Jump to content

jackpot316

Anti-Spyware Brigade
  • Content Count

    1,031
  • Joined

  • Last visited

About jackpot316

  • Rank
    Advanced Member
  • Birthday 09/08/1965

Contact Methods

Profile Information

  • Gender
    Male
  • Location
    Hertford N.C.
  • Interests
    Computers,Hunting,Fishing,Auto racing,Family

Previous Fields

  • System Specifications:
    hp d4100y Intel Pentium-D 820 dual core 800MHZ FSB 1GB ram GFORCE 6800GT 80GB. SEAGATE HD, 160GB WD 16X DVD-ROM LITEON-16X DVD+R
  • Teams:
    PC Builders Club
  1. Mini061614-01.dmp 6/16/2014 8:00:05 PM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0x0000f038 0x00000002 0x00000001 0xb60e1314 Mup.sys Mup.sys+314 Multiple UNC Provider driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6103 (xpsp_sp3_gdr.110421-1640) 32-bit ntkrnlpa.exe+6d80c Mup.sys+314 C:\WINDOWS\Minidump\Mini061614-01.dmp 2 15 2600 65,536 6/16/2014 8:03:55 PM Mini061514-01.dmp 6/15/2014 7:14:10 PM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0x0000f038 0x00000002 0x00000001 0xb60e1314 Mup.sys Mup.sys+314 Multiple UNC Provider driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6103 (xpsp_sp3_gdr.110421-1640) 32-bit ntoskrnl.exe+6d80c Mup.sys+314 C:\WINDOWS\Minidump\Mini061514-01.dmp 2 15 2600 65,536 6/15/2014 7:16:52 PM Mini061414-02.dmp 6/14/2014 1:50:47 PM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x81fffff4 0x00000002 0x00000000 0x80522708 ntkrnlpa.exe ntkrnlpa.exe+6d80c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421) 32-bit ntkrnlpa.exe+6d80c ntkrnlpa.exe+4b708 ntkrnlpa.exe+17a364 ntkrnlpa.exe+31c14 C:\WINDOWS\Minidump\Mini061414-02.dmp 2 15 2600 65,536 6/14/2014 1:55:10 PM Mini061414-01.dmp 6/14/2014 10:06:17 AM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0x0000f038 0x00000002 0x00000001 0xb60e1314 32-bit C:\WINDOWS\Minidump\Mini061414-01.dmp 2 15 2600 65,536 6/14/2014 1:32:01 PM Mini061314-01.dmp 6/13/2014 9:19:17 PM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x00000000 0x00000002 0x00000001 0x80522800 ntkrnlpa.exe ntkrnlpa.exe+6d80c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421) 32-bit ntkrnlpa.exe+6d80c ntkrnlpa.exe+4b800 ntkrnlpa.exe+4bd2a ntkrnlpa.exe+499ad C:\WINDOWS\Minidump\Mini061314-01.dmp 2 15 2600 65,536 6/13/2014 9:32:03 PM
  2. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-06-2014 Ran by Administrator at 2014-06-18 12:25:59 Run:2 Running from C:\Documents and Settings\Administrator\desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start c:\documents and settings\Administrator\Application Data\SparkTrust c:\documents and settings\All Users\Application Data\SparkTrust Reg: [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyPC Backup.lnk] end ***************** "c:\documents and settings\Administrator\Application Data\SparkTrust" => File/Directory not found. "c:\documents and settings\All Users\Application Data\SparkTrust" => File/Directory not found. ========= Reg: ========= 'Reg:' is not recognized as an internal or external command, operable program or batch file. ========= End of Reg: ========= ==== End of Fixlog ====
  3. ComboFix 14-06-13.01 - Administrator 06/17/2014 20:44:51.12.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2014-05-18 to 2014-06-18 ))))))))))))))))))))))))))))))) . . 2014-06-14 12:44 . 2014-06-15 00:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2014-06-14 12:44 . 2014-05-12 11:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-06-14 12:44 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys 2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\athuw.sys 2014-06-09 04:32 . 2014-06-09 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-06-08 13:35 . 2014-06-08 13:35 -------- d-----w- c:\program files\NirSoft 2014-06-07 00:54 . 2014-06-07 00:54 -------- d-----w- c:\program files\Logitech 2014-06-06 18:23 . 2014-06-06 18:23 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-06-06 17:53 . 2014-06-06 18:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-06-06 17:53 . 2014-06-06 17:53 -------- d-----w- c:\program files\Java 2014-06-04 22:18 . 2014-06-09 00:41 -------- d-----w- c:\windows\system32\wbem\Repository 2014-06-04 22:11 . 2014-06-04 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA 2014-06-04 03:11 . 2014-06-04 03:11 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2014-06-04 01:38 . 2014-05-13 19:18 3774821 ----a-w- c:\windows\system32\nvcoproc.bin 2014-06-04 01:37 . 2014-06-15 02:02 1144544 ----a-w- c:\windows\system32\nvdrsdb1.bin 2014-06-04 01:37 . 2014-06-15 02:02 1 ----a-w- c:\windows\system32\nvdrssel.bin 2014-06-04 01:37 . 2014-06-15 02:01 1144544 ----a-w- c:\windows\system32\nvdrsdb0.bin 2014-06-03 22:32 . 2014-06-11 22:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-06-03 22:32 . 2014-06-11 22:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-06-03 00:24 . 2013-04-06 01:26 1679360 ----a-w- c:\windows\system32\ac3filter.acm 2014-06-03 00:24 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3Filter 2014-06-03 00:18 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3File 2014-06-03 00:12 . 2014-06-04 22:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2014-06-02 00:16 . 2014-06-04 21:58 -------- d-----w- c:\program files\SlimCleaner 2014-06-01 13:20 . 2014-06-14 12:15 -------- d-----w- C:\FRST 2014-06-01 07:32 . 2014-06-01 20:33 19165360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2014-06-01 03:15 . 2014-05-20 09:07 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys 2014-05-31 21:19 . 2014-06-04 03:11 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2014-05-31 19:40 . 2014-05-31 19:40 -------- d-----w- c:\windows\ERUNT 2014-05-29 23:39 . 2014-05-29 23:39 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-05-29 23:39 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys 2014-05-29 23:39 . 2014-05-29 23:39 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-05-29 23:39 . 2014-04-25 17:21 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-05-29 23:39 . 2014-04-25 17:21 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-05-29 23:39 . 2014-04-25 17:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-05-29 23:39 . 2014-04-25 17:21 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-05-29 23:39 . 2014-04-25 17:21 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-05-27 01:04 . 2014-05-27 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2014-05-27 00:45 . 2014-05-27 00:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan 2014-05-27 00:34 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2014-05-27 00:32 . 2014-05-27 00:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2014-05-26 18:58 . 2014-03-09 19:31 156960 ----a-w- c:\windows\system32\nvsvc32.exe 2014-05-26 18:58 . 2014-03-09 19:31 145352 ----a-w- c:\windows\system32\nvcolor.exe 2014-05-26 18:58 . 2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll 2014-05-26 18:58 . 2014-03-09 19:31 54272 ----a-w- c:\windows\system32\nvwddi.dll 2014-05-23 00:24 . 2014-05-20 02:32 908744 ----a-w- c:\windows\system32\nvdispgenco32.dll 2014-05-23 00:24 . 2014-05-20 02:32 1056200 ----a-w- c:\windows\system32\nvdispco32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-07 00:43 . 2011-03-27 07:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2014-06-04 23:21 . 2003-03-31 11:00 138752 ----a-w- c:\windows\system32\sndvol32.exe 2014-05-12 16:14 . 2012-09-29 18:55 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-04-25 17:21 . 2014-05-29 23:39 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1401406783656 2014-04-25 17:21 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1401406783656 2014-04-25 17:21 . 2014-04-25 17:21 43152 ----a-w- c:\windows\avastSS.scr 2014-04-25 17:21 . 2014-03-02 17:23 271264 ----a-w- c:\windows\system32\aswBoot.exe 2014-04-15 00:56 . 2014-04-15 00:56 53248 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}\ARPPRODUCTICON.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-04-25 17:21 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-03-09 15714592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk] backup=c:\windows\pss\BDARemote.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Wireless Software Upgrade Assistant.lnk] backup=c:\windows\pss\Verizon Wireless Software Upgrade Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\ROBBY\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^TimeLeft.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus] c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdAwareLauncher" --windows-run] c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -k] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] 2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection] 2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp] 2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM] 2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2010-11-03 22:13 64104 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2014-02-13 01:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsRunHelp] 2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp] 2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJMyPrt] 2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT] 2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNSLMAIN] 2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon] 2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopWeather] 2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadManagerService] 2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6] 2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com] 2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleUpdate] 2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2014-05-26 23:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] 2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil] 2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobsync] 2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMBgMonitor] 2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend] 2014-04-30 18:28 2199840 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2014-03-09 19:31 15714592 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2014-03-09 20:35 2593056 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask] 2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched] 2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner] 2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] 2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2013-10-04 16:29 20145368 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servicerunner] 2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint] 2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2000-01-01 00:00 1833576 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2014-03-07 02:39 5625624 ----a-w- c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager] 2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] 2010-05-21 17:55 561263 ----a-w- c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCU] 2010-08-26 20:34 4509696 ----a-w- c:\program files\Ubiquiti\UCU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker] 2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector] 2003-04-01 15:33 53248 ----a-w- c:\usbstorage\USBDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZWNotiAgent] 2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherMate] 2012-11-17 04:00 749658 ----a-w- c:\program files\WeatherMate\WeatherMate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe] 2013-06-13 18:15 1743648 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon] 2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xInsIDE] 2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xRaidSetup] 2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE"/auto . