Jump to content

Been getting Blue screen errors


jackpot316
 Share

Recommended Posts

was told to post this log here for help

 

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.60.2
Run by Administrator at 13:20:32 on 2014-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1723 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = about:blank
uProxyServer = :0
BHO: <No Name>: {206E52E0-D52E-11D4-AD54-0000E86C26F6} - c:\program files\freshdevices\freshdownload\fdcatch.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350084045015
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342055826156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 101.113.228.1
TCP: Interfaces\{3BBAAFB3-DD67-4811-B5A9-A5FF43CE98D1} : DHCPNameServer = 101.113.228.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hvdie5vl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1212152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-23 13560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-3-5 15808]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-29 42784]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-29 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-29 180632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-5-29 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-5-29 411680]
S1 Eve;EVE Protocol Driver;c:\windows\system32\drivers\eve.sys [2013-5-17 33624]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;\??\c:\program files\isafe\isafekrnlkit.sys --> c:\program files\isafe\iSafeKrnlKit.sys [?]
S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\isafe\isafenetfilter.sys --> c:\program files\isafe\iSafeNetFilter.sys [?]
S1 SASDIFSV;SASDIFSV;c:\documents and settings\robby\desktop\asstdownloads\superantispyware\SASDIFSV.SYS [2011-2-19 12880]
S1 SASKUTIL;SASKUTIL;c:\documents and settings\robby\desktop\asstdownloads\superantispyware\SASKUTIL.SYS [2011-2-19 67664]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2013-11-2 32768]
S1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-10-26 529128]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2014-5-31 3045688]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-29 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-29 67824]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-2 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-14 54760]
S2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2011-2-19 188416]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-3-27 10136]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-4 2175264]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-5-15 1617696]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2011-12-26 19072]
S2 SVNDISUIO;SV NDIS User I/O Protocol Driver;c:\windows\system32\drivers\SVNDISUIO.sys [2013-9-2 40576]
S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2013-10-15 50704]
S3 !SASCORE;SAS Core Service;c:\documents and settings\robby\desktop\asstdownloads\superantispyware\SASCORE.EXE [2011-2-19 116608]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2014-5-31 73728]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-1-23 1691480]
S3 AmDriver;AmDriver;c:\windows\system32\AmDriver.sys [2013-9-2 8704]
S3 Amtrans;AirMagnet Analyzer Protocol;c:\windows\system32\drivers\Amtrans.sys [2013-9-2 61017]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys --> c:\windows\system32\drivers\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys --> c:\windows\system32\drivers\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys --> c:\windows\system32\drivers\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys --> c:\windows\system32\drivers\lgandmodem.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys --> c:\windows\system32\drivers\lgandnetdiag.sys [?]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys --> c:\windows\system32\drivers\lgandnetgps.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys --> c:\windows\system32\drivers\lgandnetmodem.sys [?]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys --> c:\windows\system32\drivers\lgandnetndis.sys [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-2-19 1763584]
S3 cpuz137;cpuz137;\??\c:\docume~1\admini~1\locals~1\temp\cpuz137\cpuz137_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz137\cpuz137_x32.sys [?]
S3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-5-19 15328]
S3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-5-19 13440]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\drivers\iSafeKrnlBoot.sys [2014-5-31 38912]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2011-2-19 360529]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-2-19 57440]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2013-7-18 762192]
S3 ndiskhaz;Azzouzi HotSpot Service;c:\windows\system32\drivers\ndiskhaz.sys --> c:\windows\system32\drivers\ndiskhaz.sys [?]
S3 ndiskhazMP;ndiskhazMP;c:\windows\system32\drivers\ndiskhaz.sys --> c:\windows\system32\drivers\ndiskhaz.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-2-28 36600]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eeye digital security\retina wireless scanner\PCANDIS5_WIFISCAN.SYS [2004-6-3 22131]
S3 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2011-12-26 185632]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
S3 SDScannerService;Spybot-S&D 2 Scanner Service; [x]
S3 SDUpdateService;Spybot-S&D 2 Updating Service; [x]
S3 SDWSCService;Spybot-S&D 2 Security Center Service; [x]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\system explorer\service\SystemExplorerService.exe [2013-1-19 567256]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2014-4-27 20664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 xVTNameService;xVTNameService;c:\program files\airmagnet inc\airmedic\xVTNameService.exe [2013-9-2 24456]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-07 02:06:49 -------- d-s---w- C:\ComboFix
2014-06-06 23:33:15 -------- d-----w- C:\NVIDIA
2014-06-06 18:23:43 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-06 17:53:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-05 02:39:00 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-06-04 22:18:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-06-04 22:18:20 -------- d-----w- c:\windows\system32\wbem\Repository
2014-06-04 22:11:17 -------- d-----w- c:\documents and settings\administrator\application data\NVIDIA
2014-06-04 21:58:42 -------- d-----w- c:\documents and settings\administrator\application data\SparkTrust
2014-06-04 21:55:30 -------- d-----w- c:\documents and settings\administrator\application data\eCyber
2014-06-04 03:11:39 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2014-06-04 01:38:00 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-04 01:37:09 1144544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-06-04 01:37:09 1144544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-06-04 01:37:09 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-06-03 22:32:51 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-03 22:32:51 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-03 00:24:13 1679360 ----a-w- c:\windows\system32\ac3filter.acm
2014-06-03 00:24:12 -------- d-----w- c:\program files\AC3Filter
2014-06-03 00:18:03 -------- d-----w- c:\program files\AC3File
2014-06-03 00:12:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-06-02 00:16:01 -------- d-----w- c:\program files\SlimCleaner
2014-06-01 22:49:30 -------- d-----w- c:\documents and settings\administrator\application data\DriverCure
2014-06-01 22:48:57 -------- d-----w- c:\documents and settings\all users\application data\SparkTrust
2014-06-01 13:20:34 -------- d-----w- C:\FRST
2014-06-01 07:32:24 19165360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-06-01 03:15:54 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-31 21:19:59 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-05-31 19:54:06 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-31 19:54:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-31 19:54:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-31 19:40:34 -------- d-----w- c:\windows\ERUNT
2014-05-29 23:39:17 95876 ----a-w- c:\documents and settings\all users\application data\1401406377.bdinstall.bin
2014-05-29 23:39:04 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-29 23:39:04 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-29 23:39:04 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-29 23:39:04 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-29 23:39:04 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-29 23:14:57 58880 ----a-w- c:\documents and settings\all users\application data\1401405235.bdinstall.bin
2014-05-29 23:13:54 37176 ----a-w- c:\documents and settings\all users\application data\1401405226.bdinstall.bin
2014-05-27 00:37:34 239416 ----a-w- c:\documents and settings\all users\application data\1401150572.bdinstall.bin
2014-05-27 00:34:10 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-27 00:32:53 -------- d-----w- c:\documents and settings\administrator\application data\QuickScan
2014-05-26 23:52:59 44820 ----a-w- c:\documents and settings\all users\application data\1401148350.bdinstall.bin
2014-05-26 18:58:43 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2014-05-26 18:58:43 145352 ----a-w- c:\windows\system32\nvcolor.exe
2014-05-26 18:58:42 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-26 18:58:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2014-05-26 15:40:58 -------- d-----w- c:\documents and settings\all users\application data\Avg_Update_0414c
2014-05-23 00:24:13 908744 ----a-w- c:\windows\system32\nvdispgenco32.dll
2014-05-23 00:24:13 1056200 ----a-w- c:\windows\system32\nvdispco32.dll
2014-05-16 00:31:17 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NVIDIA
2014-05-10 15:45:21 893728 ----a-w- c:\windows\system32\nvdispgenco3233182.dll
2014-05-10 15:45:21 1049888 ----a-w- c:\windows\system32\nvdispco3233182.dll
2014-05-10 15:11:12 -------- d-----w- c:\program files\RegTweaker
2014-05-10 03:13:01 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2014-05-10 03:13:01 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2014-05-10 02:15:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2014
.
==================== Find3M ====================
.
2014-06-07 01:02:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-07 00:43:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-06-04 23:21:56 138752 ----a-w- c:\windows\system32\sndvol32.exe
2014-05-12 16:14:06 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-04-25 17:21:33 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1401406783656
2014-04-25 17:21:33 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1401406783656
2014-04-25 17:21:32 43152 ----a-w- c:\windows\avastSS.scr
2014-03-19 00:24:24 28312 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2014-03-19 00:24:20 53528 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2014-03-19 00:24:18 37528 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2014-03-19 00:24:16 43800 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2014-03-19 00:24:08 10136 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2014-03-10 22:17:26 109856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-09 20:35:33 9715712 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-09 20:35:33 9682944 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-09 20:35:33 896456 ----a-w- c:\windows\system32\nvdispgenco3233528.dll
2014-03-09 20:35:33 4080384 ----a-w- c:\windows\system32\nv4_disp.dll
2014-03-09 20:35:33 2944344 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-09 20:35:33 2652160 ----a-w- c:\windows\system32\nvapi.dll
2014-03-09 20:35:33 2410784 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-09 20:35:33 22921216 ----a-w- c:\windows\system32\nvoglnt.dll
2014-03-09 20:35:33 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-09 20:35:33 12856232 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2014-03-09 20:35:33 1051080 ----a-w- c:\windows\system32\nvdispco3233528.dll
2014-03-09 19:31:57 15714592 ----a-w- c:\windows\system32\nvcpl.dll
.
============= FINISH: 13:21:35.04 ===============

Link to comment
Share on other sites

Hi jackpot316

 

First let me mention trying to find the root cause of Blue screen errors can be like trying to find a needle in a haystack but we'll give it a try.

