:42 AM : cefcc6a64983eb8119f3a07a0c1ede30 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wdigest.dll : 54,272 : 06/25/2009 07:25 PM : 3aaf9b35939ff9e58ccd18d41655c2fc [Pos Repl]
* C:\WINDOWS\System32\wininet.dll : 920,064 : 10/29/2013 06:57 PM : fbf173582874c30ec5faf8f8a67d873e [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll : 919,552 : 02/23/2011 10:27 AM : a9fa95f0d7f511959ac721e4843e5967 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll : 919,552 : 06/24/2011 05:33 AM : 509cf67ae762a38e23a5455a0053853c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll : 919,552 : 08/23/2011 10:47 AM : 19630aebbfaeb06984cab91848270aaf [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll : 919,552 : 11/05/2011 06:19 AM : 4e4716caf514717814d07113ad0425b6 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll : 919,552 : 12/18/2011 06:45 AM : 84a48e9818e8440ddbfd8eec37c8a937 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll : 919,552 : 03/01/2012 09:58 PM : 4ec67fab39f37626ad6d9895fc094abf [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll : 920,064 : 05/17/2012 02:06 AM : 553ad35768cd27959391dd5aa82cef6f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll : 920,064 : 07/03/2012 04:48 AM : efb2241de3aa6480521a16d0cb67b0ec [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll : 920,064 : 08/29/2012 02:13 AM : dcea3b3193b7181cf818ecc4eab30a66 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll : 920,064 : 11/01/2012 11:15 PM : acc92628cfff9bb6f8886329888014a8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll : 920,064 : 12/27/2012 07:15 AM : b8bef9519a1b124deaf94081f6c5a767 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll : 920,064 : 02/06/2013 07:04 AM : be30bef4c13065d09772f9895fcb9d22 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll : 920,064 : 03/02/2013 01:05 PM : 43eadba9f3cd2a5f01b189bd95fcde95 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll : 919,040 : 05/06/2010 09:36 PM : c1490f68b44af8b781f52f12f564625d [Pos Repl]
+-> C:\WINDOWS\ie8\wininet.dll : 666,112 : 04/14/2008 03:42 PM : 7a4f775abb2f1c97def3e73afa2faedd [Pos Repl]
+-> C:\WINDOWS\ie8updates\KB2898785-IE8\wininet.dll : 914,944 : 03/08/2009 04:34 AM : 6ce32f7778061ccc5814d5e0f282d369 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\wininet.dll : 666,112 : 04/14/2008 05:42 AM : 7a4f775abb2f1c97def3e73afa2faedd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wininet.dll : 920,064 : 10/29/2013 06:57 PM : fbf173582874c30ec5faf8f8a67d873e [Pos Repl]
* C:\WINDOWS\System32\drivers\afd.sys : 138,496 : 08/18/2011 00:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys : 138,496 : 02/17/2011 00:25 AM : 8d499b1276012eb907e7a9e0f4d8fda4 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138,496 : 10/17/2008 02:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138,496 : 08/18/2011 00:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2592799$\afd.sys : 138,496 : 02/17/2011 00:22 AM : 355556d9e580915118cd7ef736653a89 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\afd.sys : 138,112 : 04/14/2008 00:49 AM : 322d0e36693d6e24a2398bee62a268cd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/18/2011 00:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl]
* C:\WINDOWS\System32\drivers\bthport.sys : 272,128 : 06/13/2008 10:05 PM : 662bfd909447dd9cc15b1a1c366583b4 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 10:27 PM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 10:05 PM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\bthport.sys : 273,024 : 04/14/2008 00:16 AM : 10b85171b90c449f8da71c2640b797e9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 10:05 PM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
* C:\WINDOWS\System32\drivers\hidparse.sys : 25,088 : 07/03/2013 01:12 PM : c569ef030b11f896e123a30ac92678db [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862335$\hidparse.sys : 24,960 : 04/14/2008 10:15 AM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\hidparse.sys : 25,088 : 07/03/2013 01:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\hidparse.sys : 24,960 : 04/14/2008 00:15 AM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\hidparse.sys : 25,088 : 07/03/2013 01:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
* C:\WINDOWS\System32\drivers\http.sys : 265,728 : 10/21/2009 03:20 AM : f80a415ef82cd06ffaf0d971528ead38 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265,728 : 10/21/2009 02:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/21/2009 03:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\http.sys : 264,832 : 04/14/2008 00:23 AM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/21/2009 03:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
* C:\WINDOWS\System32\drivers\ksecdd.sys : 92,928 : 06/24/2009 10:18 PM : b467646c54cc746128904e1654c750c1 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92,928 : 06/24/2009 09:28 PM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ksecdd.sys : 92,288 : 04/14/2008 00:01 AM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 10:18 PM : b467646c54cc746128904e1654c750c1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mrxsmb.sys : 456,320 : 07/16/2011 00:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys : 457,472 : 02/18/2011 00:19 AM : fb7dfd15d760ad339837a470f0e780d3 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457,856 : 07/16/2011 00:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/16/2011 00:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys : 456,576 : 04/14/2008 00:47 AM : 68755f0ff16070178b54674fe5b847b0 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/16/2011 00:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
* C:\WINDOWS\System32\drivers\mup.sys : 105,472 : 04/22/2011 00:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105,472 : 04/22/2011 00:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mup.sys : 105,344 : 04/14/2008 00:47 AM : 2f625d11385b1a94360bfc70aaefdee1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/22/2011 00:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndistapi.sys : 10,496 : 07/09/2011 01:02 AM : 0109c4f3850dfbab279542515386ae22 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10,496 : 07/09/2011 00:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndistapi.sys : 10,112 : 04/14/2008 00:27 AM : 1ab3d00c991ab086e69db84b6c0ed78f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/09/2011 01:02 AM : 0109c4f3850dfbab279542515386ae22 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndproxy.sys : 40,960 : 11/28/2013 07:21 AM : 2f597bb467e05b1fe3830eabd821b8e0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys : 40,960 : 11/03/2010 04:55 PM : 816460bd4b4acd27937d1d0813e2e9e9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2914368$\ndproxy.sys : 40,960 : 11/03/2010 02:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ndproxy.sys : 40,576 : 04/14/2008 00:27 AM : 6215023940cfd3702b46abc304e1d45a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/28/2013 07:21 AM : 2f597bb467e05b1fe3830eabd821b8e0 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpwd.sys : 139,784 : 07/05/2012 01:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys : 139,656 : 06/25/2011 01:09 AM : 3348e61a78ba4f79c795aad6565d3b6f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys : 139,784 : 01/10/2012 03:19 AM : 2d293b720c206473a05950ce007db12a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2685939\SP3QFE\rdpwd.sys : 139,656 : 05/03/2012 00:45 AM : 997c59b9955f911ec460241dd9e01b04 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2723135\SP3QFE\rdpwd.sys : 139,784 : 07/05/2012 00:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2621440$\rdpwd.sys : 139,656 : 06/25/2011 01:10 AM : fc105dd312ed64eb66bff111e8ec6eac [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2723135$\rdpwd.sys : 139,656 : 05/03/2012 00:46 AM : 6589db6e5969f8eee594cf71171c5028 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys : 139,656 : 04/14/2008 05:43 AM : 6728e45b66f93c08f11de2e316fc70dd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,784 : 07/05/2012 01:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl]
* C:\WINDOWS\System32\drivers\rmcast.sys : 203,136 : 05/09/2008 01:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203,136 : 05/09/2008 00:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\rmcast.sys : 202,624 : 04/14/2008 00:25 AM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/09/2008 01:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]
* C:\WINDOWS\System32\drivers\srv.sys : 357,888 : 02/18/2011 00:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357,248 : 08/27/2010 00:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357,888 : 02/18/2011 00:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\srv.sys : 334,848 : 04/14/2008 00:45 AM : 5252605079810904e31c332e241cd59b [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/18/2011 00:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl]
* C:\WINDOWS\System32\drivers\tcpip6.sys : 226,880 : 02/11/2010 11:02 PM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 10:16 PM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226,880 : 02/11/2010 10:36 PM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip6.sys : 225,664 : 04/14/2008 00:30 AM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 11:02 PM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]
* C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 10:51 PM : 9aefa14bd6b182d61e3119fa5f436d3d [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 10:59 PM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/14/2008 00:50 AM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 10:51 PM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
* C:\WINDOWS\System32\drivers\usb8023.sys : 12,928 : 02/12/2013 11:32 AM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2807986\SP3QFE\usb8023.sys : 12,928 : 02/12/2013 11:43 AM : c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2807986$\usb8023.sys : 12,800 : 04/14/2008 10:26 AM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usb8023.sys : 12,800 : 04/14/2008 00:26 AM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,928 : 02/12/2013 11:32 AM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl]
* C:\WINDOWS\System32\drivers\usbccgp.sys : 32,384 : 08/09/2013 11:55 AM : 1b611611c28d2df25bc057d79c6f13fc [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbccgp.sys : 32,128 : 04/14/2008 01:15 AM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbccgp.sys : 32,384 : 08/09/2013 11:55 AM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbccgp.sys : 32,128 : 04/14/2008 00:15 AM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,384 : 08/09/2013 11:55 AM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\usbccgp.sys : 32,128 : 04/14/2008 10:15 AM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbd.sys : 5,376 : 08/09/2013 11:55 AM : 04fe5ef6ed4818ec4839ea5c611a6310 [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbd.sys : 4,736 : 04/01/2003 01:00 AM : 596eb39b50d6ebd9b734dc4ae0544693 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbd.sys : 5,376 : 08/09/2013 11:55 AM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbd.sys : 5,376 : 08/09/2013 11:55 AM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\usbd.sys : 5,376 : 08/09/2013 11:55 AM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbehci.sys : 30,336 : 03/18/2009 10:02 PM : 4bac8df07f1d8434fc640e677a62204e [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbehci.sys : 30,208 : 04/14/2008 01:15 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbehci.sys : 30,336 : 03/18/2009 10:02 PM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbehci.sys : 30,208 : 04/14/2008 00:15 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbehci.sys : 30,336 : 03/18/2009 10:02 PM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\usbehci.sys : 30,336 : 03/18/2009 10:02 PM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\usbehci.sys : 30,336 : 03/18/2009 10:02 PM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
* C:\WINDOWS\System32\drivers\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbport.sys : 143,872 : 04/14/2008 01:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\usbport.sys : 143,872 : 04/14/2008 00:15 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\ReinstallBackups\0034\DriverFiles\i386\usbport.sys : 144,128 : 08/09/2013 11:55 AM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 02/08/2014 05:21:56 PM
Execution time: 0 hours(s), 1 minute(s), and 40 seconds(s)
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
SecCenter::
{043803A3-4F86-4ef6-AFC5-F6E02A79969B}