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\VSO\\VSO Downloader\\3\\VsoDownloader.exe"= "c:\\Program Files\\Lavasoft\\AdAware SecureSearch Toolbar\\dtUser.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [5/29/2014 7:39 PM 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [5/29/2014 7:39 PM 180632] R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [1/23/2013 4:22 PM 13560] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/5/2014 7:24 PM 15808] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5/29/2014 7:39 PM 777488] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5/29/2014 7:39 PM 411680] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/29/2012 2:55 PM 42784] R1 Eve;EVE Protocol Driver;c:\windows\system32\drivers\eve.sys [5/17/2013 1:15 PM 33624] R1 SASDIFSV;SASDIFSV;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASDIFSV.SYS [2/19/2011 1:41 PM 12880] R1 SASKUTIL;SASKUTIL;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASKUTIL.SYS [2/19/2011 1:41 PM 67664] R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [11/2/2013 8:28 PM 32768] R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [5/31/2014 5:20 PM 3045688] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/29/2014 7:39 PM 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/29/2014 7:39 PM 67824] R2 jswpbapi;JumpStart Push-Button Service;c:\program files\TP-LINK\QSS\jswpbapi.exe [2/19/2011 11:27 AM 188416] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [3/27/2011 3:00 AM 10136] R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [5/15/2014 8:21 PM 1617696] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/26/2011 1:35 AM 19072] R2 SVNDISUIO;SV NDIS User I/O Protocol Driver;c:\windows\system32\drivers\SVNDISUIO.sys [9/2/2013 1:29 AM 40576] R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/15/2013 6:38 AM 50704] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/19/2011 11:27 AM 57440] S3 !SASCORE;SAS Core Service;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASCORE.EXE [2/19/2011 1:41 PM 116608] S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [5/31/2014 5:20 PM 73728] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/23/2013 8:12 PM 1691480] S3 AmDriver;AmDriver;c:\windows\system32\AmDriver.sys [9/2/2013 1:29 AM 8704] S3 Amtrans;AirMagnet Analyzer Protocol;c:\windows\system32\drivers\Amtrans.sys [9/2/2013 1:29 AM 61017] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys --> c:\windows\system32\DRIVERS\lgandbus.sys [?] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys --> c:\windows\system32\DRIVERS\lganddiag.sys [?] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys --> c:\windows\system32\DRIVERS\lgandgps.sys [?] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys --> c:\windows\system32\DRIVERS\lgandmodem.sys [?] S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?] S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps.sys --> c:\windows\system32\DRIVERS\lgandnetgps.sys [?] S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?] S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?] S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [6/9/2014 9:39 PM 1763584] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 cpuz137;cpuz137;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [?] S3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [5/19/2006 11:22 AM 15328] S3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [5/19/2006 11:22 AM 13440] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 1:01 PM 19984] S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt [8/18/2005 1:00 AM 7168] S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\drivers\iSafeKrnlBoot.sys [5/31/2014 11:15 PM 38912] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\QSS\jswpsapi.exe [2/19/2011 11:27 AM 360529] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568] S3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/18/2013 4:39 PM 762192] S3 ndiskhaz;Azzouzi HotSpot Service;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?] S3 ndiskhazMP;ndiskhazMP;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [6/3/2004 1:28 PM 22131] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/22/2012 8:30 PM 47360] S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 4:19 PM 39056] S3 SDScannerService;Spybot-S&D 2 Scanner Service; [x] S3 SDUpdateService;Spybot-S&D 2 Updating Service; [x] S3 SDWSCService;Spybot-S&D 2 Security Center Service; [x] S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [1/19/2013 9:50 PM 567256] S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [4/27/2014 9:57 AM 20664] S3 xVTNameService;xVTNameService;c:\program files\AirMagnet Inc\AirMedic\xVTNameService.exe [9/2/2013 1:29 AM 24456] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-24 07:15 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-03 22:03] . 2014-06-18 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25 17:21] . 2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28] . 2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28] . 2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job - c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43] . 2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job - c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43] . 2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - c:\windows\system32\xp_eos.exe [2014-03-09 01:59] . 2014-06-18 c:\windows\Tasks\Opera scheduled Autoupdate 1385937182.job - c:\program files\Opera\launcher.exe [2013-12-01 10:18] . 2014-06-18 c:\windows\Tasks\PC Performer Manager.job - c:\windows\system32\sc.exe [2006-02-28 10:39] . 2014-04-05 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 20:19] . 2014-06-16 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19] . 2014-06-18 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-17 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-17 c:\windows\Tasks\SBWUpdateTask_Time_4897187a-74EA3A945BD0.job - c:\program files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08 07:18] . 2014-06-17 c:\windows\Tasks\SBW_UpdateTask_Time_333533383036373032322d3755556c415a505757414a34.job - c:\windows\system32\wscript.exe [2006-02-28 11:24] . 2014-06-17 c:\windows\Tasks\User_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl mStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl TCP: DhcpNameServer = 101.113.228.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default\ FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-ARO - c:\program files\Advanced Registry Optimizer\ARO.exe MSConfigStartUp-AROReminder - c:\program files\Advanced Registry Optimizer\ARO.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-06-17 21:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1644491937-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4d4efc27-38da-4e82-8645-5850461e20fe}] @Denied: (Full) (Everyone) "Model"=dword:00000035 "Therad"=dword:0000001d . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):9d,6c,1f,be,70,aa,11,bc,05,28,b3,b6,e5,d3,8f,68,ae,a6,21,8e,6f, d2,b2,f1,cb,c0,4f,53,74,d3,83,56,fd,02,2f,a7,b8,c5,17,af,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(604) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Completion time: 2014-06-17 21:03:44 ComboFix-quarantined-files.txt 2014-06-18 01:03 ComboFix2.txt 2014-06-15 22:48 . Pre-Run: 110,645,325,824 bytes free Post-Run: 110,621,376,512 bytes free . - - End Of File - - 1E95D66070AB28701C2BB99BEF1A3FC1 8F558EB6672622401DA993E1E865C861
  4. ComboFix 14-06-13.01 - Administrator 06/17/2014 20:44:51.12.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2014-05-18 to 2014-06-18 ))))))))))))))))))))))))))))))) . . 2014-06-14 12:44 . 2014-06-15 00:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2014-06-14 12:44 . 2014-05-12 11:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-06-14 12:44 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys 2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\athuw.sys 2014-06-09 04:32 . 2014-06-09 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-06-08 13:35 . 2014-06-08 13:35 -------- d-----w- c:\program files\NirSoft 2014-06-07 00:54 . 2014-06-07 00:54 -------- d-----w- c:\program files\Logitech 2014-06-06 18:23 . 2014-06-06 18:23 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-06-06 17:53 . 2014-06-06 18:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-06-06 17:53 . 2014-06-06 17:53 -------- d-----w- c:\program files\Java 2014-06-04 22:18 . 2014-06-09 00:41 -------- d-----w- c:\windows\system32\wbem\Repository 2014-06-04 22:11 . 2014-06-04 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA 2014-06-04 03:11 . 2014-06-04 03:11 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2014-06-04 01:38 . 2014-05-13 19:18 3774821 ----a-w- c:\windows\system32\nvcoproc.bin 2014-06-04 01:37 . 2014-06-15 02:02 1144544 ----a-w- c:\windows\system32\nvdrsdb1.bin 2014-06-04 01:37 . 2014-06-15 02:02 1 ----a-w- c:\windows\system32\nvdrssel.bin 2014-06-04 01:37 . 2014-06-15 02:01 1144544 ----a-w- c:\windows\system32\nvdrsdb0.bin 2014-06-03 22:32 . 2014-06-11 22:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-06-03 22:32 . 2014-06-11 22:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-06-03 00:24 . 2013-04-06 01:26 1679360 ----a-w- c:\windows\system32\ac3filter.acm 2014-06-03 00:24 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3Filter 2014-06-03 00:18 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3File 2014-06-03 00:12 . 2014-06-04 22:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2014-06-02 00:16 . 2014-06-04 21:58 -------- d-----w- c:\program files\SlimCleaner 2014-06-01 13:20 . 2014-06-14 12:15 -------- d-----w- C:\FRST 2014-06-01 07:32 . 2014-06-01 20:33 19165360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2014-06-01 03:15 . 2014-05-20 09:07 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys 2014-05-31 21:19 . 2014-06-04 03:11 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2014-05-31 19:40 . 2014-05-31 19:40 -------- d-----w- c:\windows\ERUNT 2014-05-29 23:39 . 2014-05-29 23:39 777488 ----a-w- &n