 

You mentioned running a couple of tools in your other topic that I would like to see the result logs from

 

ComboFix

C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

How about c:\Combofix\combofix.txt <-- is it here?

 

MalwareBytes

Open MalwareBytes, then click on History

To the left side click on Quarantine logs, click on the log last run or the log ran before the sound issues occurred.

MalwareBytes has had an update recently after a false positive was found in which audio files were removed.

 

~~~~~~~~~~~~~~~~~~`

 

lets have a look at the stop code.

 

 

Download BlueScreenView

No installation required.

Double click on BlueScreenView.exe file to run the program.

When scanning is done, go Edit>Select All.

Go File>Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Link to comment
Share on other sites

I can not find anything saved with combofix and on MalwareBytes I cant find anything save on or around the date I lost sound It happened on the 5/31/14 and all History is 6/1/14

 

==================================================
Dump File : Mini060714-01.dmp
Crash Time : 6/7/2014 5:07:51 PM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8054b10d
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+6d80c
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+6d80c
Stack Address 1 : ntkrnlpa.exe+7410d
Stack Address 2 : ntkrnlpa.exe+7475f
Stack Address 3 : NDIS.sys+15e8
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini060714-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
Dump File Time : 6/7/2014 8:18:55 PM
==================================================

==================================================
Dump File : Mini060214-01.dmp
Crash Time : 6/2/2014 6:37:25 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0xb4351e00
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x80540b40
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+6d80c
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+6d80c
Stack Address 1 : ntkrnlpa.exe+69b40
Stack Address 2 : +f572
Stack Address 3 : +3ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini060214-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
Dump File Time : 6/2/2014 6:40:45 PM
==================================================

Edited by jackpot316
Link to comment
Share on other sites

 

Have you seen any of the articles that Microsoft has ended support for Windows XP?

 

**************

Download Windows Repair (all in one) from this site

 

Install the program then run it.

 

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

 

p22001645.gif

 

 

 

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

 

p22001646.gif

 

 

Go to Step 4 and under "System Restore" click on Create button:

 

p22001644.gif

 

 

Go to Start Repairs tab and click Start button.

 

p22001166.gif

 

 

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

 

p22001647.gif

 

Click on box next to the Restart System when Finished. Then click on Start.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Let me know how this goes then we can try other things.

Link to comment
Share on other sites

I ran the program as you asked, took close 3 hours and it went fine

Just dont know if it fixed it because I still can not reboot, the only way I can reboot is to shut comp down and unplug it for a few mins and then it will boot, As far as the blue screen I have not had enough time to tell if thats going to happen.

Link to comment
Share on other sites

OK

 

the one thing that stands out is the driver

Caused By Driver : ntkrnlpa.exe

Caused By Address : ntkrnlpa.exe+6d80c

 

When you ran those tools the other day can you recall if it took out a driver that looked like this one or something similar?

Link to comment
Share on other sites

I really was not watching it that much because of the time it took but, it looked to have removed a lot

 

I am still getting blue screens with the same error as I mentioned I know if I unplug my usb wireless device it will blue screen, and most of the time if I run A virus scans it will blue screen about 20mins into a full scan

 

What has me stumped is when it blue screens the only way to get a successful boot up is to shut down and unplug power cable and kill all power and wait a few mins before it will boot to desk top?

Link to comment
Share on other sites

 

What has me stumped is when it blue screens the only way to get a successful boot up is to shut down and unplug power cable and kill all power and wait a few mins before it will boot to desk top?

kinda starting to sound alot like hardware.

 

All I can do is start searching for malware.

 

Please download Farbar Recovery Scan Tool

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

(use correct version for your system.....Which system am I using?)

and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

 

 

Link to comment
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014
Ran by Administrator (administrator) on DEAN-426571A0EA on 11-06-2014 21:17:53
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Emsi Software GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Wireless) C:\Program Files\TP-LINK\QSS\jswpbapi.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Emsi Software GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-26] (Check Point Software Technologies LTD)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15714592 2014-03-09] (NVIDIA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1644491937-1767777339-839522115-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Authentication Packages] msv1_0 nwprovau

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1ED6FA27-D2CE-459F-ADEF-05864B1FCA29&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program Files\FreshDevices\FreshDownload\fdcatch.dll (FreshDevices Corp.)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\Administrator\desktop\SASSEH.DLL [115440 2014-06-11] (SuperAdBlocker.com)
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 101.113.228.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @meadco.com/neptune plugin,version=2.0.0.29 - C:\PROGRA~1\MEADCO~1\npmeadax.dll (MeadCo Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-02]

========================== Services (Whitelisted) =================

S3 !SASCORE; C:\Documents and Settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASCORE.EXE [116608 2013-01-19] (SUPERAntiSpyware.com) [File not signed]
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [3045688 2011-10-03] (Emsi Software GmbH)
R2 ACS; C:\WINDOWS\system32\acs.exe [495700 2009-05-12] (Atheros) [File not signed]
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-07] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
S3 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-06] (Oracle Corporation)
R2 jswpbapi; C:\Program Files\TP-LINK\QSS\jswpbapi.exe [188416 2009-09-21] (Wireless) [File not signed]
S3 jswpsapi; C:\Program Files\TP-LINK\QSS\jswpsapi.exe [360529 2009-09-21] (wireless) [File not signed]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-09-24] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-05-31] (IObit)
S3 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
S3 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
S3 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S3 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-26] (Check Point Software Technologies LTD)
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [1107456 2009-10-09] (Microsoft Corporation) [File not signed]
S4 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-26] (Microsoft Corporation) [File not signed]
S3 xVTNameService; C:\Program Files\AirMagnet Inc.\AirMedic\xVTNameService.exe [24456 2009-02-19] ()
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 SDScannerService; No ImagePath
S3 SDUpdateService; No ImagePath
S3 SDWSCService; No ImagePath

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [73728 2011-02-20] (Emsi Software GmbH)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AmDriver; C:\WINDOWS\system32\AMDriver.sys [8704 2009-02-19] (AirMagnet, Inc) [File not signed]
S3 Amtrans; C:\WINDOWS\System32\DRIVERS\amtrans.sys [61017 2009-02-19] (Windows ® 2000 DDK provider) [File not signed]
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2013-06-28] (Atheros Communications, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-19] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-29] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-29] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-29] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-05-12] (AVG Technologies)
S3 Egatebus; C:\WINDOWS\System32\drivers\egatebus.sys [15328 2006-05-19] (Axalto)
S3 Egaterdr; C:\WINDOWS\System32\drivers\egaterdr.sys [13440 2006-05-19] (Axalto)
S3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R1 Eve; C:\WINDOWS\System32\DRIVERS\eve.sys [33624 2013-03-28] ()
S3 EverestDriver; C:\Documents and Settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt [7168 2005-08-18] () [File not signed]
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-09-28] (GFI Software)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [38912 2014-05-20] (Elex do Brasil Participações Ltda)
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2012-02-04] (JMicron )
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2013-01-15] (JMicron Technology Corp.)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2009-09-21] (Atheros Communications, Inc.)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28312 2014-03-18] (Logitech, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 nvatabus; C:\WINDOWS\System32\drivers\nvatabus.sys [100736 2006-04-24] (NVIDIA Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2013-02-18] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 NVR0Dev; C:\WINDOWS\nvoclock.sys [29696 2007-09-04] (NVidia Corp.) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-02-28] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-28] (Microsoft Corporation)
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
S3 PCANDIS5_WIFISCAN.SYS; C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [22131 2004-06-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2012-12-22] (VSO Software) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2013-04-07] (Sonic Solutions) [File not signed]
S3 RivaTuner32; C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [9088 2009-08-22] () [File not signed]
S3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [500096 2009-06-12] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Documents and Settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Documents and Settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASKUTIL.SYS [67664 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2013-12-24] (IObit)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R2 SVNDISUIO; C:\WINDOWS\System32\DRIVERS\SVNDISUIO.sys [40576 2008-01-20] (Intel Corporation) [File not signed]
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-01-03] (AnchorFree Inc)
S3 tenCapture; C:\WINDOWS\System32\DRIVERS\tenCapture.sys [20664 2012-07-20] (Hajo Krabbenhöft)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [529128 2013-10-26] (Check Point Software Technologies LTD)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X]
S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X]
S3 ndiskhaz; system32\DRIVERS\ndiskhaz.sys [X]
S3 ndiskhazMP; system32\DRIVERS\ndiskhaz.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 Psched; C:\Windows\System32\Drivers\Psched.sys [69120 2008-04-14] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 19:31 - 2014-06-11 19:31 - 00555008 _____ () C:\Documents and Settings\Administrator\desktop\SASREPAIRS.STG
2014-06-11 19:31 - 2014-06-11 19:31 - 00115440 _____ (SuperAdBlocker.com) C:\Documents and Settings\Administrator\desktop\SASSEH.DLL
2014-06-09 21:39 - 2013-06-28 14:49 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuw.sys
2014-06-09 21:39 - 2013-06-28 14:49 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\athuw.sys
2014-06-09 21:39 - 2013-06-28 14:49 - 00007554 _____ () C:\WINDOWS\system32\netathuw.cat
2014-06-09 21:21 - 2014-06-09 21:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060914-01.dmp
2014-06-09 21:08 - 2014-06-09 21:13 - 13206671 _____ () C:\Documents and Settings\Administrator\desktop\TL-WN722N_V1_131113(2).zip
2014-06-09 20:15 - 2014-06-09 23:21 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 20:15 - 2014-06-09 20:15 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 20:15 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-09 20:15 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-09 00:33 - 2014-06-09 00:33 - 00001542 _____ () C:\Documents and Settings\All Users\desktop\iTunes.lnk
2014-06-09 00:32 - 2014-06-09 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-08 20:48 - 2014-06-08 20:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-06-08 16:27 - 2014-06-08 16:27 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-05.dmp