File::
c:\windows\system32\drivers\thmhtvhy.sys
c:\windows\system32\drivers\avsxyhfe.sys

FCopy::
c:\windows\ServicePackFiles\i386\services.exe | c:\windows\system32\services.exe
c:\windows\ServicePackFiles\i386\services.exe | c:\windows\system32\dllcache\services.exe
C:\WINDOWS\system32\dllcache\wmiprvse.exe | C:\WINDOWS\System32\wbem\wmiprvse.exe

Folder::

Driver::
thmhtvhy
avsxyhfe

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 14-02-05.02 - Administrator 09/02/2014 9:39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2439 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\avsxyhfe.sys"
"c:\windows\system32\drivers\thmhtvhy.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\avsxyhfe.sys
c:\windows\system32\drivers\thmhtvhy.sys
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\services.exe --> c:\windows\system32\services.exe
c:\windows\ServicePackFiles\i386\services.exe --> c:\windows\system32\dllcache\services.exe
c:\windows\system32\dllcache\wmiprvse.exe --> c:\windows\System32\wbem\wmiprvse.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVSXYHFE
-------\Legacy_THMHTVHY
.
.
((((((((((((((((((((((((( Files Created from 2014-01-08 to 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 06:13 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89538151-9639-49AB-A19A-FD79E572E0DA}\mpengine.dll
2014-02-08 06:08 . 2014-02-08 06:08 5577096 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-02-06 06:40 . 2014-02-06 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-06 06:38 . 2014-02-06 06:38 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-06 01:32 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-04 00:32 . 2014-02-04 00:32 -------- d-----w- C:\6e13aa418c81916a85273cd99568cb
2014-02-02 03:35 . 2014-02-02 03:35 -------- d-----w- C:\19c71df5d9beff9b4b54
2014-01-31 00:15 . 2014-02-07 02:09 -------- d-----w- C:\FRST
2014-01-27 04:14 . 2014-01-27 04:15 -------- dc-h--w- c:\windows\ie8
2014-01-27 03:32 . 2014-01-27 03:32 -------- d-----w- c:\program files\Microsoft ATS
2014-01-27 02:21 . 2014-01-27 02:21 -------- d-----w- C:\d8e371acf69840d372
2014-01-24 10:12 . 2014-01-24 10:12 -------- d-----w- C:\1a443f8837eeb4b3b47499
2014-01-24 05:35 . 2011-07-28 08:06 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys
2014-01-24 05:35 . 2011-07-28 08:06 1763584 ----a-w- c:\windows\system32\athuw.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-08 06:08 . 2012-10-04 02:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-08 06:08 . 2012-10-04 02:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32 . 2011-05-18 04:47 231584 -c----w- c:\windows\system32\MpSigStub.exe
2013-12-03 00:07 . 2013-11-14 04:40 359016 ----a-w- c:\windows\vncutil.exe
2013-12-03 00:07 . 2011-05-16 04:31 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL
2013-12-03 00:07 . 2011-05-16 04:31 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2013-12-03 00:07 . 2011-05-16 04:31 9721960 ----a-w- c:\windows\RTLCPL.EXE
2013-12-03 00:07 . 2011-05-16 04:31 1523416 ----a-w- c:\windows\RtlUpd.exe
2013-12-03 00:07 . 2011-05-16 04:31 5589720 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-12-03 00:07 . 2013-11-14 04:40 86232 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2013-12-03 00:07 . 2013-11-14 04:40 129640 ----a-w- c:\windows\RtkAudioService.exe
2013-12-03 00:07 . 2011-05-16 04:31 20145368 ----a-w- c:\windows\RTHDCPL.EXE
2013-12-03 00:07 . 2013-11-14 04:40 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2013-12-03 00:07 . 2011-05-16 04:31 2180712 ----a-w- c:\windows\MicCal.exe
2013-12-03 00:06 . 2013-11-14 04:40 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2013-12-03 00:06 . 2011-05-16 04:31 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2013-12-03 00:06 . 2011-05-16 04:31 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2013-12-03 00:06 . 2011-05-16 04:31 64104 ----a-w- c:\windows\ALCMTR.EXE
2013-11-27 20:21 . 2008-04-13 23:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-14 04:41 . 2013-11-14 04:41 28272 ----a-w- c:\windows\system32\NicCo2.dll
2013-11-14 04:41 . 2007-04-12 01:47 309048 -c--a-w- c:\windows\system32\Prounstl.exe
2013-11-14 04:41 . 2007-01-29 04:36 83808 ----a-w- c:\windows\system32\NicInstE.dll
2013-11-14 04:41 . 2007-04-13 03:33 254336 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2013-11-14 04:41 . 2007-01-17 05:59 121440 ----a-w- c:\windows\system32\e1000msg.dll
2013-11-14 04:40 . 2011-05-16 04:31 1833576 ----a-w- c:\windows\SkyTel.exe
2013-11-14 04:40 . 2013-11-14 04:40 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2013-11-14 04:37 . 2013-11-14 04:37 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2013-11-14 04:37 . 2012-09-16 00:56 294912 ----a-w- c:\windows\system32\igldev32.dll
2013-11-14 04:37 . 2012-09-16 00:56 2342912 ----a-w- c:\windows\system32\iglicd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 57344 ----a-w- c:\windows\system32\igxprd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 3773952 ----a-w- c:\windows\system32\igxpdx32.dll
2013-11-14 04:37 . 2012-09-16 00:56 2685280 ----a-w- c:\windows\system32\igxpdv32.dll
2013-11-14 04:37 . 2012-09-16 00:56 185856 ----a-w- c:\windows\system32\igxpgd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 1730272 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2013-11-14 04:37 . 2012-09-16 00:56 288256 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-11-14 04:37 . 2012-09-16 00:56 279040 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-11-14 04:37 . 2012-09-16 00:56 304640 ----a-w- c:\windows\system32\igfxrita.lrc
2013-11-14 04:37 . 2012-09-16 00:56 303104 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-11-14 04:37 . 2012-09-16 00:56 299008 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-11-14 04:37 . 2012-09-16 00:56 294912 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-11-14 04:37 . 2012-09-16 00:56 291328 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-11-14 04:37 . 2012-09-16 00:56 289280 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-11-14 04:37 . 2012-09-16 00:56 287744 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-11-14 04:37 . 2012-09-16 00:56 279552 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-11-14 04:37 . 2012-09-16 00:56 277504 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-11-14 04:37 . 2012-09-16 00:56 262656 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-11-14 04:37 . 2012-09-16 00:56 249856 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-11-14 04:37 . 2012-09-16 00:56 206848 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-11-14 04:37 . 2012-09-16 00:56 205312 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-11-14 04:37 . 2012-09-16 00:56 141336 ----a-w- c:\windows\system32\igfxtray.exe
2013-11-14 04:37 . 2012-09-16 00:56 51712 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-11-14 04:37 . 2012-09-16 00:56 250392 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-11-14 04:37 . 2012-09-16 00:56 310784 ----a-w- c:\windows\system32\igfxrell.lrc
2013-11-14 04:37 . 2012-09-16 00:56 23552 ----a-w- c:\windows\system32\igfxexps.dll
2013-11-14 04:37 . 2012-09-16 00:56 172568 ----a-w- c:\windows\system32\igfxext.exe
2013-11-14 04:37 . 2012-09-16 00:56 303616 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-11-14 04:37 . 2012-09-16 00:56 303104 ----a-w- c:\windows\system32\igfxresp.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-11-14 04:37 . 2012-09-16 00:56 281088 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-11-14 04:37 . 2012-09-16 00:56 275968 ----a-w- c:\windows\system32\igfxrenu.lrc