  5. Sound problem.has been fixed it started back working after I rebooted Saturday, Also the drivers are all updated I try to keep everything updated as best I can that was the first thing I did was to check my devices for updates. On the Sparktrust I Could not find that anywhere on my computer and MyPC Backup coud not find that also All the rest you mentioned I found and delete all parts of them On avg I am not running that. I did have it back a few months ago, But I did delete the left overs of that today also.The problems I still have is the blue screens, now and then and the freeze up during some reboots .Just to let you know when I come here for help it's going to be hard to find the problem because I worked days on trying to figure out what is causing the problems and I got stumped on this one... But so far over the years the pit-stop is so far been 100% on fixing my problems. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by Administrator on Mon 06/16/2014 at 18:07:17.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders
  6. ComboFix 14-06-13.01 - Administrator 06/15/2014 18:27:29.10.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\inst.exe c:\documents and settings\All Users\Application Data\1401148350.bdinstall.bin c:\documents and settings\All Users\Application Data\1401150572.bdinstall.bin c:\documents and settings\All Users\Application Data\1401405226.bdinstall.bin c:\documents and settings\All Users\Application Data\1401405235.bdinstall.bin c:\documents and settings\All Users\Application Data\1401406377.bdinstall.bin c:\documents and settings\All Users\Application Data\TEMP C:\Thumbs.db c:\windows\iun6002.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\wininit.ini c:\windows\wnUninstall.exe . . ((((((((((((((((((((((((( Files Created from 2014-05-15 to 2014-06-15 ))))))))))))))))))))))))))))))) . . 2014-06-14 12:44 . 2014-06-15 00:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2014-06-14 12:44 . 2014-05-12 11:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-06-14 12:44 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys 2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\athuw.sys 2014-06-09 04:32 . 2014-06-09 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-06-08 13:35 . 2014-06-08 13:35 -------- d-----w- c:\program files\NirSoft 2014-06-07 00:54 . 2014-06-07 00:54 -------- d-----w- c:\program files\Logitech 2014-06-06 18:23 . 2014-06-06 18:23 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-06-06 17:53 . 2014-06-06 18:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-06-06 17:53 . 2014-06-06 17:53 -------- d-----w- c:\program files\Java 2014-06-04 22:18 . 2014-06-09 00:41 -------- d-----w- c:\windows\system32\wbem\Repository 2014-06-04 22:11 . 2014-06-04 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA 2014-06-04 21:58 . 2014-06-04 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SparkTrust 2014-06-04 03:11 . 2014-06-04 03:11 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2014-06-04 01:38 . 2014-05-13 19:18 3774821 ----a-w- c:\windows\system32\nvcoproc.bin 2014-06-04 01:37 . 2014-06-15 02:02 1144544 ----a-w- c:\windows\system32\nvdrsdb1.bin 2014-06-04 01:37 . 2014-06-15 02:02 1 ----a-w- c:\windows\system32\nvdrssel.bin 2014-06-04 01:37 . 2014-06-15 02:01 1144544 ----a-w- c:\windows\system32\nvdrsdb0.bin 2014-06-03 22:32 . 2014-06-11 22:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-06-03 22:32 . 2014-06-11 22:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-06-03 00:24 . 2013-04-06 01:26 1679360 ----a-w- c:\windows\system32\ac3filter.acm 2014-06-03 00:24 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3Filter 2014-06-03 00:18 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3File 2014-06-03 00:12 . 2014-06-04 22:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2014-06-02 00:16 . 2014-06-04 21:58 -------- d-----w- c:\program files\SlimCleaner 2014-06-01 22:48 . 2014-06-04 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust 2014-06-01 13:20 . 2014-06-14 12:15 -------- d-----w- C:\FRST 2014-06-01 07:32 . 2014-06-01 20:33 19165360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2014-06-01 03:15 . 2014-05-20 09:07 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys 2014-05-31 21:19 . 2014-06-04 03:11 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2014-05-31 19:40 . 2014-05-31 19:40 -------- d-----w- c:\windows\ERUNT 2014-05-29 23:39 . 2014-05-29 23:39 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-05-29 23:39 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys 2014-05-29 23:39 . 2014-05-29 23:39 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-05-29 23:39 . 2014-04-25 17:21 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-05-29 23:39 . 2014-04-25 17:21 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-05-29 23:39 . 2014-04-25 17:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-05-29 23:39 . 2014-04-25 17:21 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-05-29 23:39 . 2014-04-25 17:21 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-05-27 01:04 . 2014-05-27 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2014-05-27 00:45 . 2014-05-27 00:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan 2014-05-27 00:34 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2014-05-27 00:32 . 2014-05-27 00:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2014-05-26 18:58 . 2014-03-09 19:31 156960 ----a-w- c:\windows\system32\nvsvc32.exe 2014-05-26 18:58 . 2014-03-09 19:31 145352 ----a-w- c:\windows\system32\nvcolor.exe 2014-05-26 18:58 . 2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll 2014-05-26 18:58 . 2014-03-09 19:31 54272 ----a-w- c:\windows\system32\nvwddi.dll 2014-05-23 00:24 . 2014-05-20 02:32 908744 ----a-w- c:\windows\system32\nvdispgenco32.dll 2014-05-23 00:24 . 2014-05-20 02:32 1056200 ----a-w- c:\windows\system32\nvdispco32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-07 00:43 . 2011-03-27 07:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2014-06-04 23:21 . 2003-03-31 11:00 138752 ----a-w- c:\windows\system32\sndvol32.exe 2014-05-12 16:14 . 2012-09-29 18:55 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-04-25 17:21 . 2014-05-29 23:39 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1401406783656 2014-04-25 17:21 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1401406783656 2014-04-25 17:21 . 2014-04-25 17:21 43152 ----a-w- c:\windows\avastSS.scr 2014-04-25 17:21 . 2014-03-02 17:23 271264 ----a-w- c:\windows\system32\aswBoot.exe 2014-04-15 00:56 . 2014-04-15 00:56 53248 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}\ARPPRODUCTICON.exe 2014-03-19 00:24 . 2008-02-29 07:13 28312 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2014-03-19 00:24 . 2010-08-24 17:31 53528 ----a-w- c:\windows\system32\LMouFiltCoInst.dll 2014-03-19 00:24 . 2008-02-29 07:13 37528 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2014-03-19 00:24 . 2008-02-29 07:13 43800 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2014-03-19 00:24 . 2011-03-27 07:00 10136 ----a-w- c:\windows\system32\drivers\LBeepKE.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-04-25 17:21 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-03-09 15714592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-01-17 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyPC Backup.lnk] backupExtension=.Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk] backup=c:\windows\pss\BDARemote.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Wireless Software Upgrade Assistant.lnk] backup=c:\windows\pss\Verizon Wireless Software Upgrade Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\ROBBY\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^TimeLeft.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus] c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdAwareLauncher" --windows-run] c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -k] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMF HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCenter HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallX Search Protect for Yahoo HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Disk MD Registration Reminder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder-Optimize3 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder-PCMatic HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWC.Win7 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCApp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] 2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection] 2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp] 2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM] 2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2010-11-03 22:13 64104 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2014-02-13 01:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ARO] 2010-01-20 18:51 2137600 ----a-w- c:\program files\Advanced Registry Optimizer\ARO.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder] 2010-01-20 18:51 2137600 ----a-w- c:\program files\Advanced Registry Optimizer\ARO.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsRunHelp] 2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp] 2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJMyPrt] 2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT] 2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNSLMAIN] 2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon] 2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopWeather] 2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadManagerService] 2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6] 2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com] 2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleUpdate] 2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2014-05-26 23:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] 2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil] 2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobsync] 2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMBgMonitor] 2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend] 2014-04-30 18:28 2199840 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2014-03-09 19:31 15714592 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2014-03-09 20:35 2593056 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask] 2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched] 2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner] 2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] 2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2013-10-04 16:29 20145368 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servicerunner] 2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint] 2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2000-01-01 00:00 1833576 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2014-03-07 02:39 5625624 ----a-w- c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager] 2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] 2010-05-21 17:55 561263 ----a-w- c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCU] 2010-08-26 20:34 4509696 ----a-w- c:\program files\Ubiquiti\UCU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker] 2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector] 2003-04-01 15:33 53248 ----a-w- c:\usbstorage\USBDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZWNotiAgent] 2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherMate] 2012-11-17 04:00 749658 ----a-w- c:\program files\WeatherMate\WeatherMate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe] 2013-06-13 18:15 1743648 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon] 2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xInsIDE] 2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xRaidSetup] 2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE"/auto . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\VSO\\VSO Downloader\\3\\VsoDownloader.exe"= "c:\\Program Files\\Lavasoft\\AdAware SecureSearch Toolbar\\dtUser.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [5/29/2014 7:39 PM 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [5/29/2014 7:39 PM 180632] R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [1/23/2013 4:22 PM 13560] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/5/2014 7:24 PM 15808] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5/29/2014 7:39 PM 777488] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5/29/2014 7:39 PM 411680] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/29/2012 2:55 PM 42784] R1 Eve;EVE Protocol Driver;c:\windows\system32\drivers\eve.sys [5/17/2013 1:15 PM 33624] R1 SASDIFSV;SASDIFSV;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASDIFSV.SYS [2/19/2011 1:41 PM 12880] R1 SASKUTIL;SASKUTIL;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASKUTIL.SYS [2/19/2011 1:41 PM 67664] R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [11/2/2013 8:28 PM 32768] R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [5/31/2014 5:20 PM 3045688] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/29/2014 7:39 PM 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/29/2014 7:39 PM 67824] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [3/27/2011 3:00 AM 10136] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/26/2011 1:35 AM 19072] R2 SVNDISUIO;SV NDIS User I/O Protocol Driver;c:\windows\system32\drivers\SVNDISUIO.sys [9/2/2013 1:29 AM 40576] R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/15/2013 6:38 AM 50704] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/19/2011 11:27 AM 57440] S2 jswpbapi;JumpStart Push-Button Service;c:\program files\TP-LINK\QSS\jswpbapi.exe [2/19/2011 11:27 AM 188416] S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [11/4/2013 11:30 PM 2175264] S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [5/15/2014 8:21 PM 1617696] S3 !SASCORE;SAS Core Service;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASCORE.EXE [2/19/2011 1:41 PM 116608] S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [5/31/2014 5:20 PM 73728] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/23/2013 8:12 PM 1691480] S3 AmDriver;AmDriver;c:\windows\system32\AmDriver.sys [9/2/2013 1:29 AM 8704] S3 Amtrans;AirMagnet Analyzer Protocol;c:\windows\system32\drivers\Amtrans.sys [9/2/2013 1:29 AM 61017] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys --> c:\windows\system32\DRIVERS\lgandbus.sys [?] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys --> c:\windows\system32\DRIVERS\lganddiag.sys [?] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys --> c:\windows\system32\DRIVERS\lgandgps.sys [?] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys --> c:\windows\system32\DRIVERS\lgandmodem.sys [?] S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?] S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps.sys --> c:\windows\system32\DRIVERS\lgandnetgps.sys [?] S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?] S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?] S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [6/9/2014 9:39 PM 1763584] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 cpuz137;cpuz137;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [?] S3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [5/19/2006 11:22 AM 15328] S3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [5/19/2006 11:22 AM 13440] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 1:01 PM 19984] S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt [8/18/2005 1:00 AM 7168] S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\drivers\iSafeKrnlBoot.sys [5/31/2014 11:15 PM 38912] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\QSS\jswpsapi.exe [2/19/2011 11:27 AM 360529] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568] S3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/18/2013 4:39 PM 762192] S3 ndiskhaz;Azzouzi HotSpot Service;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?] S3 ndiskhazMP;ndiskhazMP;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [6/3/2004 1:28 PM 22131] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/22/2012 8:30 PM 47360] S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 4:19 PM 39056] S3 SDScannerService;Spybot-S&D 2 Scanner Service; [x] S3 SDUpdateService;Spybot-S&D 2 Updating Service; [x] S3 SDWSCService;Spybot-S&D 2 Security Center Service; [x] S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [1/19/2013 9:50 PM 567256] S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [4/27/2014 9:57 AM 20664] S3 xVTNameService;xVTNameService;c:\program files\AirMagnet Inc\AirMedic\xVTNameService.exe [9/2/2013 1:29 AM 24456] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-24 07:15 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-03 22:03] . 2014-06-15 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25 17:21] . 2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28] . 2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28] . 2014-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job - c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43] . 2014-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job - c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43] . 2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - c:\windows\system32\xp_eos.exe [2014-03-09 01:59] . 2014-06-15 c:\windows\Tasks\Opera scheduled Autoupdate 1385937182.job - c:\program files\Opera\launcher.exe [2013-12-01 10:18] . 2014-06-15 c:\windows\Tasks\PC Performer Manager.job - c:\windows\system32\sc.exe [2006-02-28 10:39] . 2014-04-05 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 20:19] . 2014-06-09 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19] . 2014-06-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13] . 2014-06-15 c:\windows\Tasks\SBWUpdateTask_Time_4897187a-74EA3A945BD0.job - c:\program files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08 07:18] . 2014-06-15 c:\windows\Tasks\SBW_UpdateTask_Time_333533383036373032322d3755556c415a505757414a34.job - c:\windows\system32\wscript.exe [2006-02-28 11:24] . 2014-06-15 c:\windows\Tasks\SmartDefrag3_Update.job - c:\program files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-01-29 22:16] . 2014-06-15 c:\windows\Tasks\User_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl mStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default\ FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\documents and settings\Administrator\Desktop\SASSEH.DLL MSConfigStartUp-CLMLServer - c:\program files\Cyberlink\Power2Go\CLMLSvc.exe MSConfigStartUp-CLMLSvc - c:\program files\Cyberlink\Power2Go\CLMLSvc.exe MSConfigStartUp-Device Doctor Pro - c:\program files\Device Doctor Pro\DDProLauncher.exe MSConfigStartUp-Download Nitro - c:\program files\PCPitstop\Download Nitro\pcpitstop-nitro.exe MSConfigStartUp-PCSuite - c:\program files\SAMSUNG\Samsung PC Studio 7\PCSuite.exe MSConfigStartUp-Power2GoExpress - c:\program files\CyberLink\Power2Go\Power2GoExpress.exe MSConfigStartUp-S60 PC Suite Tray - c:\program files\SAMSUNG\Samsung PC Studio 7\PCSuite.exe MSConfigStartUp-SDCleaner - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe MSConfigStartUp-SpyHunter4 - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-06-15 18:44 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1644491937-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4d4efc27-38da-4e82-8645-5850461e20fe}] @Denied: (Full) (Everyone) "Model"=dword:00000035 "Therad"=dword:0000001d . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):9d,6c,1f,be,70,aa,11,bc,05,28,b3,b6,e5,d3,8f,68,ae,a6,21,8e,6f, d2,b2,f1,cb,c0,4f,53,74,d3,83,56,fd,02,2f,a7,b8,c5,17,af,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(604) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Completion time: 2014-06-15 18:48:49 ComboFix-quarantined-files.txt 2014-06-15 22:48 . Pre-Run: 110,334,361,600 bytes free Post-Run: 110,302,572,544 bytes free . - - End Of File - - 991C2BC4B6CF4B33801ABBEA825901EE 8F558EB6672622401DA993E1E865C861
  7. Got a blue screen 2 times lastnight once when I ran Malwarebytes the other one was when I reset my usb wireless wifi device I am thinking some type of bug did something to files to do something with My wireless and the volume Now if I click on my vol icon in the right corner a window pops up open file - security warning NAME sndvol 32.exe RUN OR Cancel... I click run and the volume ajustment shows up but it does not set up I CLICK the icon it does the same thing.
  8. This is the first scan before I made the changes in the mbam, I did the scan before I completely read all you had wrote.. sorry I am doing it again . Also computer has rebooted 2 times without problems and so far no bluescreens Right now its to early to call here is the first scan without your ask setting I will post the other scan later let me know If I can do more. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/14/2014 Scan Time: 8:47:12 AM Logfile: mb scan sat 14 2014.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.14.02 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 370878 Time Elapsed: 21 min, 28 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\My Documents\Downloads\ac3filter_2_6_0b.exe, Quarantined, [88d25c1c2f4ced49bcd6ccbe8879b34d], Physical Sectors: 0 (No malicious items detected) (end)