2014-06-08 16:05 - 2014-06-08 16:05 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-04.dmp
2014-06-08 15:57 - 2014-06-08 15:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-03.dmp
2014-06-08 11:19 - 2014-06-08 11:19 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-02.dmp
2014-06-08 10:36 - 2014-06-08 10:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-01.dmp
2014-06-08 09:39 - 2014-06-08 09:39 - 00004252 _____ () C:\Documents and Settings\Administrator\My Documents\bsod.txt
2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Program Files\NirSoft
2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\NirSoft BlueScreenView
2014-06-08 09:28 - 2014-06-08 09:29 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-08 09:15 - 2014-06-08 09:26 - 00001343 _____ () C:\malware may 3014.txt
2014-06-07 22:50 - 2014-06-07 22:52 - 00005568 _____ () C:\Documents and Settings\Administrator\desktop\Rkill.txt
2014-06-07 20:18 - 2014-06-07 20:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060714-01.dmp
2014-06-07 13:25 - 2014-06-07 13:25 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds1.txt
2014-06-07 13:25 - 2014-06-07 13:25 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach 6 7 2014.txt
2014-06-07 13:21 - 2014-06-07 13:21 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds.txt
2014-06-07 13:21 - 2014-06-07 13:21 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach.txt
2014-06-07 09:21 - 2014-06-07 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\core
2014-06-07 08:59 - 2014-06-07 09:20 - 70948293 _____ () C:\Documents and Settings\Administrator\My Documents\core.zip
2014-06-07 08:59 - 2014-03-18 02:44 - 00000000 _____ () C:\Documents and Settings\Administrator\My Documents\patchjre.exe
2014-06-07 08:58 - 2014-06-07 09:11 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586
2014-06-07 08:28 - 2014-06-07 08:46 - 31112616 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586.exe
2014-06-06 20:54 - 2014-06-06 20:54 - 00000000 ____D () C:\Program Files\Logitech
2014-06-06 20:35 - 2014-06-06 20:38 - 79407448 _____ (Logitech Inc.) C:\Documents and Settings\Administrator\My Documents\SetPoint6.65.62_32.exe
2014-06-06 19:34 - 2014-03-09 16:35 - 00018700 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-06-06 14:23 - 2014-06-06 14:23 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-06 14:23 - 2014-06-06 14:23 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-06 14:23 - 2014-06-06 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-06 14:20 - 2014-06-06 14:20 - 00918440 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-7u60-windows-i586-iftw.exe
2014-06-06 13:53 - 2014-06-06 14:23 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-06 13:53 - 2014-06-06 13:53 - 00000000 ____D () C:\Program Files\Java
2014-06-04 22:39 - 2014-06-04 22:39 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-04 22:39 - 2014-06-04 22:39 - 00000724 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-04 22:00 - 2014-06-11 20:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-04 18:11 - 2014-06-04 18:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\NVIDIA
2014-06-04 18:01 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SparkTrust
2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC
2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\eCyber
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-03 21:54 - 2014-06-11 20:54 - 00002750 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-06-03 21:38 - 2014-05-13 15:18 - 03774821 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-06-03 21:37 - 2014-06-06 21:01 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-06-03 21:37 - 2014-06-06 21:00 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-06-03 21:37 - 2014-06-06 19:36 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-06-03 21:37 - 2014-06-03 21:37 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-06-03 21:33 - 2014-06-11 19:35 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1385937182.job
2014-06-03 19:24 - 2009-01-07 18:20 - 00016928 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-06-03 18:32 - 2014-06-11 18:03 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-03 18:32 - 2014-06-11 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-02 22:45 - 2014-06-02 22:45 - 00001037 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Pale Moon.lnk
2014-06-02 22:45 - 2014-06-02 22:45 - 00001031 _____ () C:\Documents and Settings\All Users\desktop\Pale Moon.lnk
2014-06-02 22:45 - 2014-06-02 22:45 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-06-02 22:45 - 2014-06-02 22:45 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-06-02 20:24 - 2014-06-04 18:01 - 00000000 ____D () C:\Program Files\AC3Filter
2014-06-02 20:24 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3Filter
2014-06-02 20:24 - 2013-04-05 21:26 - 01679360 _____ () C:\WINDOWS\system32\ac3filter.acm
2014-06-02 20:18 - 2014-06-04 18:01 - 00000000 ____D () C:\Program Files\AC3File
2014-06-02 20:18 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3File
2014-06-02 20:12 - 2014-06-04 18:01 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-06-02 20:12 - 2014-06-02 20:12 - 00001751 _____ () C:\Documents and Settings\All Users\desktop\Codec Tweak Tool.lnk
2014-06-02 18:40 - 2014-06-02 18:40 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060214-01.dmp
2014-06-01 20:16 - 2014-06-04 17:58 - 00000000 ____D () C:\Program Files\SlimCleaner
2014-06-01 20:16 - 2014-06-01 21:39 - 00002231 _____ () C:\Documents and Settings\All Users\desktop\SlimCleaner.lnk
2014-06-01 18:49 - 2014-06-01 18:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DriverCure
2014-06-01 18:48 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SparkTrust
2014-06-01 09:57 - 2014-06-01 09:57 - 00001312 _____ () C:\Documents and Settings\Administrator\desktop\JRT.txt
2014-06-01 09:20 - 2014-06-11 21:17 - 00000000 ____D () C:\FRST
2014-06-01 08:17 - 2014-06-11 19:35 - 00000300 _____ () C:\WINDOWS\wiadebug.log
2014-06-01 08:17 - 2014-06-11 19:35 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-01 08:17 - 2014-06-01 08:17 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-06-01 03:32 - 2014-06-01 16:33 - 19165360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-06-01 01:46 - 2014-06-11 20:50 - 00032252 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-31 23:15 - 2014-05-31 23:15 - 00001455 _____ () C:\Documents and Settings\All Users\Start Menu\YAC.lnk
2014-05-31 23:15 - 2014-05-31 23:15 - 00001455 _____ () C:\Documents and Settings\All Users\desktop\YAC.lnk
2014-05-31 23:15 - 2014-05-20 05:07 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-05-31 17:20 - 2014-05-31 17:20 - 00000766 _____ () C:\Documents and Settings\All Users\desktop\Emsisoft Anti-Malware.lnk
2014-05-31 17:19 - 2014-06-03 23:11 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-05-31 17:19 - 2014-05-31 17:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Anti-Malware
2014-05-31 15:40 - 2014-05-31 15:40 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-31 15:37 - 2014-05-31 15:37 - 01016261 _____ (Thisisu) C:\Documents and Settings\Administrator\desktop\JRT.exe
2014-05-29 22:40 - 2014-05-29 22:40 - 00000798 _____ () C:\Documents and Settings\Administrator\desktop\Shortcut (2) to ComboFix.lnk
2014-05-29 22:37 - 2014-05-20 13:26 - 01940216 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\desktop\rkill.exe
2014-05-29 22:34 - 2014-06-07 22:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\desktop\TDSSKiller.exe
2014-05-29 19:39 - 2014-06-11 19:35 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-29 19:39 - 2014-06-04 18:51 - 00001733 _____ () C:\Documents and Settings\All Users\desktop\avast! Free Antivirus.lnk
2014-05-29 19:39 - 2014-05-29 19:39 - 00777488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-29 19:39 - 2014-05-29 19:39 - 00411680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-29 19:39 - 2014-05-29 19:39 - 00095876 _____ () C:\Documents and Settings\All Users\Application Data\1401406377.bdinstall.bin
2014-05-29 19:39 - 2014-05-29 19:39 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-05-29 19:39 - 2014-05-29 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-05-29 19:39 - 2014-04-25 13:21 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1401406783656
2014-05-29 19:39 - 2014-04-25 13:21 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-29 19:39 - 2014-04-25 13:21 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-29 19:39 - 2014-04-25 13:21 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-05-29 19:39 - 2014-04-25 13:21 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1401406783656
2014-05-29 19:39 - 2014-04-25 13:21 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-29 19:39 - 2014-04-25 13:21 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-29 19:36 - 2014-05-29 19:36 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\avast anti virus may 2014
2014-05-29 19:14 - 2014-05-29 19:14 - 00058880 _____ () C:\Documents and Settings\All Users\Application Data\1401405235.bdinstall.bin
2014-05-29 19:13 - 2014-05-29 19:13 - 00037176 _____ () C:\Documents and Settings\All Users\Application Data\1401405226.bdinstall.bin
2014-05-29 19:05 - 2014-05-20 09:59 - 94714880 _____ (AVAST Software) C:\Documents and Settings\Administrator\desktop\avast_free_antivirus_setup.exe
2014-05-27 20:22 - 2014-05-27 20:22 - 00147768 _____ (SUPERAntiSpyware.com) C:\Documents and Settings\Administrator\desktop\SASCTXMN.DLL
2014-05-27 20:22 - 2014-05-27 20:22 - 00002048 _____ () C:\Documents and Settings\Administrator\desktop\DETECT.WAV
2014-05-26 20:45 - 2014-05-26 20:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2014-05-26 20:37 - 2014-05-26 20:37 - 00239416 _____ () C:\Documents and Settings\All Users\Application Data\1401150572.bdinstall.bin
2014-05-26 20:34 - 2014-05-26 20:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-05-26 20:34 - 2014-05-26 20:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-05-26 20:34 - 2014-05-26 20:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-05-26 20:34 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2014-05-26 20:32 - 2014-05-26 20:33 - 00029239 _____ () C:\Report 2014-05-26 20.32.53.txt
2014-05-26 20:32 - 2014-05-26 20:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\QuickScan
2014-05-26 19:52 - 2014-05-26 19:52 - 00044820 _____ () C:\Documents and Settings\All Users\Application Data\1401148350.bdinstall.bin
2014-05-26 19:51 - 2014-05-26 19:52 - 09927424 _____ () C:\Documents and Settings\Administrator\My Documents\Antivirus_Free_Edition_x86.exe
2014-05-26 19:51 - 2012-12-13 06:05 - 00162208 _____ () C:\Documents and Settings\Administrator\My Documents\Antivirus_Free_Edition.exe
2014-05-26 14:58 - 2014-03-09 15:31 - 00377288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-05-26 14:58 - 2014-03-09 15:31 - 00156960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
2014-05-26 14:58 - 2014-03-09 15:31 - 00145352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcolor.exe
2014-05-26 14:58 - 2014-03-09 15:31 - 00054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwddi.dll
2014-05-26 14:56 - 2014-03-09 16:35 - 22921216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglnt.dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103.dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(35).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(34).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(33).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(32).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(31).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(30).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(29).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(28).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(27).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(26).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(25).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(24).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(23).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(22).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(21).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(20).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(19).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(18).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(17).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00884072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103(16).dll
2014-05-26 14:56 - 2013-02-18 09:22 - 00124264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda32.sys
2014-05-26 14:56 - 2013-02-18 09:22 - 00028008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap32.dll