2013-11-14 04:37 . 2012-09-16 00:56 652312 ----a-w- c:\windows\system32\igfxcfg.exe
2013-11-14 04:37 . 2012-09-16 00:56 5702656 ----a-w- c:\windows\system32\igfxress.dll
2013-11-14 04:37 . 2012-09-16 00:56 280576 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-11-14 04:37 . 2012-09-16 00:56 252416 ----a-w- c:\windows\system32\igfxrara.lrc
2013-11-14 04:37 . 2012-09-16 00:56 205824 ----a-w- c:\windows\system32\igfxdev.dll
2013-11-14 04:37 . 2012-09-16 00:56 179712 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-11-14 04:37 . 2012-09-16 00:56 178176 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-11-14 04:37 . 2012-09-16 00:56 142360 ----a-w- c:\windows\system32\igfxpers.exe
2013-11-14 04:37 . 2012-09-16 00:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2013-11-14 04:37 . 2012-09-16 00:56 199168 ----a-w- c:\windows\system32\igfxpph.dll
2013-11-14 04:37 . 2012-09-16 00:56 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
2013-11-14 04:37 . 2012-09-16 00:56 173592 ----a-w- c:\windows\system32\hkcmd.exe
2013-11-14 04:37 . 2012-09-16 00:56 93696 ----a-w- c:\windows\system32\hccutils.dll
2013-11-14 00:38 . 2013-11-14 00:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-11-13 19:27 . 2014-01-27 03:32 65184 ----a-w- c:\windows\apppatch\MATSShim.DLL
2013-11-13 02:59 . 2008-04-14 04:41 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-10 02:34 134400 --sha-r- c:\windows\system32\hal.dll
2013-07-04 03:03 2149888 --sha-r- c:\windows\system32\ntoskrnl.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[7] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2003-03-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-13 18:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
.
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\mshtml.dll
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll
[-] 2013-03-01 . AE3A26C04C794E5451ADF6872F7D48F4 . 6012928 . . [8.00.6001.23471] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll
[-] 2013-01-08 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll
[-] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
[-] 2012-11-12 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll
[-] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[-] 2012-07-02 . DF599AC52B62DE001E42D36F92B45E68 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll
[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
[-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll
[-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2898785-IE8\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
[7] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\wininet.dll
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\wininet.dll
[-] 2013-03-02 . 43EADBA9F3CD2A5F01B189BD95FCDE95 . 920064 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll
[-] 2013-02-05 . BE30BEF4C13065D09772F9895FCB9D22 . 920064 . . [8.00.6001.23469] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll
[-] 2012-12-26 . B8BEF9519A1B124DEAF94081F6C5A767 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll
[-] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[-] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2898785-IE8\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
[7] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\$NtUninstallKB2876217$\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\$NtUninstallKB2850869$\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-05-03 . 70F7DF7268C6AB388319A03375DAC4E5 . 2028544 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-03-07 . 9ED39805DF38061BB031D0F2B20DFB77 . 2028544 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 2C9091C3350E369BBB2464AABE2FD7CA . 2027520 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-05-03 . 0F1ECE75329996EBDCF2774F9E46623D . 2149888 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntoskrnl.exe
[-] 2013-03-07 . 8C39722F8C291F1BBCCE80EE23065897 . 2149888 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . DD5A89274B47499CCFF7ADCA3A3C560E . 2148864 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-12-03 20145368]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-04-30 421888]
"PhilipsRemote"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2002-10-24 69632]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-14 142360]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2012-04-03 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-14 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-14 173592]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-18 2629632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BlazeVideo\\BlazePhoto 2.0\\BlazePhoto.exe"=
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-09-06 51144]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-04 171680]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-12-03 1691480]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 APL531;OVT Scanner 16-bit;c:\windows\system32\Drivers\OVTX16.sys [2010-10-27 154112]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-24 245760]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
R3 cpuz134;cpuz134;c:\docume~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-02-06 52312]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-07-31 341504]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-02 13024]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S1 aswKbd;aswKbd; [x]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-08 3275136]
S2 UacFlt;Philips Composite Class Filter Driver;c:\windows\system32\DRIVERS\uacbflt.sys [2002-06-14 21276]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2011-05-16 36608]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:08]
.
2013-07-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-07-09 09:32]
.
2014-02-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} -
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&CUI=UN29370041163711109&UM=1&SearchSource=3&q={searchTerms}&sspv=TB_CER
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=2&q=
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: 2013-12-09 19:26; PrivDog@AdTrustMedia.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\PrivDog@AdTrustMedia.com
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: browser.search.defaultenginename - FindWide
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-09 09:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0cc053b4-5909-416f-84fe-7c3d6c9beac4}]
@Denied: (Full) (Everyone)
"Model"=dword:00000031
"Therad"=dword:00000017
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8c,e0,a1,d6,96,05,9e,fa,b7,ec,23,c2,3f,65,85,bd,0b,fb,7b,48,3c,
a9,00,60,ae,6f,74,62,4b,5b,78,d0,99,f0,ba,7c,e6,fc,ab,e9,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\WININET.dll
c:\windows\system32\IKEYRFK8.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
.
**************************************************************************
.
Completion time: 2014-02-09 09:51:17 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-08 22:51
ComboFix2.txt 2014-02-08 05:18
.
Pre-Run: 140,152,492,032 bytes free
Post-Run: 140,349,796,352 bytes free
.
- - End Of File - - B67230FC98C0EFE9C271142057730DF9
8F558EB6672622401DA993E1E865C861
 
Looks good.