  9. # AdwCleaner v3.212 - Report created 14/06/2014 at 08:29:00 # Updated 05/06/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Administrator - DEAN-426571A0EA # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner(2).exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : iSafeNetFilter ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure Folder Deleted : C:\Documents and Settings\Administrator\Application Data\eCyber Folder Deleted : C:\Documents and Settings\Administrator\My Documents\Updater Folder Deleted : C:\Documents and Settings\ROBBY\My Documents\Updater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iSafe ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default\prefs.js ] -\\ Google Chrome v35.0.1916.153 [ File : C:\Documents and Settings\ROBBY\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [16898 octets] - [07/03/2014 14:57:17] AdwCleaner[R1].txt - [16427 octets] - [07/03/2014 22:16:59] AdwCleaner[R2].txt - [1538 octets] - [08/03/2014 09:36:07] AdwCleaner[R3].txt - [2653 octets] - [09/03/2014 12:04:07] AdwCleaner[R4].txt - [1669 octets] - [09/03/2014 12:09:46] AdwCleaner[R5].txt - [2097 octets] - [23/03/2014 08:36:35] AdwCleaner[R6].txt - [5459 octets] - [04/05/2014 00:24:40] AdwCleaner[R7].txt - [2027 octets] - [08/05/2014 18:03:52] AdwCleaner[R8].txt - [4481 octets] - [31/05/2014 16:25:24] AdwCleaner[R9].txt - [2554 octets] - [14/06/2014 08:25:52] AdwCleaner[s0].txt - [16781 octets] - [07/03/2014 22:18:21] AdwCleaner[s1].txt - [1601 octets] - [08/03/2014 09:38:10] AdwCleaner[s2].txt - [2303 octets] - [09/03/2014 12:06:15] AdwCleaner[s3].txt - [1730 octets] - [09/03/2014 12:13:08] AdwCleaner[s4].txt - [2109 octets] - [23/03/2014 08:38:27] AdwCleaner[s5].txt - [5405 octets] - [04/05/2014 00:26:33] AdwCleaner[s6].txt - [2088 octets] - [08/05/2014 18:07:19] AdwCleaner[s7].txt - [4472 octets] - [31/05/2014 16:29:03] AdwCleaner[s8].txt - [2493 octets] - [14/06/2014 08:29:00] ########## EOF - C:\AdwCleaner\AdwCleaner[s8].txt - [2553 octets] ##########
  10. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014 02 Ran by Administrator at 2014-06-14 08:15:11 Run:1 Running from C:\Documents and Settings\Administrator\desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start SearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms} BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X] S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe IObit Apps Toolbar v8.1 (HKLM\...\{5B26F17A-9272-4A26-9DF9-18157AFAC6CD}) (Version: 8.1 - Spigot, Inc.) <==== ATTENTION AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 end ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}' => Key deleted successfully. 'HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully. 'HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. 'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found. iSafeKrnlKit => Service deleted successfully. iSafeNetFilter => Service deleted successfully. "C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe" => File/Directory not found. C:\Documents and Settings\All Users\Application Data\TEMP => ":24721E3C" ADS removed successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully. ==== End of Fixlog ====
  11. Just a few questions on this you posted below I don't understand how I save this I cant find a file named frst64 on my computer? Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
  12. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 Ran by Administrator (administrator) on DEAN-426571A0EA on 11-06-2014 21:17:53 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Emsi Software GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Atheros) C:\WINDOWS\system32\acs.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Wireless) C:\Program Files\TP-LINK\QSS\jswpbapi.exe (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Emsi Software GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-26] (Check Point Software Technologies LTD) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15714592 2014-03-09] (NVIDIA Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1 HKU\S-1-5-21-1644491937-1767777339-839522115-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Lsa: [Authentication Packages] msv1_0 nwprovau ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1ED6FA27-D2CE-459F-ADEF-05864B1FCA29&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: No Name - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program Files\FreshDevices\FreshDownload\fdcatch.dll (FreshDevices Corp.) BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\Administrator\desktop\SASSEH.DLL [115440 2014-06-11] (SuperAdBlocker.com) Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 101.113.228.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @meadco.com/neptune plugin,version=2.0.0.29 - C:\PROGRA~1\MEADCO~1\npmeadax.dll (MeadCo Corp.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-02] ========================== Services (Whitelisted) ================= S3 !SASCORE; C:\Documents and Settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASCORE.EXE [116608 2013-01-19] (SUPERAntiSpyware.com) [File not signed] R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [3045688 2011-10-03] (Emsi Software GmbH) R2 ACS; C:\WINDOWS\system32\acs.exe [495700 2009-05-12] (Atheros) [File not signed] S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-07] (Adobe Systems) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software) S3 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] () R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-06] (Oracle Corporation) R2 jswpbapi; C:\Program Files\TP-LINK\QSS\jswpbapi.exe [188416 2009-09-21] (Wireless) [File not signed] S3 jswpsapi; C:\Program Files\TP-LINK\QSS\jswpsapi.exe [360529 2009-09-21] (wireless) [File not signed] S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-09-24] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-05-31] (IObit) S3 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG) S3 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] () R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation) S3 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation) S3 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] S3 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.) S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group) R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-26] (Check Point Software Technologies LTD) S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation) [File not signed] S4 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-26] (Microsoft Corporation) [File not signed] S3 xVTNameService; C:\Program Files\AirMagnet Inc.\AirMedic\xVTNameService.exe [24456 2009-02-19] () R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S3 SDScannerService; No ImagePath S3 SDUpdateService; No ImagePath S3 SDWSCService; No ImagePath ==================== Drivers (Whitelisted) ==================== S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [73728 2011-02-20] (Emsi Software GmbH) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) S3 AmDriver; C:\WINDOWS\system32\AMDriver.sys [8704 2009-02-19] (AirMagnet, Inc) [File not signed] S3 Amtrans; C:\WINDOWS\System32\DRIVERS\amtrans.sys [61017 2009-02-19] (Windows ® 2000 DDK provider) [File not signed] R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2013-06-28] (Atheros Communications, Inc.) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-19] () R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-25] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-29] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-25] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-29] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-29] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-25] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-25] () R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-05-12] (AVG Technologies) S3 Egatebus; C:\WINDOWS\System32\drivers\egatebus.sys [15328 2006-05-19] (Axalto) S3 Egaterdr; C:\WINDOWS\System32\drivers\egaterdr.sys [13440 2006-05-19] (Axalto) S3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] () R1 Eve; C:\WINDOWS\System32\DRIVERS\eve.sys [33624 2013-03-28] () S3 EverestDriver; C:\Documents and Settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt [7168 2005-08-18] () [File not signed] S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed] R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-09-28] (GFI Software) S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [38912 2014-05-20] (Elex do Brasil Participações Ltda) R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2012-02-04] (JMicron ) R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2013-01-15] (JMicron Technology Corp.) R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2009-09-21] (Atheros Communications, Inc.) R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28312 2014-03-18] (Logitech, Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 nvatabus; C:\WINDOWS\System32\drivers\nvatabus.sys [100736 2006-04-24] (NVIDIA Corporation) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2013-02-18] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation) S3 NVR0Dev; C:\WINDOWS\nvoclock.sys [29696 2007-09-04] (NVidia Corp.) [File not signed] R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-02-28] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-28] (Microsoft Corporation) S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation) S3 PCANDIS5_WIFISCAN.SYS; C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [22131 2004-06-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2012-12-22] (VSO Software) [File not signed] R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2013-04-07] (Sonic Solutions) [File not signed] S3 RivaTuner32; C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [9088 2009-08-22] () [File not signed] S3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [500096 2009-06-12] (Ralink Technology, Corp.) R1 SASDIFSV; C:\Documents and Settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Documents and Settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASKUTIL.SYS [67664 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2013-12-24] (IObit) R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed] R2 SVNDISUIO; C:\WINDOWS\System32\DRIVERS\SVNDISUIO.sys [40576 2008-01-20] (Intel Corporation) [File not signed] S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-01-03] (AnchorFree Inc) S3 tenCapture; C:\WINDOWS\System32\DRIVERS\tenCapture.sys [20664 2012-07-20] (Hajo Krabbenhöft) R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529128 2013-10-26] (Check Point Software Technologies LTD) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.) S3 Andbus; system32\DRIVERS\lgandbus.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag.sys [X] S3 AndGps; system32\DRIVERS\lgandgps.