2014-05-26 12:40 - 2014-05-26 07:55 - 188720264 _____ (NVIDIA Corporation) C:\Documents and Settings\Administrator\My Documents\337.88-desktop-winxp-32bit-english.exe
2014-05-26 11:40 - 2014-05-26 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0414c
2014-05-24 03:46 - 2014-05-24 03:47 - 00000000 ___SD () C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.1.0
2014-05-24 03:46 - 2014-05-24 03:46 - 00000877 _____ () C:\Documents and Settings\All Users\desktop\OpenOffice 4.1.0.lnk
2014-05-22 20:24 - 2014-05-19 22:32 - 01056200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll
2014-05-22 20:24 - 2014-05-19 22:32 - 00908744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll
2014-05-21 20:34 - 2009-03-08 17:26 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\My Documents\IE8-WindowsXP-x86-ENU.exe
2014-05-18 20:31 - 2014-05-18 20:31 - 00000869 _____ () C:\Documents and Settings\Administrator\My Documents\Shortcut to Picture345.lnk
2014-05-15 20:31 - 2014-05-15 20:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NVIDIA

==================== One Month Modified Files and Folders =======

2015-07-24 22:24 - 2012-02-04 11:05 - 00000000 ____D () C:\Documents and Settings\ROBBY\desktop\Guru3D.com
2014-06-11 21:19 - 2012-08-14 19:25 - 00000304 _____ () C:\WINDOWS\Tasks\PC Performer Manager.job
2014-06-11 21:18 - 2011-02-20 11:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-11 21:17 - 2014-06-01 09:20 - 00000000 ____D () C:\FRST
2014-06-11 21:13 - 2014-01-12 00:12 - 00000794 _____ () C:\WINDOWS\Tasks\SBWUpdateTask_Time_4897187a-74EA3A945BD0.job
2014-06-11 20:54 - 2014-06-03 21:54 - 00002750 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-06-11 20:50 - 2014-06-01 01:46 - 00032252 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-11 20:48 - 2012-02-13 19:43 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job
2014-06-11 20:46 - 2014-01-12 00:17 - 00000954 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Time_333533383036373032322d3755556c415a505757414a34.job
2014-06-11 20:20 - 2014-06-04 22:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-11 19:44 - 2014-03-23 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-06-11 19:43 - 2013-01-19 16:29 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-11 19:36 - 2014-04-24 22:02 - 01876955 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-11 19:35 - 2014-06-03 21:33 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1385937182.job
2014-06-11 19:35 - 2014-06-01 08:17 - 00000300 _____ () C:\WINDOWS\wiadebug.log
2014-06-11 19:35 - 2014-06-01 08:17 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-11 19:35 - 2014-05-29 19:39 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-06-11 19:35 - 2006-02-28 08:00 - 00013742 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-11 19:34 - 2014-03-23 21:37 - 00000294 _____ () C:\WINDOWS\Tasks\SmartDefrag3_Update.job
2014-06-11 19:34 - 2014-03-17 22:24 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
2014-06-11 19:34 - 2011-02-19 04:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-11 19:31 - 2014-06-11 19:31 - 00555008 _____ () C:\Documents and Settings\Administrator\desktop\SASREPAIRS.STG
2014-06-11 19:31 - 2014-06-11 19:31 - 00115440 _____ (SuperAdBlocker.com) C:\Documents and Settings\Administrator\desktop\SASSEH.DLL
2014-06-11 19:31 - 2011-02-20 11:39 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-11 19:31 - 2011-02-19 11:18 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-06-11 18:53 - 2014-03-08 15:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-06-11 18:52 - 2011-02-20 11:39 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-11 18:48 - 2012-02-13 19:43 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job
2014-06-11 18:05 - 2013-11-10 15:50 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 18:03 - 2014-06-03 18:32 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-11 18:03 - 2014-06-03 18:32 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-11 18:00 - 2014-03-16 20:58 - 00000452 _____ () C:\WINDOWS\Tasks\Geek Tech Registration3.job
2014-06-11 17:57 - 2014-03-03 00:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\7-Zip
2014-06-11 17:47 - 2012-11-29 23:54 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job
2014-06-09 23:21 - 2014-06-09 20:15 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 23:06 - 2014-01-15 17:55 - 228888576 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-09 22:00 - 2013-08-11 20:39 - 00000000 ____D () C:\Program Files\Wireless Wizard
2014-06-09 21:47 - 2013-06-03 23:57 - 00000000 _____ () C:\WINDOWS\win.ini
2014-06-09 21:47 - 2011-02-18 19:55 - 00000327 ___SH () C:\boot.ini
2014-06-09 21:47 - 2006-02-28 08:00 - 00000246 _____ () C:\WINDOWS\system.ini
2014-06-09 21:39 - 2011-02-19 11:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
2014-06-09 21:39 - 2011-02-19 04:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-09 21:34 - 2012-12-19 22:11 - 00417570 _____ () C:\WINDOWS\system32\vsconfig.xml
2014-06-09 21:21 - 2014-06-09 21:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060914-01.dmp
2014-06-09 21:13 - 2014-06-09 21:08 - 13206671 _____ () C:\Documents and Settings\Administrator\desktop\TL-WN722N_V1_131113(2).zip
2014-06-09 20:15 - 2014-06-09 20:15 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-09 20:15 - 2014-06-09 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 00:35 - 2012-12-01 11:18 - 00001632 _____ () C:\Documents and Settings\Administrator\desktop\Update Checker.lnk
2014-06-09 00:35 - 2012-03-25 02:31 - 00001638 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Update Checker.lnk
2014-06-09 00:34 - 2014-03-16 20:58 - 00000408 _____ () C:\WINDOWS\Tasks\Geek Tech Update3.job
2014-06-09 00:33 - 2014-06-09 00:33 - 00001542 _____ () C:\Documents and Settings\All Users\desktop\iTunes.lnk
2014-06-09 00:33 - 2014-06-09 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-09 00:33 - 2013-10-05 03:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-06-09 00:33 - 2013-10-05 03:07 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 00:32 - 2012-09-11 21:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-08 23:36 - 2012-12-29 16:55 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
2014-06-08 23:00 - 2014-03-16 23:33 - 00000394 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job
2014-06-08 21:07 - 2014-03-16 23:35 - 00189792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-08 20:48 - 2014-06-08 20:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-06-08 20:48 - 2011-02-19 04:11 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-06-08 20:48 - 2011-02-19 04:07 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-06-08 20:48 - 2011-02-19 04:07 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-06-08 20:46 - 2011-02-18 19:57 - 00795948 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-08 19:58 - 2011-02-28 01:11 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job
2014-06-08 19:40 - 2014-03-17 00:34 - 00044352 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-08 17:15 - 2012-03-26 04:09 - 00001812 _____ () C:\Documents and Settings\Administrator\desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-06-08 16:27 - 2014-06-08 16:27 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-05.dmp
2014-06-08 16:27 - 2013-01-17 20:41 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-08 16:05 - 2014-06-08 16:05 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-04.dmp
2014-06-08 15:57 - 2014-06-08 15:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-03.dmp
2014-06-08 15:26 - 2014-03-09 07:44 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-06-08 11:19 - 2014-06-08 11:19 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-02.dmp
2014-06-08 10:36 - 2014-06-08 10:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060814-01.dmp
2014-06-08 09:39 - 2014-06-08 09:39 - 00004252 _____ () C:\Documents and Settings\Administrator\My Documents\bsod.txt
2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Program Files\NirSoft
2014-06-08 09:35 - 2014-06-08 09:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\NirSoft BlueScreenView
2014-06-08 09:29 - 2014-06-08 09:28 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-08 09:26 - 2014-06-08 09:15 - 00001343 _____ () C:\malware may 3014.txt
2014-06-08 03:29 - 2014-03-16 20:58 - 00000585 _____ () C:\WINDOWS\Tasks\Geek Tech Tool Box_sch_33CA6888-AD6F-11E3-BB98-74EA3A945BD0.job
2014-06-07 22:52 - 2014-06-07 22:50 - 00005568 _____ () C:\Documents and Settings\Administrator\desktop\Rkill.txt
2014-06-07 22:50 - 2014-05-29 22:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\desktop\TDSSKiller.exe
2014-06-07 20:18 - 2014-06-07 20:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini060714-01.dmp
2014-06-07 15:47 - 2011-02-19 10:08 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-06-07 13:25 - 2014-06-07 13:25 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds1.txt
2014-06-07 13:25 - 2014-06-07 13:25 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach 6 7 2014.txt
2014-06-07 13:21 - 2014-06-07 13:21 - 00021362 _____ () C:\Documents and Settings\Administrator\desktop\dds.txt
2014-06-07 13:21 - 2014-06-07 13:21 - 00018451 _____ () C:\Documents and Settings\Administrator\desktop\attach.txt
2014-06-07 09:34 - 2011-02-27 16:10 - 00001984 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-07 09:21 - 2014-06-07 09:21 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\core
2014-06-07 09:20 - 2014-06-07 08:59 - 70948293 _____ () C:\Documents and Settings\Administrator\My Documents\core.zip
2014-06-07 09:12 - 2014-04-05 15:42 - 00140800 ___SH () C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2014-06-07 09:11 - 2014-06-07 08:58 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586
2014-06-07 08:46 - 2014-06-07 08:28 - 31112616 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-8u5-windows-i586.exe
2014-06-06 22:35 - 2011-02-19 06:30 - 00000000 ____D () C:\WINDOWS\ServicePackFiles
2014-06-06 21:01 - 2014-06-03 21:37 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-06-06 21:00 - 2014-06-03 21:37 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-06-06 20:55 - 2011-03-27 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
2014-06-06 20:55 - 2011-03-14 09:31 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-06-06 20:54 - 2014-06-06 20:54 - 00000000 ____D () C:\Program Files\Logitech
2014-06-06 20:54 - 2011-03-27 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Logishrd
2014-06-06 20:43 - 2011-03-27 03:00 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-06-06 20:38 - 2014-06-06 20:35 - 79407448 _____ (Logitech Inc.) C:\Documents and Settings\Administrator\My Documents\SetPoint6.65.62_32.exe
2014-06-06 19:36 - 2014-06-03 21:37 - 01144544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-06-06 19:35 - 2011-02-19 10:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-06 14:23 - 2014-06-06 14:23 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-06 14:23 - 2014-06-06 14:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-06 14:23 - 2014-06-06 14:23 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-06 14:23 - 2014-06-06 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-06 14:23 - 2014-06-06 13:53 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-06 14:20 - 2014-06-06 14:20 - 00918440 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\My Documents\jre-7u60-windows-i586-iftw.exe
2014-06-06 14:20 - 2011-02-20 16:09 - 00000000 ____D () C:\Program Files\Opera
2014-06-06 13:53 - 2014-06-06 13:53 - 00000000 ____D () C:\Program Files\Java
2014-06-05 19:34 - 2013-11-04 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2014-06-04 22:39 - 2014-06-04 22:39 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-04 22:39 - 2014-06-04 22:39 - 00000724 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-06-04 22:39 - 2012-03-24 15:03 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-06-04 22:39 - 2012-03-24 14:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-04 21:04 - 2011-02-19 22:59 - 00000000 ____D () C:\Documents and Settings\ROBBY\Local Settings\Application Data\Mozilla
2014-06-04 21:04 - 2011-02-19 22:59 - 00000000 ____D () C:\Documents and Settings\ROBBY\Application Data\Mozilla
2014-06-04 19:21 - 2003-03-31 07:00 - 00138752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sndvol32.exe
2014-06-04 19:21 - 2003-03-31 07:00 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
2014-06-04 18:51 - 2014-05-29 19:39 - 00001733 _____ () C:\Documents and Settings\All Users\desktop\avast! Free Antivirus.lnk
2014-06-04 18:18 - 2014-05-09 23:14 - 00000000 ____D () C:\Documents and Settings\UpdatusUser.DEAN-426571A0EA
2014-06-04 18:18 - 2012-03-24 14:57 - 00000000 ____D () C:\Documents and Settings\rdg
2014-06-04 18:18 - 2011-02-19 04:12 - 00000000 ____D () C:\Documents and Settings\ROBBY
2014-06-04 18:18 - 2011-02-19 04:10 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-06-04 18:18 - 2011-02-19 04:05 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-04 18:11 - 2014-06-04 18:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\NVIDIA