How is computer doing?

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
It is working really well now thank you ever so much.
# AdwCleaner v3.018 - Report created 09/02/2014 at 11:15:08
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - VERITON-65D9F13
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\pccustubinstaller
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\SpeedyPC Software
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\FCTB
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Smartbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\CT3282495
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\torntv2@torntv.com.xpi
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\user.js
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055305526}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066306626}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044304426}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v22.0 (en-US)
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\prefs.js ]
Line Deleted : user_pref("CT3282495.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3282495.1000082.shrinkState", "shrinked");
Line Deleted : user_pref("CT3282495.1000082.state", "{\"state\":\"stopped\",\"text\":\"Virgin Ra...\",\"description\":\"Virgin Radio Classic Rock\",\"url\":\"hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=v[...]
Line Deleted : user_pref("CT3282495.1000234.TWC_TMP_city", "MASCOT");
Line Deleted : user_pref("CT3282495.1000234.TWC_TMP_country", "AU");
Line Deleted : user_pref("CT3282495.1000234.TWC_country", "AUSTRALIA");
Line Deleted : user_pref("CT3282495.1000234.TWC_locId", "ASXX0026");
Line Deleted : user_pref("CT3282495.1000234.TWC_location", "Coffs Harbour, Australia");
Line Deleted : user_pref("CT3282495.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT3282495.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT3282495.1000234.TWC_wind_dis", "");
Line Deleted : user_pref("CT3282495.1000234.weatherData", "{\"icon\":\"44.png\",\"temperature\":\"16°C\",\"temperatureClear\":\"16°C\",\"highTemperature\":\"16ÂÂÂ[...]
Line Deleted : user_pref("CT3282495.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282495.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282495.FF19Solved", "true");
Line Deleted : user_pref("CT3282495.FirstTime", "true");
Line Deleted : user_pref("CT3282495.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3282495.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=1&sspv=TB_CER&q=");
Line Deleted : user_pref("CT3282495.UserID", "UN29370041163711109");
Line Deleted : user_pref("CT3282495.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3282495.autoDisableScopes", 0);
Line Deleted : user_pref("CT3282495.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3282495.countryCode", "AU");
Line Deleted : user_pref("CT3282495.defaultSearch", "true");
Line Deleted : user_pref("CT3282495.enableAlerts", "true");
Line Deleted : user_pref("CT3282495.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3282495.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3282495.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3282495.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3282495.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3282495.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3282495.fixUrls", true);
Line Deleted : user_pref("CT3282495.fullUserID", "UN29370041163711109.IN.20130709193412");
Line Deleted : user_pref("CT3282495.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Line Deleted : user_pref("CT3282495.installDate", "09/07/2013 19:34:12");
Line Deleted : user_pref("CT3282495.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3282495.installSessionId", "-1");
Line Deleted : user_pref("CT3282495.installSp", "FALSE");
Line Deleted : user_pref("CT3282495.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3282495.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3282495.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282495.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3282495.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3282495.keyword", "true");
Line Deleted : user_pref("CT3282495.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3282495&octid=CT3282495&SearchSource=15&CUI=UN29370041163711109&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3282495.lastVersion", "10.16.4.519");
Line Deleted : user_pref("CT3282495.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3282495.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3282495.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://NCHENToolbar.OurToolbar.com/\",\"EB_TO[...]
Line Deleted : user_pref("CT3282495.openThankYouPage", "false");
Line Deleted : user_pref("CT3282495.openUninstallPage", "true");
Line Deleted : user_pref("CT3282495.originalHomepage", "about:home");
Line Deleted : user_pref("CT3282495.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3282495.originalSearchEngine", "");
Line Deleted : user_pref("CT3282495.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3282495.search.searchAppId", "130038710980568143");
Line Deleted : user_pref("CT3282495.search.searchCount", "1");
Line Deleted : user_pref("CT3282495.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3282495.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3282495.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3282495.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3282495.searchRevert", "false");
Line Deleted : user_pref("CT3282495.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3282495.searchUserMode", "2");
Line Deleted : user_pref("CT3282495.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3282495\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NCHENToolbar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH EN\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3282495.serviceLayer_services_Configuration_lastUpdate", "1390793339531");
Line Deleted : user_pref("CT3282495.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1390643171573");
Line Deleted : user_pref("CT3282495.serviceLayer_services_appsMetadata_lastUpdate", "1390643178156");
Line Deleted : user_pref("CT3282495.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1390643178157");
Line Deleted : user_pref("CT3282495.serviceLayer_services_login_10.16.4.23_lastUpdate", "1373854915599");
Line Deleted : user_pref("CT3282495.serviceLayer_services_login_10.16.4.519_lastUpdate", "1390816776236");
Line Deleted : user_pref("CT3282495.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1390643178157");
Line Deleted : user_pref("CT3282495.serviceLayer_services_searchAPI_lastUpdate", "1390793339343");
Line Deleted : user_pref("CT3282495.serviceLayer_services_serviceMap_lastUpdate", "1390793338916");
Line Deleted : user_pref("CT3282495.serviceLayer_services_setupAPI_lastUpdate", "1373362458443");
Line Deleted : user_pref("CT3282495.serviceLayer_services_toolbarContextMenu_lastUpdate", "1390643178156");
Line Deleted : user_pref("CT3282495.serviceLayer_services_toolbarSettings_lastUpdate", "1390816799967");
Line Deleted : user_pref("CT3282495.serviceLayer_services_translation_lastUpdate", "1390793339514");
Line Deleted : user_pref("CT3282495.settingsINI", true);
Line Deleted : user_pref("CT3282495.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3282495.showToolbarPermission", "false");
Line Deleted : user_pref("CT3282495.smartbar.CTID", "CT3282495");
Line Deleted : user_pref("CT3282495.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3282495.smartbar.homepage", "true");
Line Deleted : user_pref("CT3282495.smartbar.isHidden", true);
Line Deleted : user_pref("CT3282495.smartbar.toolbarName", "NCH EN ");
Line Deleted : user_pref("CT3282495.startPage", "true");
Line Deleted : user_pref("CT3282495.toolbarBornServerTime", "9-7-2013");
Line Deleted : user_pref("CT3282495.toolbarCurrentServerTime", "27-1-2014");
Line Deleted : user_pref("CT3282495.toolbarLoginClientTime", "Tue Jul 09 2013 19:34:21 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3282495.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3282495_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391828002942,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3282495");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "NCH_EN Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&CUI=UN29370041163711109&UM=1&SearchSource=3&q={searchTerms}&sspv=TB_CER");
Line Deleted : user_pref("extensions.crossrider.bic", "13cc2bc551476ea66dd892e877aecd54");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=45F0A43C-D14B-4FEC-8A36-A3A020DC09F8&n=77fd3201&p2=^HJ^xdm005^YYA^au&si=CM-Lidfoi7kCFQYepAodhWQAD[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013082113");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm005^YYA^au");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CM-Lidfoi7kCFQYepAodhWQADQ");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "45F0A43C-D14B-4FEC-8A36-A3A020DC09F8");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1377251774340");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.47.KeywordHistory", "internet%2520explorer%7Csoundtrack%2520the%2520intouchables%7Cmovie%2520the%2520untouchables%7CEbay%2520UK%7CSCIA%7CSICA%7Cbes[...]
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.ClearCacheDate", 8);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.DNSCatch", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.DisplayEULA", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.EBOMode", false);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.EnableDCAData_xx", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.EnableDCA_xx", false);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.FirstLaunchShown", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.InstallDomain", "qantas.com.au");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.InstallType", "one_click");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.LoadLayoutDate.101114", 8);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.StateReportDate", "1391828003807");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.Uninstall", false);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.beforeInstallSaved", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.beforeinstall.homepage", "hxxp%3A//search.conduit.com/%3Fctid%3DCT3282495%26CUI%3DUN29370041163711109%26UM%3D1%26SearchSource%3D13%26sspv%3DTB_CER"[...]
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.beforeinstall.search", "NCH_EN%20Customized%20Web%20Search");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.comp.search.47.engine_img", "aHR0cHM6Ly9zdGF0aWMucmV3YXJkc2FjY2VsZXJhdG9yLmNvbS9jbGllbnRzL1FhbnRhcy90b29sYmFycy9wcm9kdWN0aW9uLzEwMTExNC9pbWFnZXMvYm[...]
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.comp.search.47.engine_url", "aHR0cDovL3d3dy5iaW5nLmNvbS9zZWFyY2g/bWt0PWVuLUFVJm91cm1hcms9MSZGT1JNPVJLVE5UQiZQQz1SSzAxJnE9");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.comp.search.47.text", "Search%20with%20Bing");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.customNewTab", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.dcaDefaultMode", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.dcaShowSurvey", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.helpUsImprove", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.hideOthers", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.partnerauth", false);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.processAddrBar", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.remove_homepage", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.remove_search", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.restoreSearch", false);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.searchHistory", true);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.session", "EE4BA311B4B5DD13E61960BE3AA6CF405104E446F7F2279B9BA0BDAD591094E08AF0E36D2BDFE4BAEFC197FB1A716EB7C0B2D0661E6573C135B9B28D0A318B22C09F08C0[...]
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.tb_lang", "en");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.tool_id", "101114");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.user_id", "34088");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.user_key", "0b7b3e99be86dce2dbb0f48c3711fed28d75b180");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.user_layouts", "101114");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.user_lnames", "Qantas%20Frequent%20Flyer%20Toolbar");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.xml_service_url", "f30da9b63765a45aa5c487767bae69ff");
Line Deleted : user_pref("freecausea154b67f376c4644a5d2bad67c0e5f90.yahooSearch", true);
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3282495");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282495&CUI=UN29370041163711109&UM=1&SearchSource=13&sspv=TB_CER");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=1&sspv=TB_CER&q=,hxxp://search.conduit.com/Results[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282495");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3282495");
Line Deleted : user_pref("smartbar.machineId", "7ZYBCKKXHJYFQS5UFW3JDSIMPGR3ECAWXVCKJWSOU16W81ATXQSFNFX4TCZMCUMMYYGNHWHMNXNOZR1SEFOHBG");
-\\ Google Chrome v
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [22664 octets] - [09/02/2014 11:14:14]
AdwCleaner[S0].txt - [23090 octets] - [09/02/2014 11:15:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23151 octets] ##########
 
