Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2014
Ran by Administrator (administrator) on VERITON-65D9F13 on 07-02-2014 11:08:45
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\WINDOWS\system32\tlntsvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Nero AG) C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
(A4Tech Co.,Ltd.) C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20145368 2013-12-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [PhilipsRemote] - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe [69632 2002-10-24] ()
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [iKeyWorks] - C:\Program Files\A4Tech\Keyboard\Ikeymain.exe [65536 2012-04-04] (A4Tech Co.,Ltd.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-1004336348-583907252-1801674531-500\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1004336348-583907252-1801674531-500\...\Run: [ISUSPM] - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com.au/
SearchScopes: HKCU - DefaultScope {D7CBCAA0-D279-4927-9FB0-756AB5C87445} URL =
https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {D7CBCAA0-D279-4927-9FB0-756AB5C87445} URL =
https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {29B27261-6B27-4127-A673-482962FE82EB} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4}
http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1384231888281
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: FindWide
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\nchen-customized-web-search.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\privitize.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\searchplugins\yahoo_ff.xml
FF Extension: MixiDJ Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\
ffxtlbr@mixidj.com [2013-05-05]
FF Extension: PrivDog - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\
PrivDog@AdTrustMedia.com [2014-01-25]
FF Extension: NCH EN - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2013-07-22]
FF Extension: Torntv 2 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\
torntv2@torntv.com.xpi [2013-06-25]
FF Extension: Torntv - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\
torntv@torntv.com.xpi [2012-11-17]
FF Extension: Start Page - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-01-25]
FF Extension: Qantas Frequent Flyer Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\Extensions\{a154b67f-376c-4644-a5d2-bad67c0e5f90}.xpi [2013-07-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2013-08-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://au.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://au.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL:
http://au.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=402027&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (PrivDog) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2013-12-09]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-11-25]
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-11-25]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-29]
CHR Extension: (Slick Savings) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-11-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-11-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2013-11-25]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
========================== Services (Whitelisted) =================
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 MaxBackServiceInt; "C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-03-27] (Cisco Systems, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2013-12-03] (Creative)
S3 APL531; C:\WINDOWS\System32\Drivers\OVTX16.sys [154112 2010-10-28] (Omnivision Technologies, Inc.)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.)
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15704 2013-09-24] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [587864 2013-11-14] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [30552 2013-09-24] (COMODO)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 EAPPkt; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2007-10-09] (Realtek)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36608 2011-05-16] (Infineon Technologies AG)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [96216 2013-09-24] (COMODO)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [52312 2014-02-06] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107224 2014-02-06] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2013-12-03] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RTL8187B; C:\WINDOWS\System32\DRIVERS\wg111v3.sys [341504 2009-07-31] (Realtek Semiconductor Corporation )
S0 Soluto; C:\WINDOWS\System32\DRIVERS\Soluto.sys [51144 2012-09-06] (Soluto LTD.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2012-10-02] ()
R2 UacFlt; C:\WINDOWS\System32\DRIVERS\uacbflt.sys [21276 2002-06-14] (Micronas GmbH)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 androidusb; System32\Drivers\androidusb.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S1 MpKsl22239b4c; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46C3CDF-B3DB-478C-9FF7-9CAA426474EC}\MpKsl22239b4c.sys [X]
S3 RTLWUSB; system32\DRIVERS\wg111v2.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 taphss; No ImagePath
U1 WS2IFSL;
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-07 11:08 - 2014-02-07 11:09 - 00020544 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-07 11:05 - 2014-02-07 11:05 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-06 17:40 - 2014-02-06 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-06 17:40 - 2014-02-06 21:52 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-06 17:38 - 2014-02-06 17:38 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-06 17:37 - 2014-02-06 21:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar
2014-02-06 17:34 - 2014-02-06 17:34 - 00001317 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport[0]_D_02062014_173455.txt
2014-02-06 17:27 - 2014-02-06 17:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
2014-02-06 17:25 - 2014-02-06 17:21 - 03796480 _____ () C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
2014-02-06 17:23 - 2014-02-06 17:24 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-02-06 17:21 - 2014-02-06 17:21 - 03796480 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
2014-02-06 14:08 - 2014-02-06 14:08 - 00011212 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
2014-02-06 12:20 - 2014-02-07 04:12 - 00104656 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-04 11:32 - 2014-02-04 11:32 - 00000000 ____D () C:\6e13aa418c81916a85273cd99568cb
2014-02-02 14:35 - 2014-02-02 14:35 - 00000000 ____D () C:\19c71df5d9beff9b4b54
2014-01-31 11:15 - 2014-02-07 11:08 - 00000000 ____D () C:\FRST
2014-01-30 16:57 - 2014-01-30 16:57 - 00027934 _____ () C:\Documents and Settings\Administrator\My Documents\attach.txt
2014-01-30 16:57 - 2014-01-30 16:57 - 00015969 _____ () C:\Documents and Settings\Administrator\My Documents\dds.txt
2014-01-29 15:17 - 2014-01-29 15:17 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\thmhtvhy.sys
2014-01-29 15:13 - 2014-01-29 15:13 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\avsxyhfe.sys
2014-01-28 20:52 - 2014-02-07 11:07 - 00000237 _____ () C:\WINDOWS\wiadebug.log
2014-01-28 20:52 - 2014-02-07 11:07 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-01-28 20:52 - 2014-01-28 20:52 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-01-28 20:51 - 2014-02-07 04:12 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-01-28 20:46 - 2014-02-07 11:09 - 01315514 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-27 15:14 - 2014-01-27 15:15 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-27 14:32 - 2014-01-27 14:32 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-01-27 13:21 - 2014-01-27 13:21 - 00000000 ____D () C:\d8e371acf69840d372
2014-01-25 20:36 - 2014-01-25 20:36 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-01-24 21:12 - 2014-01-24 21:12 - 00000000 ____D () C:\1a443f8837eeb4b3b47499
2014-01-24 19:06 - 2014-01-24 19:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-24 16:36 - 2014-01-24 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
2014-01-24 16:35 - 2011-08-01 22:15 - 00008818 _____ () C:\WINDOWS\system32\netathuw.cat
2014-01-24 16:35 - 2011-07-28 19:06 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuw.sys
2014-01-24 16:35 - 2011-07-28 19:06 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\athuw.sys
2014-01-19 20:34 - 2014-01-19 20:34 - 00006686 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
==================== One Month Modified Files and Folders =======
2014-02-07 11:09 - 2014-02-07 11:08 - 00020544 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-07 11:09 - 2014-01-28 20:46 - 01315514 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-07 11:08 - 2014-01-31 11:15 - 00000000 ____D () C:\FRST
2014-02-07 11:08 - 2012-10-04 13:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 11:07 - 2014-01-28 20:52 - 00000237 _____ () C:\WINDOWS\wiadebug.log
2014-02-07 11:07 - 2014-01-28 20:52 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-02-07 11:07 - 2013-11-19 13:03 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-07 11:07 - 2013-05-05 23:36 - 00000290 _____ () C:\WINDOWS\Tasks\Express FilesUpdate.job
2014-02-07 11:07 - 2011-07-21 21:44 - 00000328 ___SH () C:\WINDOWS\Tasks\MNYCCYR.job
2014-02-07 11:07 - 2011-05-16 14:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-07 11:07 - 2003-04-01 01:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-07 11:05 - 2014-02-07 11:05 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-07 11:05 - 2011-05-16 14:40 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-07 04:12 - 2014-02-06 12:20 - 00104656 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-07 04:12 - 2014-01-28 20:51 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-06 21:53 - 2014-02-06 17:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-06 21:52 - 2014-02-06 17:40 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-06 21:52 - 2014-02-06 17:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar
2014-02-06 21:50 - 2011-05-16 14:40 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-06 19:42 - 2013-12-09 19:42 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-02-06 17:38 - 2014-02-06 17:38 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-06 17:35 - 2014-02-06 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
2014-02-06 17:34 - 2014-02-06 17:34 - 00001317 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport[0]_D_02062014_173455.txt
2014-02-06 17:24 - 2014-02-06 17:23 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-02-06 17:21 - 2014-02-06 17:25 - 03796480 _____ () C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
2014-02-06 17:21 - 2014-02-06 17:21 - 03796480 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe
2014-02-06 15:33 - 2011-05-17 00:27 - 00000211 ___SH () C:\boot.ini
2014-02-06 15:33 - 2003-04-01 01:00 - 00000685 _____ () C:\WINDOWS\win.ini
2014-02-06 15:33 - 2003-04-01 01:00 - 00000256 _____ () C:\WINDOWS\system.ini