2014-06-04 18:11 - 2011-02-18 19:50 - 00000000 ____D () C:\WINDOWS\Help
2014-06-04 18:10 - 2011-02-19 04:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-06-04 18:01 - 2014-06-04 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-06-04 18:01 - 2014-06-02 20:24 - 00000000 ____D () C:\Program Files\AC3Filter
2014-06-04 18:01 - 2014-06-02 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3Filter
2014-06-04 18:01 - 2014-06-02 20:18 - 00000000 ____D () C:\Program Files\AC3File
2014-06-04 18:01 - 2014-06-02 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AC3File
2014-06-04 18:01 - 2014-06-02 20:12 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-06-04 18:01 - 2011-04-03 04:06 - 00000000 ____D () C:\WINDOWS\system32\RTCOM
2014-06-04 17:59 - 2013-03-22 22:17 - 00000000 ____D () C:\Program Files\Aura4You
2014-06-04 17:59 - 2013-03-22 22:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Aura4You
2014-06-04 17:59 - 2011-02-19 05:25 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
2014-06-04 17:58 - 2014-06-04 17:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SparkTrust
2014-06-04 17:58 - 2014-06-01 20:16 - 00000000 ____D () C:\Program Files\SlimCleaner
2014-06-04 17:58 - 2014-06-01 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SparkTrust
2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC
2014-06-04 17:55 - 2014-06-04 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\eCyber
2014-06-04 17:55 - 2014-02-08 19:03 - 00000000 ____D () C:\Program Files\MSI Kombustor 2.5
2014-06-04 17:55 - 2013-09-02 01:16 - 00000000 ____D () C:\Program Files\xParanormal Detector
2014-06-04 17:55 - 2013-08-12 21:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-06-04 17:55 - 2013-04-05 01:33 - 00000000 ____D () C:\Program Files\Cyberlink
2014-06-04 17:55 - 2012-03-25 17:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-06-04 17:55 - 2011-04-17 03:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-06-04 17:55 - 2011-02-20 21:44 - 00000000 ____D () C:\Program Files\Google
2014-06-04 17:43 - 2012-09-21 13:06 - 00000000 ____D () C:\Documents and Settings\Administrator\desktop\Unused Desktop Shortcuts
2014-06-03 23:55 - 2012-09-23 15:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\dvdcss
2014-06-03 23:42 - 2012-12-26 19:34 - 00000302 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-03 23:11 - 2014-05-31 17:19 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-03 23:11 - 2012-03-24 15:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2014-06-03 23:11 - 2011-12-26 00:38 - 00000000 ____D () C:\Program Files\MetaGeek
2014-06-03 22:34 - 2011-02-18 19:50 - 00000000 ____D () C:\WINDOWS\security
2014-06-03 21:37 - 2014-06-03 21:37 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-06-02 22:45 - 2014-06-02 22:45 - 00001037 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Pale Moon.lnk
2014-06-02 22:45 - 2014-06-02 22:45 - 00001031 _____ () C:\Documents and Settings\All Users\desktop\Pale Moon.lnk
2014-06-02 22:45 - 2014-06-02 22:45 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-06-02 22:45 - 2014-06-02 22:45 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-06-02 22:24 - 2012-08-17 22:02 - 000

Link to comment
Share on other sites

I can see a lot going on here but I can't say if any of it contributes to your blue screens. I can tell some files have been removed but some linger to a couple of applications that are generally removed by malware tools.

 

Take a look at a few notes.

 

Emsisoft Anti-Malware\a2service.exe

ZoneAlarm\vsmon.exe

Avast\AvastSvc.exe

Ad-Aware Antivirus

iSafe AntiVirus <--which malware removal tools delete from systems

iSafe AntiVirus is a rogue antivirus program from the same family as AntivirusTrigger and Astrum Antivirus.

This rogue is also promoted and installed via the Zlob Trojan. This Trojan masquerades as a video codec required to view a video online, but will instead install iSafe AntiVirus on to your computer.

 

***************

The script I have created will have the files related to iSafe included, if this is incorrect please let me know.

 

**********************

Sparktrust PCCleaner is not reliable.

http://www.shouldiremoveit.com/SparkTrust-PC-Cleaner-Plus-18757-program.aspx

https://answers.yahoo.com/question/index?qid=20130826213416AA5PMzG

 

**************

remove InstallX Search Protect for Yahoo it is considered malware

 

***************

We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.

If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.

Our colleague miekiemoes has an excellent writeup here

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

 

 

*******************

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1ED6FA27-D2CE-459F-ADEF-05864B1FCA29&q={searchTerms}&SSPV=

SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X]

S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X]

C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe

IObit Apps Toolbar v8.1 (HKLM\...\{5B26F17A-9272-4A26-9DF9-18157AFAC6CD}) (Version: 8.1 - Spigot, Inc.) <==== ATTENTION

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

**************

 

Please download a new version of AdwCleaner-by Xplode. If you already have this on your computer please delete the version you have and download the most current.

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
*******************

 

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

 

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

************

 

Please post

fixlist.txt

C:\AdwCleaner.txt

Malwarebytes Anti-Malware log

 

May need to make multiple post to ensure all logs are posted.

Link to comment
Share on other sites

Just a few questions on this you posted below I don't understand how I save this I cant find a file named frst64 on my computer?

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Link to comment
Share on other sites

Just a few questions on this you posted below I don't understand how I save this I cant find a file named frst64 on my computer?

I see what it is. frst64 = Farbar Recovery Scan Tool

 

I found when you originally downloaded it, it went to your downloads folder instead of your desktop.

Running from C:\Documents and Settings\Administrator\My Documents\Downloads

I think we're going to need to change this.

Please go to your downloads folder, Locate Farbar Recovery Scan Tool, right click and select delete.

 

Next, we'll download a updated copy and continue the fix. If you had used Firefox to download the tool we need to correct a setting to ensure it's loaded to desktop.

 

For the latest version of Firefox

Look at the top of the web page, click on the 3 bar icon tool.(Don't know what you really call it looks like 3 skinny lines)

At the top click on the General tab

scroll to the Downloads indicator, then check the box for "Save files to", here you can choose where to save. I use Desktop because it's the easiest to find things later.

 

 

For older versions:

Firefox

you press the orange Firefox button in the top left corner >> Options

Beneath where it shows homepage, click on save files to desktop.

 

After you find and delete Farbar Recovery Scan Tool

 

Please download Farbar Recovery Scan Tool

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

(use correct version for your system.....Which system am I using?)

 

Don't use it yet. For now we just need it on desktop.

 

The script I have created will have the files related to iSafe included, if this is incorrect please let me know.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

It needs to be saved Next to or drag it next to) the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow

 

*********

start

SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1ED6FA27-D2CE-459F-ADEF-05864B1FCA29&q={searchTerms}&SSPV=

SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X]

S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X]

C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe

IObit Apps Toolbar v8.1 (HKLM\...\{5B26F17A-9272-4A26-9DF9-18157AFAC6CD}) (Version: 8.1 - Spigot, Inc.) <==== ATTENTION

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

**************

 

Please download a new version of AdwCleaner-by Xplode. If you already have this on your computer please delete the version you have and download the most current.

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
*******************

 

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

 

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

************

 

Please post

fixlist.txt

C:\AdwCleaner.txt

Malwarebytes Anti-Malware log

 

May need to make multiple post to ensure all logs are posted.

Link to comment
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014 02
Ran by Administrator at 2014-06-14 08:15:11 Run:1
Running from C:\Documents and Settings\Administrator\desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X]
S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
IObit Apps Toolbar v8.1 (HKLM\...\{5B26F17A-9272-4A26-9DF9-18157AFAC6CD}) (Version: 8.1 - Spigot, Inc.) <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
end
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}' => Key deleted successfully.
'HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
'HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
iSafeKrnlKit => Service deleted successfully.
iSafeNetFilter => Service deleted successfully.
"C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":24721E3C" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

Link to comment
Share on other sites

# AdwCleaner v3.212 - Report created 14/06/2014 at 08:29:00
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - DEAN-426571A0EA
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : iSafeNetFilter

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\eCyber
Folder Deleted : C:\Documents and Settings\Administrator\My Documents\Updater
Folder Deleted : C:\Documents and Settings\ROBBY\My Documents\Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iSafe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Documents and Settings\ROBBY\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16898 octets] - [07/03/2014 14:57:17]
AdwCleaner[R1].txt - [16427 octets] - [07/03/2014 22:16:59]
AdwCleaner[R2].txt - [1538 octets] - [08/03/2014 09:36:07]
AdwCleaner[R3].txt - [2653 octets] - [09/03/2014 12:04:07]
AdwCleaner[R4].txt - [1669 octets] - [09/03/2014 12:09:46]
AdwCleaner[R5].txt - [2097 octets] - [23/03/2014 08:36:35]
AdwCleaner[R6].txt - [5459 octets] - [04/05/2014 00:24:40]
AdwCleaner[R7].txt - [2027 octets] - [08/05/2014 18:03:52]
AdwCleaner[R8].txt - [4481 octets] - [31/05/2014 16:25:24]
AdwCleaner[R9].txt - [2554 octets] - [14/06/2014 08:25:52]
AdwCleaner[s0].txt - [16781 octets] - [07/03/2014 22:18:21]
AdwCleaner[s1].txt - [1601 octets] - [08/03/2014 09:38:10]
AdwCleaner[s2].txt - [2303 octets] - [09/03/2014 12:06:15]
AdwCleaner[s3].txt - [1730 octets] - [09/03/2014 12:13:08]
AdwCleaner[s4].txt - [2109 octets] - [23/03/2014 08:38:27]
AdwCleaner[s5].txt - [5405 octets] - [04/05/2014 00:26:33]
AdwCleaner[s6].txt - [2088 octets] - [08/05/2014 18:07:19]
AdwCleaner[s7].txt - [4472 octets] - [31/05/2014 16:29:03]
AdwCleaner[s8].txt - [2493 octets] - [14/06/2014 08:29:00]

########## EOF - C:\AdwCleaner\AdwCleaner[s8].txt - [2553 octets] ##########

Link to comment
Share on other sites

This is the first scan before I made the changes in the mbam, I did the scan before I completely read all you had wrote.. sorry I am doing it again .

 

Also computer has rebooted 2 times without problems and so far no bluescreens Right now its to early to call here is the first scan without your ask setting I will post the other scan later let me know If I can do more.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/14/2014
Scan Time: 8:47:12 AM
Logfile: mb scan sat 14 2014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.14.02
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370878
Time Elapsed: 21 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Documents and Settings\Administrator\My Documents\Downloads\ac3filter_2_6_0b.exe, Quarantined, [88d25c1c2f4ced49bcd6ccbe8879b34d],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to comment
Share on other sites

This is the first scan before I made the changes in the mbam, I did the scan before I completely read all you had wrote.. sorry I am doing it again .

 

Also computer has rebooted 2 times without problems and so far no bluescreens Right now its to early to call here is the first scan without your ask setting I will post the other scan later let me know If I can do more.

No blue screens, thats awesome!

 

Did you allow MBAM to delete what it found?

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

 

Scan times vary but generally take an hour ow two.

 