Struck a problem with JRT. have ran it twice now in both modes, and left it running for about half hour.
It stops at::::: Loading the tasks information......: Error: server execution failed.
Is there a waiting period when it gets to this stage or has it gone as far as it will go .
after half hour I thought it would continue on, but no ..
 
FF - prefs.js.. Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629BBAC6-C1C9-4A33-ACA7-3B9F201C4CE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A934B5B0-C722-4E0D-A3AF-7CFFF15C33FA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/16 14:36:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 11:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/09 11:14:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 11:13:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/09 11:13:37 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/02/09 09:33:14 | 005,180,173 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/02/08 16:01:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/08 14:32:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/08 14:32:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/08 14:32:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/08 14:32:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/06 21:50:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/02/06 17:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/02/06 17:38:13 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/04 11:32:14 | 000,000,000 | ---D | C] -- C:\6e13aa418c81916a85273cd99568cb
[2014/02/02 14:35:16 | 000,000,000 | ---D | C] -- C:\19c71df5d9beff9b4b54
[2014/01/31 11:15:10 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/27 15:14:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/01/27 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2014/01/27 13:21:12 | 000,000,000 | ---D | C] -- C:\d8e371acf69840d372
[2014/01/25 20:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/01/24 21:12:23 | 000,000,000 | ---D | C] -- C:\1a443f8837eeb4b3b47499
[2014/01/24 16:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
[2014/01/24 16:35:51 | 001,763,584 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athuw.sys
[2014/01/24 16:35:51 | 001,763,584 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athuw.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/09 17:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/09 17:04:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 17:02:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/09 13:23:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/02/09 11:13:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/09 11:13:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/02/09 11:13:04 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/02/09 09:46:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/09 09:33:23 | 005,180,173 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/02/08 20:07:44 | 000,526,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/08 20:07:44 | 000,106,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/08 16:01:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/02/06 17:38:14 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/06 17:21:28 | 003,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
[2014/02/06 15:33:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2014/02/06 15:29:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/06 14:08:05 | 000,011,212 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
[2014/02/06 11:51:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2014/02/03 19:31:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/30 16:36:17 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/01/25 20:36:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/25 20:36:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/01/19 20:34:58 | 000,006,686 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/09 11:13:02 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/02/08 20:08:45 | 000,104,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/08 16:01:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/02/08 16:01:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/08 14:32:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/08 14:32:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/08 14:32:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/08 14:32:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/08 14:32:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/02/06 17:21:28 | 003,796,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
[2014/02/06 14:08:00 | 000,011,212 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
[2014/01/25 20:36:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/25 20:36:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/01/25 20:36:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/24 16:35:51 | 000,045,321 | ---- | C] () -- C:\WINDOWS\System32\netathuw.inf
[2014/01/24 16:35:51 | 000,008,818 | ---- | C] () -- C:\WINDOWS\System32\netathuw.cat
[2014/01/19 20:34:55 | 000,006,686 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
[2013/11/14 15:40:24 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/11/12 16:25:27 | 000,005,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2013/09/17 18:45:06 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2013/09/17 18:45:06 | 000,000,704 | ---- | C] () -- C:\WINDOWS\InnoTipLanguage.ini
[2013/05/20 17:28:55 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/05/13 16:43:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2013/05/13 16:43:58 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2013/03/13 17:40:31 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/09/16 11:56:55 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2012/09/12 14:51:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/09/09 16:53:02 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/09/03 15:40:11 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/06/29 16:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/05/03 13:15:55 | 000,070,775 | ---- | C] () -- C:\WINDOWS\hpqins06.dat
[2012/03/29 12:56:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/26 14:12:31 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.bak
[2012/03/24 15:04:22 | 000,000,808 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/03/24 15:04:22 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/03/24 15:04:07 | 000,003,302 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/03/24 15:02:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/03/24 15:02:25 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/02/27 12:25:57 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2012/02/15 13:40:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 18:06:38 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/01/30 09:38:28 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEPr
[2012/01/30 09:38:27 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEP
[2012/01/30 09:38:20 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kmDigk7yUTQJEP
[2011/10/07 13:21:53 | 001,456,238 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1004336348-583907252-1801674531-500-0.dat
[2011/10/07 13:21:53 | 000,187,574 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/17 20:46:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 18:44:04 | 000,003,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xve8m6mh5pf51u
[2011/06/30 18:44:04 | 000,003,240 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\xve8m6mh5pf51u
[2011/05/22 20:46:59 | 000,010,846 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0nam8f36lrlhgglnaqqbls63x
[2011/05/22 20:46:59 | 000,010,846 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\0nam8f36lrlhgglnaqqbls63x
[2011/05/19 13:25:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/05/16 15:51:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\.rnd