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X] S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X] S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X] S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X] S3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X] S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] S3 ndiskhaz; system32\DRIVERS\ndiskhaz.sys [X] S3 ndiskhazMP; system32\DRIVERS\ndiskhaz.sys [X] U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation) S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] U5 Psched; C:\Windows\System32\Drivers\Psched.sys [69120 2008-04-14] (Microsoft Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 19:31 - 2014-06-11 19:31 - 00555008 _____ () C:\Documents and Settings\Administrator\desktop\SASREPAIRS.STG 2014-06-11 19:31 - 2014-06-11 19:31 - 00115440 _____ (SuperAdBlocker.com) C:\Documents and Settings\Administrator\desktop\SASSEH.DLL 2014-06-09 21:39 - 2013-06-28 14:49 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuw.sys 2014-06-09 21:39 - 2013-06-28 14:49 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\athuw.sys 2014-06-09 21:39 - 2013-06-28 14:49 - 00007554 _____ () C:\WINDOWS\system32\netathuw.cat 2014-06-09 21:21 - 2014-06-09 21:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060914-01.dmp 2014-06-09 21:08 - 2014-06-09 21:13 - 13206671 _____ () C:\Documents and Settings\Administrator\desktop\TL-WN722N_V1_131113(2).zip 2014-06-09 20:15 - 2014-06-09 23:21 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-09 20:15 - 2014-06-09 20:15 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk 2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-09 20:15 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-09 20:15 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-09 00:33 - 2014-06-09 00:33 - 00001542 _____ () C:\Documents and Settings\All Users\desktop\iTunes.lnk 2014-06-09 00:32 - 2014-06-09 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-06-08 20:48 - 2014-06-08 20:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories 2014-06-08 16:27 - 2014-06-08 16:27 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-05.dmp 2014-06-08 16:05 - 2014-06-08 16:05 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-04.dmp 2014-06-08 15:57 - 2014-06-08 15:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-03.dmp 2014-06-08 11:19 - 2014-06-08 11:19 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-02.dmp 2014-06-08 10:36 - 2014-06-08 10:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-01.dmp 2014-06-08 09:39 - 2014-06-08 09:39 - 00004252 _____ () C:\Documents and Settings\Administrator\My Documents\bsod.txt 2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Program Files\NirSoft 2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\NirSoft BlueScreenView 2014-06-08 09:28 - 2014-06-08 09:29 - 00000000 ___SD () C:\32788R22FWJFW 2014-06-08 09:15 - 2014-06-08 09:26 - 00001343 _____ () C:\malware may 3014.txt 2014-06-07 22:50 - 2014-06-07 22:52 - 00005568 _____ () C:\Documents and Settings\Administrator\desktop\Rkill.txt 2014-06-07 20:18 - 2014-06-07 20:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060714-01.dmp 2014-06-07 13:25 - 2014-06-07 13:25 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds1.txt 2014-06-07 13:25 - 2014-06-07 13:25 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach 6 7 2014.txt 2014-06-07 13:21 - 2014-06-07 13:21 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds.txt 2014-06-07 13:21 - 2014-06-07 13:21 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach.txt 2014-06-07 09:21 - 2014-06-07 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\core 2014-06-07 08:59 - 2014-06-07 09:20 - 70948293 _____ () C:\Documents and Settings\Administrator\My Documents\core.zip 2014-06-07 08:59 - 2014-03-18 02:44 - 00000000 _____ () C:\Documents and Settings\Administrator\My Documents\patchjre.exe 2014-06-07 08:58 - 2014-06-07 09:11 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586 2014-06-07 08:28 - 2014-06-07 08:46 - 31112616 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586.exe 2014-06-06 20:54 - 2014-06-06 20:54 - 00000000 ____D () C:\Program Files\Logitech 2014-06-06 20:35 - 2014-06-06 20:38 - 79407448 _____ (Logitech Inc.) C:\Documents and Settings\Administrator\My Documents\SetPoint6.65.62_32.exe 2014-06-06 19:34 - 2014-03-09 16:35 - 00018700 _____ () C:\WINDOWS\system32\nvinfo.pb 2014-06-06 14:23 - 2014-06-06 14:23 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-06 14:23 - 2014-06-06 14:23 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-06 14:23 - 2014-06-06 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-06 14:20 - 2014-06-06 14:20 - 00918440 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-7u60-windows-i586-iftw.exe 2014-06-06 13:53 - 2014-06-06 14:23 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-06 13:53 - 2014-06-06 13:53 - 00000000 ____D () C:\Program Files\Java 2014-06-04 22:39 - 2014-06-04 22:39 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-04 22:39 - 2014-06-04 22:39 - 00000724 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk 2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-04 22:00 - 2014-06-11 20:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-06-04 18:11 - 2014-06-04 18:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\NVIDIA 2014-06-04 18:01 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack 2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner 2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SparkTrust 2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC 2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\eCyber 2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP 2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-03 21:54 - 2014-06-11 20:54 - 00002750 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-06-03 21:38 - 2014-05-13 15:18 - 03774821 _____ () C:\WINDOWS\system32\nvcoproc.bin 2014-06-03 21:37 - 2014-06-06 21:01 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin 2014-06-03 21:37 - 2014-06-06 21:00 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin 2014-06-03 21:37 - 2014-06-06 19:36 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin 2014-06-03 21:37 - 2014-06-03 21:37 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk 2014-06-03 21:33 - 2014-06-11 19:35 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1385937182.job 2014-06-03 19:24 - 2009-01-07 18:20 - 00016928 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll 2014-06-03 18:32 - 2014-06-11 18:03 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-06-03 18:32 - 2014-06-11 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-06-02 22:45 - 2014-06-02 22:45 - 00001037 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Pale Moon.lnk 2014-06-02 22:45 - 2014-06-02 22:45 - 00001031 _____ () C:\Documents and Settings\All Users\desktop\Pale Moon.lnk 2014-06-02 22:45 - 2014-06-02 22:45 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2014-06-02 22:45 - 2014-06-02 22:45 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk 2014-06-02 20:24 - 2014-06-04 18:01 - 00000000 ____D () C:\Program Files\AC3Filter 2014-06-02 20:24 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3Filter 2014-06-02 20:24 - 2013-04-05 21:26 - 01679360 _____ () C:\WINDOWS\system32\ac3filter.acm 2014-06-02 20:18 - 2014-06-04 18:01 - 00000000 ____D () C:\Program Files\AC3File 2014-06-02 20:18 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3File 2014-06-02 20:12 - 2014-06-04 18:01 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-06-02 20:12 - 2014-06-02 20:12 - 00001751 _____ () C:\Documents and Settings\All Users\desktop\Codec Tweak Tool.lnk 2014-06-02 18:40 - 2014-06-02 18:40 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060214-01.dmp 2014-06-01 20:16 - 2014-06-04 17:58 - 00000000 ____D () C:\Program Files\SlimCleaner 2014-06-01 20:16 - 2014-06-01 21:39 - 00002231 _____ () C:\Documents and Settings\All Users\desktop\SlimCleaner.lnk 2014-06-01 18:49 - 2014-06-01 18:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DriverCure 2014-06-01 18:48 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SparkTrust 2014-06-01 09:57 - 2014-06-01 09:57 - 00001312 _____ () C:\Documents and Settings\Administrator\desktop\JRT.txt 2014-06-01 09:20 - 2014-06-11 21:17 - 00000000 ____D () C:\FRST 2014-06-01 08:17 - 2014-06-11 19:35 - 00000300 _____ () C:\WINDOWS\wiadebug.log 2014-06-01 08:17 - 2014-06-11 19:35 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-06-01 08:17 - 2014-06-01 08:17 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log 2014-06-01 03:32 - 2014-06-01 16:33 - 19165360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2014-06-01 01:46 - 2014-06-11 20:50 - 00032252 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-31 23:15 - 2014-05-31 23:15 - 00001455 _____ () C:\Documents and Settings\All Users\Start Menu\YAC.lnk 2014-05-31 23:15 - 2014-05-31 23:15 - 00001455 _____ () C:\Documents and Settings\All Users\desktop\YAC.lnk 2014-05-31 23:15 - 2014-05-20 05:07 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys 2014-05-31 17:20 - 2014-05-31 17:20 - 00000766 _____ () C:\Documents and Settings\All Users\desktop\Emsisoft Anti-Malware.lnk 2014-05-31 17:19 - 2014-06-03 23:11 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-05-31 17:19 - 2014-05-31 17:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Anti-Malware 2014-05-31 15:40 - 2014-05-31 15:40 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-05-31 15:37 - 2014-05-31 15:37 - 01016261 _____ (Thisisu) C:\Documents and Settings\Administrator\desktop\JRT.exe 2014-05-29 22:40 - 2014-05-29 22:40 - 00000798 _____ () C:\Documents and Settings\Administrator\desktop\Shortcut (2) to ComboFix.lnk 2014-05-29 22:37 - 2014-05-20 13:26 - 01940216 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\desktop\rkill.exe 2014-05-29 22:34 - 2014-06-07 22:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\desktop\TDSSKiller.exe 2014-05-29 19:39 - 2014-06-11 19:35 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-05-29 19:39 - 2014-06-04 18:51 - 00001733 _____ () C:\Documents and Settings\All Users\desktop\avast! Free Antivirus.lnk 2014-05-29 19:39 - 2014-05-29 19:39 - 00777488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-05-29 19:39 - 2014-05-29 19:39 - 00411680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-05-29 19:39 - 2014-05-29 19:39 - 00095876 _____ () C:\Documents and Settings\All Users\Application Data\1401406377.bdinstall.bin 2014-05-29 19:39 - 2014-05-29 19:39 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys 2014-05-29 19:39 - 2014-05-29 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-05-29 19:39 - 2014-04-25 13:21 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1401406783656 2014-05-29 19:39 - 2014-04-25 13:21 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-05-29 19:39 - 2014-04-25 13:21 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-05-29 19:39 - 2014-04-25 13:21 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-05-29 19:39 - 2014-04-25 13:21 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1401406783656 2014-05-29 19:39 - 2014-04-25 13:21 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-05-29 19:39 - 2014-04-25 13:21 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-05-29 19:36 - 2014-05-29 19:36 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\avast anti virus may 2014 2014-05-29 19:14 - 2014-05-29 19:14 - 00058880 _____ () C:\Documents and Settings\All Users\Application Data\1401405235.bdinstall.bin 2014-05-29 19:13 - 2014-05-29 19:13 - 00037176 _____ () C:\Documents and Settings\All Users\Application Data\1401405226.bdinstall.bin 2014-05-29 19:05 - 2014-05-20 09:59 - 94714880 _____ (AVAST Software) C:\Documents and Settings\Administrator\desktop\avast_free_antivirus_setup.exe 2014-05-27 20:22 - 2014-05-27 20:22 - 00147768 _____ (SUPERAntiSpyware.com) C:\Documents and Settings\Administrator\desktop\SASCTXMN.DLL 2014-05-27 20:22 - 2014-05-27 20:22 - 00002048 _____ () C:\Documents and Settings\Administrator\desktop\DETECT.WAV 2014-05-26 20:45 - 2014-05-26 20:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan 2014-05-26 20:37 - 2014-05-26 20:37 - 00239416 _____ () C:\Documents and Settings\All Users\Application Data\1401150572.bdinstall.bin 2014-05-26 20:34 - 2014-05-26 20:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$ 2014-05-26 20:34 - 2014-05-26 20:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2014-05-26 20:34 - 2014-05-26 20:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2014-05-26 20:34 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll 2014-05-26 20:32 - 2014-05-26 20:33 - 00029239 _____ () C:\Report 2014-05-26 20.32.53.txt 2014-05-26 20:32 - 2014-05-26 20:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\QuickScan 2014-05-26 19:52 - 2014-05-26 19:52 - 00044820 _____ () C:\Documents and Settings\All Users\Application Data\1401148350.bdinstall.bin 2014-05-26 19:51 - 2014-05-26 19:52 - 09927424 _____ () C:\Documents and Settings\Administrator\My Documents\Antivirus_Free_Edition_x86.exe 2014-05-26 19:51 - 2012-12-13 06:05 - 00162208 _____ () C:\Documents and Settings\Administrator\My Documents\Antivirus_Free_Edition.exe 2014-05-26 14:58 - 2014-03-09 15:31 - 00377288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2014-05-26 14:58 - 2014-03-09 15:31 - 00156960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe 2014-05-26 14:58 - 2014-03-09 15:31 - 00145352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcolor.exe 2014-05-26 14:58 - 2014-03-09 15:31 - 00054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwddi.dll 2014-05-26 14:56 - 2014-03-09 16:35 - 22921216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglnt.dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103.dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(35).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(34).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(33).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(32).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(31).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(30).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(29).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(28).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(27).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(26).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(25).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(24).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(23).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(22).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(21).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(20).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(19).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(18).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(17).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(16).dll 2014-05-26 14:56 - 2013-02-18 09:22 - 00124264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda32.sys 2014-05-26 14:56 - 2013-02-18 09:22 - 00028008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap32.dll 2014-05-26 12:40 - 2014-05-26 07:55 - 188720264 _____ (NVIDIA Corporation) C:\Documents and Settings\Administrator\My Documents\337.88-desktop-winxp-32bit-english.exe 2014-05-26 11:40 - 2014-05-26 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0414c 2014-05-24 03:46 - 2014-05-24 03:47 - 00000000 ___SD () C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.1.0 2014-05-24 03:46 - 2014-05-24 03:46 - 00000877 _____ () C:\Documents and Settings\All Users\desktop\OpenOffice 4.1.0.lnk 2014-05-22 20:24 - 2014-05-19 22:32 - 01056200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll 2014-05-22 20:24 - 2014-05-19 22:32 - 00908744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll 2014-05-21 20:34 - 2009-03-08 17:26 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\My Documents\IE8-WindowsXP-x86-ENU.exe 2014-05-18 20:31 - 2014-05-18 20:31 - 00000869 _____ () C:\Documents and Settings\Administrator\My Documents\Shortcut to Picture345.lnk 2014-05-15 20:31 - 2014-05-15 20:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NVIDIA ==================== One Month Modified Files and Folders ======= 2015-07-24 22:24 - 2012-02-04 11:05 - 00000000 ____D () C:\Documents and Settings\ROBBY\desktop\Guru3D.com 2014-06-11 21:19 - 2012-08-14 19:25 - 00000304 _____ () C:\WINDOWS\Tasks\PC Performer Manager.job 2014-06-11 21:18 - 2011-02-20 11:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp 2014-06-11 21:17 - 2014-06-01 09:20 - 00000000 ____D () C:\FRST 2014-06-11 21:13 - 2014-01-12 00:12 - 00000794 _____ () C:\WINDOWS\Tasks\SBWUpdateTask_Time_4897187a-74EA3A945BD0.job 2014-06-11 20:54 - 2014-06-03 21:54 - 00002750 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-06-11 20:50 - 2014-06-01 01:46 - 00032252 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-11 20:48 - 2012-02-13 19:43 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job 2014-06-11 20:46 - 2014-01-12 00:17 - 00000954 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Time_333533383036373032322d3755556c415a505757414a34.job 2014-06-11 20:20 - 2014-06-04 22:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-06-11 19:44 - 2014-03-23 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP 2014-06-11 19:43 - 2013-01-19 16:29 - 00000000 ____D () C:\Program Files\SpywareBlaster 2014-06-11 19:36 - 2014-04-24 22:02 - 01876955 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-11 19:35 - 2014-06-03 21:33 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1385937182.job 2014-06-11 19:35 - 2014-06-01 08:17 - 00000300 _____ () C:\WINDOWS\wiadebug.log 2014-06-11 19:35 - 2014-06-01 08:17 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-06-11 19:35 - 2014-05-29 19:39 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-06-11 19:35 - 2006-02-28 08:00 - 00013742 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-11 19:34 - 2014-03-23 21:37 - 00000294 _____ () C:\WINDOWS\Tasks\SmartDefrag3_Update.job 2014-06-11 19:34 - 2014-03-17 22:24 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job 2014-06-11 19:34 - 2011-02-19 04:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-11 19:31 - 2014-06-11 19:31 - 00555008 _____ () C:\Documents and Settings\Administrator\desktop\SASREPAIRS.STG 2014-06-11 19:31 - 2014-06-11 19:31 - 00115440 _____ (SuperAdBlocker.com) C:\Documents and Settings\Administrator\desktop\SASSEH.DLL 2014-06-11 19:31 - 2011-02-20 11:39 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-06-11 19:31 - 2011-02-19 11:18 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt 2014-06-11 18:53 - 2014-03-08 15:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp 2014-06-11 18:52 - 2011-02-20 11:39 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-06-11 18:48 - 2012-02-13 19:43 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job 2014-06-11 18:05 - 2013-11-10 15:50 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-11 18:03 - 2014-06-03 18:32 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-06-11 18:03 - 2014-06-03 18:32 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-06-11 18:00 - 2014-03-16 20:58 - 00000452 _____ () C:\WINDOWS\Tasks\Geek Tech Registration3.job 2014-06-11 17:57 - 2014-03-03 00:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\7-Zip 2014-06-11 17:47 - 2012-11-29 23:54 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job 2014-06-09 23:21 - 2014-06-09 20:15 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-09 23:06 - 2014-01-15 17:55 - 228888576 _____ () C:\WINDOWS\MEMORY.DMP 2014-06-09 22:00 - 2013-08-11 20:39 - 00000000 ____D () C:\Program Files\Wireless Wizard 2014-06-09 21:47 - 2013-06-03 23:57 - 00000000 _____ () C:\WINDOWS\win.ini 2014-06-09 21:47 - 2011-02-18 19:55 - 00000327 ___SH () C:\boot.ini 2014-06-09 21:47 - 2006-02-28 08:00 - 00000246 _____ () C:\WINDOWS\system.ini 2014-06-09 21:39 - 2011-02-19 11:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK 2014-06-09 21:39 - 2011-02-19 04:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-09 21:34 - 2012-12-19 22:11 - 00417570 _____ () C:\WINDOWS\system32\vsconfig.xml 2014-06-09 21:21 - 2014-06-09 21:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060914-01.dmp 2014-06-09 21:13 - 2014-06-09 21:08 - 13206671 _____ () C:\Documents and Settings\Administrator\desktop\TL-WN722N_V1_131113(2).zip 2014-06-09 20:15 - 2014-06-09 20:15 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk 2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-09 00:35 - 2012-12-01 11:18 - 00001632 _____ () C:\Documents and Settings\Administrator\desktop\Update Checker.lnk 2014-06-09 00:35 - 2012-03-25 02:31 - 00001638 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Update Checker.lnk 2014-06-09 00:34 - 2014-03-16 20:58 - 00000408 _____ () C:\WINDOWS\Tasks\Geek Tech Update3.job 2014-06-09 00:33 - 2014-06-09 00:33 - 00001542 _____ () C:\Documents and Settings\All Users\desktop\iTunes.lnk 2014-06-09 00:33 - 2014-06-09 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-06-09 00:33 - 2013-10-05 03:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-06-09 00:33 - 2013-10-05 03:07 - 00000000 ____D () C:\Program Files\iTunes 2014-06-09 00:32 - 2012-09-11 21:15 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-06-08 23:36 - 2012-12-29 16:55 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job 2014-06-08 23:00 - 2014-03-16 23:33 - 00000394 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job 2014-06-08 21:07 - 2014-03-16 23:35 - 00189792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-06-08 20:48 - 2014-06-08 20:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories 2014-06-08 20:48 - 2011-02-19 04:11 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-06-08 20:48 - 2011-02-19 04:07 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb 2014-06-08 20:48 - 2011-02-19 04:07 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb 2014-06-08 20:46 - 2011-02-18 19:57 - 00795948 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-08 19:58 - 2011-02-28 01:11 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job 2014-06-08 19:40 - 2014-03-17 00:34 - 00044352 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-06-08 17:15 - 2012-03-26 04:09 - 00001812 _____ () C:\Documents and Settings\Administrator\desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-06-08 16:27 - 2014-06-08 16:27 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-05.dmp 2014-06-08 16:27 - 2013-01-17 20:41 - 00000000 ____D () C:\WINDOWS\Minidump 2014-06-08 16:05 - 2014-06-08 16:05 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-04.dmp 2014-06-08 15:57 - 2014-06-08 15:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-03.dmp 2014-06-08 15:26 - 2014-03-09 07:44 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-06-08 11:19 - 2014-06-08 11:19 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-02.dmp 2014-06-08 10:36 - 2014-06-08 10:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-01.dmp 2014-06-08 09:39 - 2014-06-08 09:39 - 00004252 _____ () C:\Documents and Settings\Administrator\My Documents\bsod.txt 2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Program