~~~~~~~~~~~~~~~~~~~~`

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to comment
Share on other sites

Got a blue screen 2 times lastnight once when I ran Malwarebytes the other one was when I reset my usb wireless wifi device I am thinking some type of bug did something to files to do something with My wireless and the volume

 

Now if I click on my vol icon in the right corner a window pops up open file - security warning NAME sndvol 32.exe RUN OR Cancel... I click run and the volume ajustment shows up but it does not set up I CLICK the icon it does the same thing.

Link to comment
Share on other sites

By chance, you still have AVG on the computer?

Reason is, I looked back over logs and saw

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-05-12] (AVG Technologies)

Please make sure your running only 1 antivirus.

 

Might need to uninstall MalwareBytes for now, not sure if a recent program update has caused any issues. Later you can reinstall it.

 

 

Let's run another scan.

 

You still have the ComboFix icon on your desktop?

If so please right click on that and select delete.

 

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

     

     

     

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

     

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

     

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    ---------------------------------------------------------------------------------------------

  • If there are Internet issues after running ComboFix:

    Internet Explorer:

    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

    Firefox:

    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:

    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari

    Launch Safari

    Go to general settings menu

    Then in Preferences/ Advanced

    Then on line click Proxies change settings ...

    Click Internet Options, then click the Connections tab, click Network Settings.

    Disable option (uncheck) for the use of proxy server ...