========== ZeroAccess Check ==========

[2011/05/16 15:53:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 15:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 15:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/26 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\0F1F1C2Y1H1P1C0I0T
[2013/11/27 16:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis
[2014/02/07 13:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/10/07 20:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/05/19 15:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2013/11/27 11:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2012/06/30 18:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\blekkotb_019
[2012/03/11 04:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blitware
[2011/12/11 11:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2013/11/12 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Carambis
[2013/05/20 17:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.w3i.intune
[2012/09/01 20:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.webkinesis.PicasaUploaderDesktop
[2012/06/29 17:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ControlCenter4
[2012/11/17 11:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeviceDoctorSoftware
[2012/02/19 09:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2013/06/24 22:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DownLite
[2012/04/16 20:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverFinder
[2012/09/11 15:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\driveridentifier
[2012/01/15 18:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2012/06/08 21:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easeware
[2013/06/27 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eCyber
[2012/09/16 12:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2011/07/18 21:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\go
[2012/02/19 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2012/05/28 17:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2013/11/14 10:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2013/06/27 19:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iSafe
[2013/11/24 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LG Electronics
[2013/04/20 09:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LockAP
[2014/01/12 13:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MediaMonkey
[2013/05/21 14:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ML
[2012/08/28 16:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nico Mak Computing
[2012/07/13 16:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2012/03/06 18:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Suite
[2012/07/13 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NSeries
[2012/11/07 23:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2012/09/16 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeSuiteX
[2013/10/02 18:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice
[2011/05/18 14:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2013/10/19 13:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2011/12/13 13:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2013/11/27 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Utility Kit
[2012/03/27 16:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2012/10/03 12:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCPro
[2013/05/06 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\player
[2012/03/22 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2012/10/17 12:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/07/15 18:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/12/04 17:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zeon
[2013/12/09 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2012/07/08 21:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/20 17:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2011/12/11 11:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/05/22 23:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/29 16:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2012/12/10 14:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2011/05/20 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/09/25 18:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2012/09/12 16:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2011/09/26 17:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2011/07/18 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2012/02/21 11:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D55F2C212C2CDD689CF460D151FC4E
[2012/06/30 16:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
[2012/09/11 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper
[2013/04/06 22:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/07/13 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2013/11/14 10:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/11/24 15:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2013/04/20 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2012/06/30 18:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musiah
[2012/07/13 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/12/13 11:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/04/18 18:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/06/16 15:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/07/13 16:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/11/27 16:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/10/03 12:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2013/11/27 19:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2011/05/22 17:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pO01803HoCgL01803
[2013/10/08 10:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QualiLife
[2012/02/07 14:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/08/20 21:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2011/05/21 00:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2012/06/30 20:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/03/24 14:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014/01/26 14:13:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2012/09/13 20:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2014/01/24 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2012/07/15 18:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/09/14 21:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/09/13 20:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2012/03/24 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2012/10/26 14:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2011/05/19 15:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2012/12/10 14:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP
[2012/04/18 18:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Nuance

========== Purity Check ==========

< End of report >
 
Im having trouble with OTL, got more then 50000 characters, Im not sure that the reply has gone through to you.
If they have gone through then I think that they would be all stuffed up.
I have done something wrong, sorry.
 
The log is incomplete - top part is missing.
If it doesn't fit into one reply split it between couple of replies.
 
OTL logfile created on: 10/02/2014 11:28:44 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.56% Memory free
6.82 Gb Paging File | 6.43 Gb Available in Paging File | 94.25% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 130.92 Gb Free Space | 28.11% Space Free | Partition Type: NTFS

Computer Name: VERITON-65D9F13 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/10 11:28:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/04 10:47:43 | 000,065,536 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
PRC - [2011/11/02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/09/20 20:53:16 | 001,493,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
PRC - [2011/04/20 18:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 18:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/04/14 15:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/10/24 15:03:26 | 000,069,632 | ---- | M] () -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
PRC - [2002/10/02 04:47:00 | 000,114,688 | ---- | M] () -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe


========== Modules (No Company Name) ==========

MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/14 15:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 15:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002/10/24 15:03:26 | 000,069,632 | ---- | M] () -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
MOD - [2002/10/02 04:47:02 | 000,024,576 | ---- | M] () -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Directorps.dll
MOD - [2002/10/02 04:47:00 | 000,114,688 | ---- | M] () -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2014/02/08 17:08:09 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/19 01:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zghsdiag.sys -- (zghsdiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (taphss)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTLWUSB)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\androidusb.sys -- (androidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetndis.sys -- (andnetndis)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetmodem.sys -- (ANDNetModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2014/02/06 17:38:14 | 000,052,312 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/12/03 11:07:16 | 005,589,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/12/03 11:07:02 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2013/12/03 11:06:56 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2012/10/02 12:40:23 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/09/06 12:43:20 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/03/07 12:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/07/28 19:06:06 | 001,763,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2011/07/13 13:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 13:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/16 15:35:12 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2010/10/28 01:49:10 | 000,154,112 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVTX16.sys -- (APL531)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/31 15:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/05/11 20:00:14 | 000,045,056 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2002/06/14 16:40:22 | 000,021,276 | ---- | M] (Micronas GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\uacbflt.sys -- (UacFlt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\..\SearchScopes,DefaultScope = {D7CBCAA0-D279-4927-9FB0-756AB5C87445}
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\..\SearchScopes\{D7CBCAA0-D279-4927-9FB0-756AB5C87445}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "FindWide"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mixidj.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.13.0.13771
FF - prefs.js..extensions.enabledAddons: %7Ba154b67f-376c-4644-a5d2-bad67c0e5f90%7D:1.301.4
FF - prefs.js..extensions.enabledAddons: %7B37483b40-c254-4a72-bda4-22ee90182c1e%7D:10.16.4.519
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.enabled: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/21 14:35:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/28 15:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/01/28 15:17:18 | 000,000,000 | ---D | M] (Special Savings) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com
[2012/01/09 18:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions
[2012/01/07 21:25:12 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/01/09 18:30:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2014/02/09 11:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions
[2013/05/06 20:36:18 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com
[2014/01/25 20:56:42 | 000,000,000 | ---D | M] ("PrivDog") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\PrivDog@AdTrustMedia.com
[2012/11/17 20:42:30 | 000,213,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\torntv@torntv.com.xpi
[2014/01/25 20:56:44 | 000,007,641 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
[2014/01/25 21:18:53 | 000,204,807 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\{a154b67f-376c-4644-a5d2-bad67c0e5f90}.xpi
[2013/06/24 22:20:13 | 000,001,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\privitize.xml
[2013/11/28 14:09:23 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\yahoo_ff.xml
[2013/08/21 14:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/28 14:06:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/21 14:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
[2014/01/25 20:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/28 14:06:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/01/25 20:36:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/21 14:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated(2)\extensions(2)
[2013/08/21 14:35:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated(2)\extensions(2)\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}(2)
[2013/08/21 14:35:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated(2)\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QR4QEJPF.DEFAULT\EXTENSIONS\{37483B40-C254-4A72-BDA4-22EE90182C1E}
[2011/05/20 15:34:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://au.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=402027&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://au.yahoo.com?fr=fpc-comodo
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: PrivDog = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.8.0.15_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Domain Error Assistant = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/21 14:35:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/28 15:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/01/28 15:17:18 | 000,000,000 | ---D | M] (Special Savings) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com
[2012/01/09 18:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions
[2012/01/07 21:25:12 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/01/09 18:30:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2014/02/09 11:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions
[2013/05/06 20:36:18 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com
[2014/01/25 20:56:42 | 000,000,000 | ---D | M] ("PrivDog") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\PrivDog@AdTrustMedia.com
[2012/11/17 20:42:30 | 000,213,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\torntv@torntv.com.xpi
[2014/01/25 20:56:44 | 000,007,641 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
[2014/01/25 21:18:53 | 000,204,807 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\{a154b67f-376c-4644-a5d2-bad67c0e5f90}.xpi
[2013/06/24 22:20:13 | 000,001,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\privitize.xml
[2013/11/28 14:09:23 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\yahoo_ff.xml
[2013/08/21 14:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/28 14:06:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/21 14:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
[2014/01/25 20:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/28 14:06:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/01/25 20:36:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/21 14:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated(2)\extensions(2)
[2013/08/21 14:35:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated(2)\extensions(2)\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}(2)
[2013/08/21 14:35:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated(2)\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QR4QEJPF.DEFAULT\EXTENSIONS\{37483B40-C254-4A72-BDA4-22EE90182C1E}
[2011/05/20 15:34:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://au.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=402027&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://au.yahoo.com?fr=fpc-comodo
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: PrivDog = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.8.0.15_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Domain Error Assistant = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/09 09:46:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-1004336348-583907252-1801674531-500..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-583907252-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-583907252-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1384231888281 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1346294734281 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629BBAC6-C1C9-4A33-ACA7-3B9F201C4CE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A934B5B0-C722-4E0D-A3AF-7CFFF15C33FA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/16 14:36:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 17:32:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/09 11:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/09 11:14:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 11:13:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/09 11:13:37 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/02/09 09:33:14 | 005,180,173 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/02/08 16:01:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/08 14:32:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/08 14:32:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/08 14:32:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/08 14:32:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/06 21:50:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/02/06 17:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/02/06 17:38:13 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/04 11:32:14 | 000,000,000 | ---D | C] -- C:\6e13aa418c81916a85273cd99568cb
[2014/02/02 14:35:16 | 000,000,000 | ---D | C] -- C:\19c71df5d9beff9b4b54
[2014/01/31 11:15:10 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/27 15:14:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/01/27 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2014/01/27 13:21:12 | 000,000,000 | ---D | C] -- C:\d8e371acf69840d372
[2014/01/25 20:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/01/24 21:12:23 | 000,000,000 | ---D | C] -- C:\1a443f8837eeb4b3b47499
[2014/01/24 16:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
[2014/01/24 16:35:51 | 001,763,584 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athuw.sys
[2014/01/24 16:35:51 | 001,763,584 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athuw.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/10 11:33:47 | 000,526,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/10 11:33:47 | 000,106,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/10 11:33:19 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/02/10 11:28:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/10 11:25:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/10 11:23:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/09 17:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/09 11:13:38 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/02/09 11:13:04 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/02/09 09:46:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/09 09:33:23 | 005,180,173 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/02/08 16:01:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/02/06 17:38:14 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/06 17:21:28 | 003,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
[2014/02/06 15:33:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2014/02/06 15:29:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/06 14:08:05 | 000,011,212 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
[2014/02/06 11:51:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2014/02/03 19:31:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/30 16:36:17 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/01/25 20:36:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/25 20:36:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/01/19 20:34:58 | 000,006,686 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/09 11:13:02 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/02/08 20:08:45 | 000,104,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/08 16:01:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/02/08 16:01:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/08 14:32:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/08 14:32:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/08 14:32:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/08 14:32:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/08 14:32:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/02/06 17:21:28 | 003,796,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
[2014/02/06 14:08:00 | 000,011,212 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
[2014/01/25 20:36:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/25 20:36:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/01/25 20:36:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/24 16:35:51 | 000,045,321 | ---- | C] () -- C:\WINDOWS\System32\netathuw.inf
[2014/01/24 16:35:51 | 000,008,818 | ---- | C] () -- C:\WINDOWS\System32\netathuw.cat
[2014/01/19 20:34:55 | 000,006,686 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
[2013/11/14 15:40:24 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/11/12 16:25:27 | 000,005,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2013/09/17 18:45:06 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2013/09/17 18:45:06 | 000,000,704 | ---- | C] () -- C:\WINDOWS\InnoTipLanguage.ini
[2013/05/20 17:28:55 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/05/13 16:43:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2013/05/13 16:43:58 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2013/03/13 17:40:31 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/09/16 11:56:55 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2012/09/12 14:51:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/09/09 16:53:02 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/09/03 15:40:11 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/06/29 16:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/05/03 13:15:55 | 000,070,775 | ---- | C] () -- C:\WINDOWS\hpqins06.dat
[2012/03/29 12:56:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/26 14:12:31 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.bak
[2012/03/24 15:04:22 | 000,000,808 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/03/24 15:04:22 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/03/24 15:04:07 | 000,003,302 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/03/24 15:02:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/03/24 15:02:25 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/02/27 12:25:57 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2012/02/15 13:40:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 18:06:38 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/01/30 09:38:28 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEPr
[2012/01/30 09:38:27 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEP
[2012/01/30 09:38:20 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kmDigk7yUTQJEP
[2011/10/07 13:21:53 | 001,456,238 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1004336348-583907252-1801674531-500-0.dat
[2011/10/07 13:21:53 | 000,187,574 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/17 20:46:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 18:44:04 | 000,003,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xve8m6mh5pf51u
[2011/06/30 18:44:04 | 000,003,240 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\xve8m6mh5pf51u
[2011/05/22 20:46:59 | 000,010,846 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0nam8f36lrlhgglnaqqbls63x
[2011/05/22 20:46:59 | 000,010,846 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\0nam8f36lrlhgglnaqqbls63x
[2011/05/19 13:25:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/05/16 15:51:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\.rnd

========== ZeroAccess Check ==========

[2011/05/16 15:53:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 15:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 15:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/26 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\0F1F1C2Y1H1P1C0I0T
[2013/11/27 16:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis
[2014/02/07 13:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/10/07 20:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/05/19 15:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2013/11/27 11:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2012/06/30 18:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\blekkotb_019
[2012/03/11 04:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blitware
[2011/12/11 11:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2013/11/12 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Carambis
[2013/05/20 17:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.w3i.intune
[2012/09/01 20:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.webkinesis.PicasaUploaderDesktop
[2012/06/29 17:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ControlCenter4
[2012/11/17 11:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeviceDoctorSoftware
[2012/02/19 09:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2013/06/24 22:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DownLite
[2012/04/16 20:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverFinder
[2012/09/11 15:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\driveridentifier
[2012/01/15 18:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2012/06/08 21:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easeware
[2013/06/27 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eCyber
[2012/09/16 12:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2011/07/18 21:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\go
[2012/02/19 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2012/05/28 17:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2013/11/14 10:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2013/06/27 19:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iSafe
[2013/11/24 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LG Electronics
[2013/04/20 09:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LockAP
[2014/01/12 13:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MediaMonkey
[2013/05/21 14:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ML
[2012/08/28 16:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nico Mak Computing
[2012/07/13 16:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2012/03/06 18:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Suite
[2012/07/13 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NSeries
[2012/11/07 23:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2012/09/16 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeSuiteX
[2013/10/02 18:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice
[2011/05/18 14:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2013/10/19 13:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2011/12/13 13:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2013/11/27 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Utility Kit
[2012/03/27 16:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2012/10/03 12:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCPro
[2013/05/06 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\player
[2012/03/22 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2012/10/17 12:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/07/15 18:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/12/04 17:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zeon
[2013/12/09 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2012/07/08 21:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/20 17:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2011/12/11 11:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/05/22 23:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/29 16:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2012/12/10 14:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2011/05/20 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/09/25 18:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2012/09/12 16:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2011/09/26 17:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2011/07/18 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2012/02/21 11:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D55F2C212C2CDD689CF460D151FC4E
[2012/06/30 16:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
[2012/09/11 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper
[2013/04/06 22:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/07/13 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2013/11/14 10:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/11/24 15:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2013/04/20 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2012/06/30 18:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musiah
[2012/07/13 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/12/13 11:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/04/18 18:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/06/16 15:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/07/13 16:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/11/27 16:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/10/03 12:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2013/11/27 19:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2011/05/22 17:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pO01803HoCgL01803
[2013/10/08 10:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QualiLife
[2012/02/07 14:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/08/20 21:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2011/05/21 00:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2012/06/30 20:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/03/24 14:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014/01/26 14:13:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2012/09/13 20:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2014/01/24 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2012/07/15 18:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/09/14 21:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/09/13 20:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2012/03/24 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2012/10/26 14:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2011/05/19 15:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2012/12/10 14:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP
[2012/04/18 18:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Nuance