2014-02-06 15:29 - 2011-05-16 14:40 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 14:08 - 2014-02-06 14:08 - 00011212 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140206_140749.reg
2014-02-06 12:56 - 2011-05-16 15:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-06 12:16 - 2011-05-17 00:31 - 00622558 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-06 11:51 - 2011-05-16 16:07 - 00001374 ____C () C:\WINDOWS\system32\wpa.bak
2014-02-06 11:41 - 2011-05-22 09:22 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-04 11:32 - 2014-02-04 11:32 - 00000000 ____D () C:\6e13aa418c81916a85273cd99568cb
2014-02-03 19:31 - 2011-09-18 21:43 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-02 14:35 - 2014-02-02 14:35 - 00000000 ____D () C:\19c71df5d9beff9b4b54
2014-01-31 20:32 - 2011-05-22 20:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-01-30 16:57 - 2014-01-30 16:57 - 00027934 _____ () C:\Documents and Settings\Administrator\My Documents\attach.txt
2014-01-30 16:57 - 2014-01-30 16:57 - 00015969 _____ () C:\Documents and Settings\Administrator\My Documents\dds.txt
2014-01-30 16:36 - 2011-05-16 16:18 - 00001919 ____C () C:\WINDOWS\epplauncher.mif
2014-01-30 13:40 - 2011-05-17 00:24 - 00000000 ____D () C:\WINDOWS\pchealth
2014-01-29 15:17 - 2014-01-29 15:17 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\thmhtvhy.sys
2014-01-29 15:13 - 2014-01-29 15:13 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\avsxyhfe.sys
2014-01-28 23:01 - 2011-12-15 11:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
2014-01-28 22:54 - 2011-05-16 14:34 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-01-28 20:52 - 2014-01-28 20:52 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-01-27 20:40 - 2013-12-12 17:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-01-27 20:38 - 2013-12-11 18:16 - 00000000 ____D () C:\Recuva
2014-01-27 16:03 - 2011-05-18 21:24 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-01-27 15:19 - 2011-05-17 00:24 - 00000000 ____D () C:\WINDOWS\Help
2014-01-27 15:15 - 2014-01-27 15:14 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-27 15:15 - 2011-05-17 00:24 - 00000000 ____D () C:\WINDOWS\Media
2014-01-27 14:32 - 2014-01-27 14:32 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-01-27 13:21 - 2014-01-27 13:21 - 00000000 ____D () C:\d8e371acf69840d372
2014-01-27 12:56 - 2011-05-16 14:34 - 00000000 ____D () C:\Program Files\Online Services
2014-01-26 20:20 - 2013-04-10 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813170$
2014-01-26 14:24 - 2011-05-16 15:30 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-01-26 14:13 - 2013-12-09 19:34 - 00000000 ___SD () C:\Documents and Settings\All Users\Application Data\Shared Space
2014-01-26 14:13 - 2013-02-05 15:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Ebay Selling
2014-01-25 20:51 - 2011-05-22 12:20 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-25 20:47 - 2012-01-07 21:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-01-25 20:36 - 2014-01-25 20:36 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-01-25 20:36 - 2014-01-25 20:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-01-25 20:36 - 2013-08-21 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-25 10:40 - 2012-09-12 14:46 - 00000456 ____H () C:\WINDOWS\Tasks\Norton Security Scan for Administrator.job
2014-01-24 22:32 - 2013-04-03 08:53 - 00000000 ____D () C:\Program Files\LG Electronics
2014-01-24 21:12 - 2014-01-24 21:12 - 00000000 ____D () C:\1a443f8837eeb4b3b47499
2014-01-24 20:20 - 2011-05-20 15:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-01-24 19:16 - 2013-07-11 12:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-24 19:10 - 2011-05-20 15:34 - 83425928 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-24 19:06 - 2014-01-24 19:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-24 17:10 - 2012-01-31 14:21 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-24 17:09 - 2011-05-16 15:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-24 16:55 - 2013-11-14 10:51 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-01-24 16:53 - 2013-03-28 12:46 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-01-24 16:36 - 2014-01-24 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
2014-01-24 16:35 - 2011-05-16 15:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-24 15:54 - 2012-06-12 13:14 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-01-24 15:53 - 2013-12-09 17:41 - 00000000 ____D () C:\Program Files\MediaMonkey
2014-01-24 15:46 - 2011-10-18 12:29 - 00000000 ____D () C:\Program Files\IObit
2014-01-24 14:44 - 2013-03-28 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TP-LINK
2014-01-19 20:34 - 2014-01-19 20:34 - 00006686 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140119_203453.reg
2014-01-19 18:32 - 2011-05-18 15:47 - 00231584 ____C (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 13:37 - 2012-01-31 14:21 - 00000785 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2014-01-19 13:37 - 2011-05-16 14:40 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-01-16 17:25 - 2013-12-15 17:31 - 00000000 ____D () C:\5949b32e9d93995e4642
2014-01-16 17:25 - 2012-08-27 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-01-16 17:21 - 2011-05-18 18:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-01-16 17:19 - 2011-05-19 14:07 - 00000000 ____D () C:\Program Files\Google
2014-01-12 13:37 - 2013-12-09 17:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\MediaMonkey
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ntdll_dump.dll
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================