     

~~~~~~~~~~~~~~~~~~`
Link to comment
Share on other sites

ComboFix 14-06-13.01 - Administrator 06/15/2014 18:27:29.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\All Users\Application Data\1401148350.bdinstall.bin
c:\documents and settings\All Users\Application Data\1401150572.bdinstall.bin
c:\documents and settings\All Users\Application Data\1401405226.bdinstall.bin
c:\documents and settings\All Users\Application Data\1401405235.bdinstall.bin
c:\documents and settings\All Users\Application Data\1401406377.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
C:\Thumbs.db
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
c:\windows\wnUninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-15 to 2014-06-15 )))))))))))))))))))))))))))))))
.
.
2014-06-14 12:44 . 2014-06-15 00:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-06-14 12:44 . 2014-05-12 11:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 12:44 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys
2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\athuw.sys
2014-06-09 04:32 . 2014-06-09 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-08 13:35 . 2014-06-08 13:35 -------- d-----w- c:\program files\NirSoft
2014-06-07 00:54 . 2014-06-07 00:54 -------- d-----w- c:\program files\Logitech
2014-06-06 18:23 . 2014-06-06 18:23 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-06 17:53 . 2014-06-06 18:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-06 17:53 . 2014-06-06 17:53 -------- d-----w- c:\program files\Java
2014-06-04 22:18 . 2014-06-09 00:41 -------- d-----w- c:\windows\system32\wbem\Repository
2014-06-04 22:11 . 2014-06-04 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA
2014-06-04 21:58 . 2014-06-04 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SparkTrust
2014-06-04 03:11 . 2014-06-04 03:11 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2014-06-04 01:38 . 2014-05-13 19:18 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-04 01:37 . 2014-06-15 02:02 1144544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-06-04 01:37 . 2014-06-15 02:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-06-04 01:37 . 2014-06-15 02:01 1144544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-06-03 22:32 . 2014-06-11 22:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-03 22:32 . 2014-06-11 22:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-03 00:24 . 2013-04-06 01:26 1679360 ----a-w- c:\windows\system32\ac3filter.acm
2014-06-03 00:24 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3Filter
2014-06-03 00:18 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3File
2014-06-03 00:12 . 2014-06-04 22:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-06-02 00:16 . 2014-06-04 21:58 -------- d-----w- c:\program files\SlimCleaner
2014-06-01 22:48 . 2014-06-04 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust
2014-06-01 13:20 . 2014-06-14 12:15 -------- d-----w- C:\FRST
2014-06-01 07:32 . 2014-06-01 20:33 19165360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-06-01 03:15 . 2014-05-20 09:07 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-31 21:19 . 2014-06-04 03:11 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-05-31 19:40 . 2014-05-31 19:40 -------- d-----w- c:\windows\ERUNT
2014-05-29 23:39 . 2014-05-29 23:39 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-29 23:39 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-29 23:39 . 2014-05-29 23:39 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-29 23:39 . 2014-04-25 17:21 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-29 23:39 . 2014-04-25 17:21 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-29 23:39 . 2014-04-25 17:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-29 23:39 . 2014-04-25 17:21 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-29 23:39 . 2014-04-25 17:21 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-27 01:04 . 2014-05-27 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2014-05-27 00:45 . 2014-05-27 00:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
2014-05-27 00:34 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-27 00:32 . 2014-05-27 00:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2014-05-26 18:58 . 2014-03-09 19:31 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2014-05-26 18:58 . 2014-03-09 19:31 145352 ----a-w- c:\windows\system32\nvcolor.exe
2014-05-26 18:58 . 2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-26 18:58 . 2014-03-09 19:31 54272 ----a-w- c:\windows\system32\nvwddi.dll
2014-05-23 00:24 . 2014-05-20 02:32 908744 ----a-w- c:\windows\system32\nvdispgenco32.dll
2014-05-23 00:24 . 2014-05-20 02:32 1056200 ----a-w- c:\windows\system32\nvdispco32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-07 00:43 . 2011-03-27 07:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-06-04 23:21 . 2003-03-31 11:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2014-05-12 16:14 . 2012-09-29 18:55 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-04-25 17:21 . 2014-05-29 23:39 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1401406783656
2014-04-25 17:21 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1401406783656
2014-04-25 17:21 . 2014-04-25 17:21 43152 ----a-w- c:\windows\avastSS.scr
2014-04-25 17:21 . 2014-03-02 17:23 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-15 00:56 . 2014-04-15 00:56 53248 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}\ARPPRODUCTICON.exe
2014-03-19 00:24 . 2008-02-29 07:13 28312 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2014-03-19 00:24 . 2010-08-24 17:31 53528 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2014-03-19 00:24 . 2008-02-29 07:13 37528 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2014-03-19 00:24 . 2008-02-29 07:13 43800 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2014-03-19 00:24 . 2011-03-27 07:00 10136 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-25 17:21 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-03-09 15714592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-01-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyPC Backup.lnk]
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Wireless Software Upgrade Assistant.lnk]
backup=c:\windows\pss\Verizon Wireless Software Upgrade Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\ROBBY\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^TimeLeft.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdAwareLauncher" --windows-run]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -k]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMF
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallX Search Protect for Yahoo
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Disk MD Registration Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder-Optimize3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder-PCMatic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWC.Win7
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp]
2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM]
2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 22:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-13 01:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ARO]
2010-01-20 18:51 2137600 ----a-w- c:\program files\Advanced Registry Optimizer\ARO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
2010-01-20 18:51 2137600 ----a-w- c:\program files\Advanced Registry Optimizer\ARO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsRunHelp]
2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJMyPrt]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]
2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNSLMAIN]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopWeather]
2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadManagerService]
2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleUpdate]
2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 23:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobsync]
2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMBgMonitor]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-04-30 18:28 2199840 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2014-03-09 19:31 15714592 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2014-03-09 20:35 2593056 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask]
2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-10-04 16:29 20145368 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servicerunner]
2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint]
2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2000-01-01 00:00 1833576 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-03-07 02:39 5625624 ----a-w- c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
2010-05-21 17:55 561263 ----a-w- c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCU]
2010-08-26 20:34 4509696 ----a-w- c:\program files\Ubiquiti\UCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector]
2003-04-01 15:33 53248 ----a-w- c:\usbstorage\USBDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZWNotiAgent]
2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherMate]
2012-11-17 04:00 749658 ----a-w- c:\program files\WeatherMate\WeatherMate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2013-06-13 18:15 1743648 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon]
2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xInsIDE]
2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xRaidSetup]
2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE"/auto
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VSO\\VSO Downloader\\3\\VsoDownloader.exe"=
"c:\\Program Files\\Lavasoft\\AdAware SecureSearch Toolbar\\dtUser.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [5/29/2014 7:39 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [5/29/2014 7:39 PM 180632]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [1/23/2013 4:22 PM 13560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/5/2014 7:24 PM 15808]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5/29/2014 7:39 PM 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5/29/2014 7:39 PM 411680]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/29/2012 2:55 PM 42784]
R1 Eve;EVE Protocol Driver;c:\windows\system32\drivers\eve.sys [5/17/2013 1:15 PM 33624]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASDIFSV.SYS [2/19/2011 1:41 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASKUTIL.SYS [2/19/2011 1:41 PM 67664]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [11/2/2013 8:28 PM 32768]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [5/31/2014 5:20 PM 3045688]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/29/2014 7:39 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/29/2014 7:39 PM 67824]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [3/27/2011 3:00 AM 10136]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/26/2011 1:35 AM 19072]
R2 SVNDISUIO;SV NDIS User I/O Protocol Driver;c:\windows\system32\drivers\SVNDISUIO.sys [9/2/2013 1:29 AM 40576]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/15/2013 6:38 AM 50704]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/19/2011 11:27 AM 57440]
S2 jswpbapi;JumpStart Push-Button Service;c:\program files\TP-LINK\QSS\jswpbapi.exe [2/19/2011 11:27 AM 188416]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [11/4/2013 11:30 PM 2175264]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [5/15/2014 8:21 PM 1617696]