========== Purity Check ==========
 
You did fine.

redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zghsdiag.sys -- (zghsdiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (taphss)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTLWUSB)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\androidusb.sys -- (androidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetndis.sys -- (andnetndis)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetmodem.sys -- (ANDNetModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandnetadb.sys -- (andnetadb)
FF - prefs.js..browser.search.defaultenginename: "FindWide"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mixidj.com:1.5.0
[2013/05/06 20:36:18 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com
[2013/01/28 15:17:18 | 000,000,000 | ---D | M] (Special Savings) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - Reg Error: Key error. File not found
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/30 09:38:28 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEPr
[2012/01/30 09:38:27 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEP
[2012/01/30 09:38:20 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kmDigk7yUTQJEP
[2011/06/30 18:44:04 | 000,003,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xve8m6mh5pf51u
[2011/06/30 18:44:04 | 000,003,240 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\xve8m6mh5pf51u
[2011/05/22 20:46:59 | 000,010,846 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0nam8f36lrlhgglnaqqbls63x
[2011/05/22 20:46:59 | 000,010,846 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\0nam8f36lrlhgglnaqqbls63x
[2011/10/07 20:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/05/19 15:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2012/07/08 21:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/20 17:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2011/05/19 15:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service MaxBackServiceInt stopped successfully!
Service MaxBackServiceInt deleted successfully!
File C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe not found.
Service zghsdiag stopped successfully!
Service zghsdiag deleted successfully!
File system32\DRIVERS\zghsdiag.sys not found.
Service taphss stopped successfully!
Service taphss deleted successfully!
Service RTLWUSB stopped successfully!
Service RTLWUSB deleted successfully!
File system32\DRIVERS\wg111v2.sys not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service massfilter_hs stopped successfully!
Service massfilter_hs deleted successfully!
File system32\drivers\massfilter_hs.sys not found.
Service cpuz134 stopped successfully!
Service cpuz134 deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service androidusb stopped successfully!
Service androidusb deleted successfully!
File System32\Drivers\androidusb.sys not found.
Service andnetndis stopped successfully!
Service andnetndis deleted successfully!
File system32\DRIVERS\lgandnetndis.sys not found.
Service ANDNetModem stopped successfully!
Service ANDNetModem deleted successfully!
File system32\DRIVERS\lgandnetmodem.sys not found.
Service AndNetDiag stopped successfully!
Service AndNetDiag deleted successfully!
File system32\DRIVERS\lgandnetdiag.sys not found.
Service andnetadb stopped successfully!
Service andnetadb deleted successfully!
File System32\Drivers\lgandnetadb.sys not found.
Prefs.js: "FindWide" removed from browser.search.defaultenginename
Prefs.js: ffxtlbr%40mixidj.com:1.5.0 removed from extensions.enabledAddons
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com\META-INF folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com\content\imgs folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com\content folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\ffxtlbr@mixidj.com folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com\content folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2F5C139F-79BD-4C84-A95A-E7140525BC55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F5C139F-79BD-4C84-A95A-E7140525BC55}\ not found.
Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
C:\WINDOWS\Downloaded Program Files\Setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEPr moved successfully.
C:\Documents and Settings\All Users\Application Data\~kmDigk7yUTQJEP moved successfully.
C:\Documents and Settings\All Users\Application Data\kmDigk7yUTQJEP moved successfully.
C:\Documents and Settings\All Users\Application Data\xve8m6mh5pf51u moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\xve8m6mh5pf51u moved successfully.
C:\Documents and Settings\All Users\Application Data\0nam8f36lrlhgglnaqqbls63x moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\0nam8f36lrlhgglnaqqbls63x moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG\Rescue folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG\PC Tuneup 2011 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7\QUEUE\TEMP folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7\QUEUE\OUT folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7\QUEUE\IN\10110 folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7\QUEUE\IN folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7\QUEUE\ACTIVE folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7\QUEUE folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7\Log folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG7 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG7 folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\AVG7 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine\Spigot07-02-2014_13-08-23\GC folder moved successfully.
C:\FRST\Quarantine\Spigot07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\Registry Cleaner07-02-2014_13-08-23\User Reports folder moved successfully.
C:\FRST\Quarantine\Registry Cleaner07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\pfndaklgolladniicklehhancnlgocpp07-02-2014_13-08-23\1.0_0 folder moved successfully.
C:\FRST\Quarantine\pfndaklgolladniicklehhancnlgocpp07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\PC Cleaners07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\Norman Malware Cleaner07-02-2014_13-08-23\Quarantine folder moved successfully.
C:\FRST\Quarantine\Norman Malware Cleaner07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\mhkaekfpcppmmioggniknbnbdbcigpkk07-02-2014_13-08-24\2.4_0\scripts folder moved successfully.
C:\FRST\Quarantine\mhkaekfpcppmmioggniknbnbdbcigpkk07-02-2014_13-08-24\2.4_0\icons folder moved successfully.
C:\FRST\Quarantine\mhkaekfpcppmmioggniknbnbdbcigpkk07-02-2014_13-08-24\2.4_0 folder moved successfully.
C:\FRST\Quarantine\mhkaekfpcppmmioggniknbnbdbcigpkk07-02-2014_13-08-24 folder moved successfully.
C:\FRST\Quarantine\hbcennhacfaagdopikcegfcobcadeocj07-02-2014_13-08-23\1.1_0 folder moved successfully.
C:\FRST\Quarantine\hbcennhacfaagdopikcegfcobcadeocj07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\FixCleaner07-02-2014_13-08-23\Logs folder moved successfully.
C:\FRST\Quarantine\FixCleaner07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\Eusing Free Registry Cleaner-25092011-20480507-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine\Auslogics Registry Cleaner07-02-2014_13-08-23 folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3005814 bytes
->Temporary Internet Files folder emptied: 21701233 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 416513441 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 15433936 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 9560 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125899 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 124523270 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 11418300 bytes
RecycleBin emptied: 352444 bytes

Total Files Cleaned = 566.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02102014_132722
Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H3O3W4IO\ads[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H3O3W4IO\page[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BR68HOTX\xd_arbiter[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6GXOB1A1\comScore[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6GXOB1A1\follow_button[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6GXOB1A1\like[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6GXOB1A1\postmessageRelay[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2MOY2QAN\page-3[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2MOY2QAN\xd_arbiter[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Farbar Service Scanner Version: 02-02-2014
Ran by Administrator (administrator) on 11-02-2014 at 07:40:46
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(15) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x1A0000000500000001000000020000000300000004000000130000000B00000008000000090000000A00000006000000070000000C0000000D0000000E0000000F0000001000000011000000120000001400000015000000160000001700000018000000190000001A000000
IpSec Tag value is correct.
**** End of log ****
 
C:\Documents and Settings\Administrator\Local Settings\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\LyricsTube\FF\chrome\content\main.js.vir Win32/Adware.AddLyrics.F application cleaned by deleting - quarantined
C:\Recuva\setup_1.exe multiple threats cleaned by deleting - quarantined
C:\Recuva\setup_2.exe multiple threats cleaned by deleting - quarantined
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

redtarget.gif
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

======================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Back