Files\NirSoft 2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\NirSoft BlueScreenView 2014-06-08 09:29 - 2014-06-08 09:28 - 00000000 ___SD () C:\32788R22FWJFW 2014-06-08 09:26 - 2014-06-08 09:15 - 00001343 _____ () C:\malware may 3014.txt 2014-06-08 03:29 - 2014-03-16 20:58 - 00000585 _____ () C:\WINDOWS\Tasks\Geek Tech Tool Box_sch_33CA6888-AD6F-11E3-BB98-74EA3A945BD0.job 2014-06-07 22:52 - 2014-06-07 22:50 - 00005568 _____ () C:\Documents and Settings\Administrator\desktop\Rkill.txt 2014-06-07 22:50 - 2014-05-29 22:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\desktop\TDSSKiller.exe 2014-06-07 20:18 - 2014-06-07 20:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060714-01.dmp 2014-06-07 15:47 - 2011-02-19 10:08 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2014-06-07 13:25 - 2014-06-07 13:25 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds1.txt 2014-06-07 13:25 - 2014-06-07 13:25 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach 6 7 2014.txt 2014-06-07 13:21 - 2014-06-07 13:21 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds.txt 2014-06-07 13:21 - 2014-06-07 13:21 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach.txt 2014-06-07 09:34 - 2011-02-27 16:10 - 00001984 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-06-07 09:21 - 2014-06-07 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\core 2014-06-07 09:20 - 2014-06-07 08:59 - 70948293 _____ () C:\Documents and Settings\Administrator\My Documents\core.zip 2014-06-07 09:12 - 2014-04-05 15:42 - 00140800 ___SH () C:\Documents and Settings\Administrator\My Documents\Thumbs.db 2014-06-07 09:11 - 2014-06-07 08:58 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586 2014-06-07 08:46 - 2014-06-07 08:28 - 31112616 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586.exe 2014-06-06 22:35 - 2011-02-19 06:30 - 00000000 ____D () C:\WINDOWS\ServicePackFiles 2014-06-06 21:01 - 2014-06-03 21:37 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin 2014-06-06 21:00 - 2014-06-03 21:37 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin 2014-06-06 20:55 - 2011-03-27 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Logitech 2014-06-06 20:55 - 2011-03-14 09:31 - 00000000 ____D () C:\Program Files\Common Files\Logishrd 2014-06-06 20:54 - 2014-06-06 20:54 - 00000000 ____D () C:\Program Files\Logitech 2014-06-06 20:54 - 2011-03-27 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Logishrd 2014-06-06 20:43 - 2011-03-27 03:00 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 2014-06-06 20:38 - 2014-06-06 20:35 - 79407448 _____ (Logitech Inc.) C:\Documents and Settings\Administrator\My Documents\SetPoint6.65.62_32.exe 2014-06-06 19:36 - 2014-06-03 21:37 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin 2014-06-06 19:35 - 2011-02-19 10:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-06 14:23 - 2014-06-06 14:23 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-06 14:23 - 2014-06-06 14:23 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-06 14:23 - 2014-06-06 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-06 14:23 - 2014-06-06 13:53 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-06 14:20 - 2014-06-06 14:20 - 00918440 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-7u60-windows-i586-iftw.exe 2014-06-06 14:20 - 2011-02-20 16:09 - 00000000 ____D () C:\Program Files\Opera 2014-06-06 13:53 - 2014-06-06 13:53 - 00000000 ____D () C:\Program Files\Java 2014-06-05 19:34 - 2013-11-04 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData 2014-06-04 22:39 - 2014-06-04 22:39 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-04 22:39 - 2014-06-04 22:39 - 00000724 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk 2014-06-04 22:39 - 2012-03-24 15:03 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla 2014-06-04 22:39 - 2012-03-24 14:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla 2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-04 21:04 - 2011-02-19 22:59 - 00000000 ____D () C:\Documents and Settings\ROBBY\Local Settings\Application Data\Mozilla 2014-06-04 21:04 - 2011-02-19 22:59 - 00000000 ____D () C:\Documents and Settings\ROBBY\Application Data\Mozilla 2014-06-04 19:21 - 2003-03-31 07:00 - 00138752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sndvol32.exe 2014-06-04 19:21 - 2003-03-31 07:00 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe 2014-06-04 18:51 - 2014-05-29 19:39 - 00001733 _____ () C:\Documents and Settings\All Users\desktop\avast! Free Antivirus.lnk 2014-06-04 18:18 - 2014-05-09 23:14 - 00000000 ____D () C:\Documents and Settings\UpdatusUser.DEAN-426571A0EA 2014-06-04 18:18 - 2012-03-24 14:57 - 00000000 ____D () C:\Documents and Settings\rdg 2014-06-04 18:18 - 2011-02-19 04:12 - 00000000 ____D () C:\Documents and Settings\ROBBY 2014-06-04 18:18 - 2011-02-19 04:10 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-06-04 18:18 - 2011-02-19 04:05 - 00000000 ____D () C:\WINDOWS\Registration 2014-06-04 18:11 - 2014-06-04 18:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\NVIDIA 2014-06-04 18:11 - 2011-02-18 19:50 - 00000000 ____D () C:\WINDOWS\Help 2014-06-04 18:10 - 2011-02-19 04:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games 2014-06-04 18:01 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack 2014-06-04 18:01 - 2014-06-02 20:24 - 00000000 ____D () C:\Program Files\AC3Filter 2014-06-04 18:01 - 2014-06-02 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3Filter 2014-06-04 18:01 - 2014-06-02 20:18 - 00000000 ____D () C:\Program Files\AC3File 2014-06-04 18:01 - 2014-06-02 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3File 2014-06-04 18:01 - 2014-06-02 20:12 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-06-04 18:01 - 2011-04-03 04:06 - 00000000 ____D () C:\WINDOWS\system32\RTCOM 2014-06-04 17:59 - 2013-03-22 22:17 - 00000000 ____D () C:\Program Files\Aura4You 2014-06-04 17:59 - 2013-03-22 22:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Aura4You 2014-06-04 17:59 - 2011-02-19 05:25 - 00000000 ____D () C:\WINDOWS\system32\LogFiles 2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner 2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SparkTrust 2014-06-04 17:58 - 2014-06-01 20:16 - 00000000 ____D () C:\Program Files\SlimCleaner 2014-06-04 17:58 - 2014-06-01 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SparkTrust 2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC 2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\eCyber 2014-06-04 17:55 - 2014-02-08 19:03 - 00000000 ____D () C:\Program Files\MSI Kombustor 2.5 2014-06-04 17:55 - 2013-09-02 01:16 - 00000000 ____D () C:\Program Files\xParanormal Detector 2014-06-04 17:55 - 2013-08-12 21:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc 2014-06-04 17:55 - 2013-04-05 01:33 - 00000000 ____D () C:\Program Files\Cyberlink 2014-06-04 17:55 - 2012-03-25 17:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-06-04 17:55 - 2011-04-17 03:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-06-04 17:55 - 2011-02-20 21:44 - 00000000 ____D () C:\Program Files\Google 2014-06-04 17:43 - 2012-09-21 13:06 - 00000000 ____D () C:\Documents and Settings\Administrator\desktop\Unused Desktop Shortcuts 2014-06-03 23:55 - 2012-09-23 15:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\dvdcss 2014-06-03 23:42 - 2012-12-26 19:34 - 00000302 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job 2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP 2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware 2014-06-03 23:11 - 2014-05-31 17:19 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-03 23:11 - 2012-03-24 15:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit 2014-06-03 23:11 - 2011-12-26 00:38 - 00000000 ____D () C:\Program Files\MetaGeek 2014-06-03 22:34 - 2011-02-18 19:50 - 00000000 ____D () C:\WINDOWS\security 2014-06-03 21:37 - 2014-06-03 21:37 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk 2014-06-02 22:45 - 2014-06-02 22:45 - 00001037 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Pale Moon.lnk 2014-06-02 22:45 - 2014-06-02 22:45 - 00001031 _____ () C:\Documents and Settings\All Users\desktop\Pale Moon.lnk 2014-06-02 22:45 - 2014-06-02 22:45 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2014-06-02 22:45 - 2014-06-02 22:45 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk 2014-06-02 22:24 - 2012-08-17 22:02 - 000
  13. I really was not watching it that much because of the time it took but, it looked to have removed a lot I am still getting blue screens with the same error as I mentioned I know if I unplug my usb wireless device it will blue screen, and most of the time if I run A virus scans it will blue screen about 20mins into a full scan What has me stumped is when it blue screens the only way to get a successful boot up is to shut down and unplug power cable and kill all power and wait a few mins before it will boot to desk top?
  14. I ran the program as you asked, took close 3 hours and it went fine Just dont know if it fixed it because I still can not reboot, the only way I can reboot is to shut comp down and unplug it for a few mins and then it will boot, As far as the blue screen I have not had enough time to tell if thats going to happen.
  15. I can not find anything saved with combofix and on MalwareBytes I cant find anything save on or around the date I lost sound It happened on the 5/31/14 and all History is 6/1/14 ================================================== Dump File : Mini060714-01.dmp Crash Time : 6/7/2014 5:07:51 PM Bug Check String : DRIVER_CORRUPTED_EXPOOL Bug Check Code : 0x000000c5 Parameter 1 : 0x00000000 Parameter 2 : 0x00000002 Parameter 3 : 0x00000001 Parameter 4 : 0x8054b10d Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+6d80c File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421) Processor : 32-bit Crash Address : ntkrnlpa.exe+6d80c Stack Address 1 : ntkrnlpa.exe+7410d Stack Address 2 : ntkrnlpa.exe+7475f Stack Address 3 : NDIS.sys+15e8 Computer Name : Full Path : C:\WINDOWS\Minidump\Mini060714-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 2600 Dump File Size : 65,536 Dump File Time : 6/7/2014 8:18:55 PM ================================================== ================================================== Dump File : Mini060214-01.dmp Crash Time : 6/2/2014 6:37:25 PM Bug Check String : IRQL_NOT_LESS_OR_EQUAL Bug Check Code : 0x0000000a Parameter 1 : 0xb4351e00 Parameter 2 : 0x00000002 Parameter 3 : 0x00000001 Parameter 4 : 0x80540b40 Caused By Driver : ntkrnlpa.exe Caused By Address : ntkrnlpa.exe+6d80c File Description : NT Kernel & System Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421) Processor : 32-bit Crash Address : ntkrnlpa.exe+6d80c Stack Address 1 : ntkrnlpa.exe+69b40 Stack Address 2 : +f572 Stack Address 3 : +3ec Computer Name : Full Path : C:\WINDOWS\Minidump\Mini060214-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 2600 Dump File Size : 65,536 Dump File Time : 6/2/2014 6:40:45 PM ==================================================
×
×
  • Create New...