S3 !SASCORE;SAS Core Service;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASCORE.EXE [2/19/2011 1:41 PM 116608]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [5/31/2014 5:20 PM 73728]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/23/2013 8:12 PM 1691480]
S3 AmDriver;AmDriver;c:\windows\system32\AmDriver.sys [9/2/2013 1:29 AM 8704]
S3 Amtrans;AirMagnet Analyzer Protocol;c:\windows\system32\drivers\Amtrans.sys [9/2/2013 1:29 AM 61017]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys --> c:\windows\system32\DRIVERS\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys --> c:\windows\system32\DRIVERS\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys --> c:\windows\system32\DRIVERS\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys --> c:\windows\system32\DRIVERS\lgandmodem.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps.sys --> c:\windows\system32\DRIVERS\lgandnetgps.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [6/9/2014 9:39 PM 1763584]
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 cpuz137;cpuz137;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [?]
S3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [5/19/2006 11:22 AM 15328]
S3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [5/19/2006 11:22 AM 13440]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 1:01 PM 19984]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\drivers\iSafeKrnlBoot.sys [5/31/2014 11:15 PM 38912]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\QSS\jswpsapi.exe [2/19/2011 11:27 AM 360529]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/18/2013 4:39 PM 762192]
S3 ndiskhaz;Azzouzi HotSpot Service;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?]
S3 ndiskhazMP;ndiskhazMP;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [6/3/2004 1:28 PM 22131]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/22/2012 8:30 PM 47360]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 4:19 PM 39056]
S3 SDScannerService;Spybot-S&D 2 Scanner Service; [x]
S3 SDUpdateService;Spybot-S&D 2 Updating Service; [x]
S3 SDWSCService;Spybot-S&D 2 Security Center Service; [x]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [1/19/2013 9:50 PM 567256]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [4/27/2014 9:57 AM 20664]
S3 xVTNameService;xVTNameService;c:\program files\AirMagnet Inc\AirMedic\xVTNameService.exe [9/2/2013 1:29 AM 24456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 07:15 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-03 22:03]
.
2014-06-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25 17:21]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28]
.
2014-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job
- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43]
.
2014-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job
- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43]
.
2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-09 01:59]
.
2014-06-15 c:\windows\Tasks\Opera scheduled Autoupdate 1385937182.job
- c:\program files\Opera\launcher.exe [2013-12-01 10:18]
.
2014-06-15 c:\windows\Tasks\PC Performer Manager.job
- c:\windows\system32\sc.exe [2006-02-28 10:39]
.
2014-04-05 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 20:19]
.
2014-06-09 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2014-06-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-15 c:\windows\Tasks\SBWUpdateTask_Time_4897187a-74EA3A945BD0.job
- c:\program files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08 07:18]
.
2014-06-15 c:\windows\Tasks\SBW_UpdateTask_Time_333533383036373032322d3755556c415a505757414a34.job
- c:\windows\system32\wscript.exe [2006-02-28 11:24]
.
2014-06-15 c:\windows\Tasks\SmartDefrag3_Update.job
- c:\program files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-01-29 22:16]
.
2014-06-15 c:\windows\Tasks\User_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\documents and settings\Administrator\Desktop\SASSEH.DLL
MSConfigStartUp-CLMLServer - c:\program files\Cyberlink\Power2Go\CLMLSvc.exe
MSConfigStartUp-CLMLSvc - c:\program files\Cyberlink\Power2Go\CLMLSvc.exe
MSConfigStartUp-Device Doctor Pro - c:\program files\Device Doctor Pro\DDProLauncher.exe
MSConfigStartUp-Download Nitro - c:\program files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
MSConfigStartUp-PCSuite - c:\program files\SAMSUNG\Samsung PC Studio 7\PCSuite.exe
MSConfigStartUp-Power2GoExpress - c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
MSConfigStartUp-S60 PC Suite Tray - c:\program files\SAMSUNG\Samsung PC Studio 7\PCSuite.exe
MSConfigStartUp-SDCleaner - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSConfigStartUp-SpyHunter4 - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-15 18:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4d4efc27-38da-4e82-8645-5850461e20fe}]
@Denied: (Full) (Everyone)
"Model"=dword:00000035
"Therad"=dword:0000001d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9d,6c,1f,be,70,aa,11,bc,05,28,b3,b6,e5,d3,8f,68,ae,a6,21,8e,6f,
d2,b2,f1,cb,c0,4f,53,74,d3,83,56,fd,02,2f,a7,b8,c5,17,af,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2014-06-15 18:48:49
ComboFix-quarantined-files.txt 2014-06-15 22:48
.
Pre-Run: 110,334,361,600 bytes free
Post-Run: 110,302,572,544 bytes free
.
- - End Of File - - 991C2BC4B6CF4B33801ABBEA825901EE
8F558EB6672622401DA993E1E865C861

Link to comment
Share on other sites

You have used the following on your Pc

Sparktrust <--unreliable program

MyPC Backup

Advanced System Optimizer <--Advanced Registry Optimizer: Registry cleaners are useless. Its a myth that they will improve, speed up or enhance a computer preformance.

 

IObit

The company behind this product was found to be stealing Malwarebytes database.

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed we can help you remove it.IOBit Steals Malwarebytes' Intellectual Property (http://www.malwarebytes.org/forums/index.php?showtopic=29681)IOBit's Denial of Theft Unconvincing (http://www.malwarebytes.org/forums/index.php?showtopic=30989)IOBit Theft Conclusion (http://www.malwarebytes.org/forums/index.php?showtopic=33217)IObit: Trusting Your Antivirus Vendor (http://antivirus.about.com/od/antivirussoftwarereviews/a/iobittrustingantivirus.htm)Malwarebytes: IObit Stole Our Signatures Database (http://news.softpedia.com/news/Malwarebytes-IObit-Stole-Our-Signatures-Database-125928.shtml)IObit accused of stealing from Malwarebytes (http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes)

 

If you need help removing any of these let me know.

 

 

********************

Let's see if we can try to fix the sound problem.

Computer>Control Panel>Hardware and Sound>Device Manager>Network Adapters>Right click[Your wireless adapter]>Update Driver Software...> Search online for updates.

 

Often updating drivers will help, usually Video, Sound, Network Card (NIC), WiFi, 3rd party

keyboard and mouse, as well as other major device drivers.

 

Manually look at manufacturer's sites for drivers - and Device Maker's sites.

http://pcsupport.about.com/od/driverssupport/ht/driverdlmfgr.htm

 

Alternatively, pop in your XP CD, open a Command Prompt from the Start>Run box and run the command sfc /scannow (including the space) to let the System File Checker replace any missing files with fresh ones expanded from the CD.

 

One more scan.

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Link to comment
Share on other sites

Sound problem.has been fixed it started back working after I rebooted Saturday, Also the drivers are all updated I try to keep everything updated as best I can that was the first thing I did was to check my devices for updates. On the Sparktrust I Could not find that anywhere on my computer and MyPC Backup coud not find that also All the rest you mentioned I found and delete all parts of them

On avg I am not running that. I did have it back a few months ago,

But I did delete the left overs of that today also.The problems I still have is the blue screens, now and then and the freeze up during some reboots .Just to let you know when I come here for help it's going to be hard to find the problem because I worked days on trying to figure out what is causing the problems and I got stumped on this one... But so far over the years the pit-stop is so far been 100% on fixing my problems.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Mon 06/16/2014 at 18:07:17.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Link to comment
Share on other sites

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

Folder::

c:\documents and settings\Administrator\Application Data\SparkTrust

c:\documents and settings\All Users\Application Data\SparkTrust

Registry::

[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyPC Backup.lnk]

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

Chrome:

Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

 

Post this log please.

 

I don't know if we'll find the reason it freezes or not but it's my goal to see that it's not malware related.

 

After the above script let me know what issues remain.

Link to comment
Share on other sites

ComboFix 14-06-13.01 - Administrator 06/17/2014 20:44:51.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2014-05-18 to 2014-06-18 )))))))))))))))))))))))))))))))
.
.
2014-06-14 12:44 . 2014-06-15 00:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-06-14 12:44 . 2014-05-12 11:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 12:44 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys
2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\athuw.sys
2014-06-09 04:32 . 2014-06-09 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-08 13:35 . 2014-06-08 13:35 -------- d-----w- c:\program files\NirSoft
2014-06-07 00:54 . 2014-06-07 00:54 -------- d-----w- c:\program files\Logitech
2014-06-06 18:23 . 2014-06-06 18:23 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-06 17:53 . 2014-06-06 18:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-06 17:53 . 2014-06-06 17:53 -------- d-----w- c:\program files\Java
2014-06-04 22:18 . 2014-06-09 00:41 -------- d-----w- c:\windows\system32\wbem\Repository
2014-06-04 22:11 . 2014-06-04 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA
2014-06-04 03:11 . 2014-06-04 03:11 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2014-06-04 01:38 . 2014-05-13 19:18 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-04 01:37 . 2014-06-15 02:02 1144544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-06-04 01:37 . 2014-06-15 02:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-06-04 01:37 . 2014-06-15 02:01 1144544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-06-03 22:32 . 2014-06-11 22:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-03 22:32 . 2014-06-11 22:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-03 00:24 . 2013-04-06 01:26 1679360 ----a-w- c:\windows\system32\ac3filter.acm
2014-06-03 00:24 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3Filter
2014-06-03 00:18 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3File
2014-06-03 00:12 . 2014-06-04 22:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-06-02 00:16 . 2014-06-04 21:58 -------- d-----w- c:\program files\SlimCleaner
2014-06-01 13:20 . 2014-06-14 12:15 -------- d-----w- C:\FRST
2014-06-01 07:32 . 2014-06-01 20:33 19165360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-06-01 03:15 . 2014-05-20 09:07 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-31 21:19 . 2014-06-04 03:11 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-05-31 19:40 . 2014-05-31 19:40 -------- d-----w- c:\windows\ERUNT
2014-05-29 23:39 . 2014-05-29 23:39 777488 ----a-w- &n

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...