Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Signs of ZeroAccess Infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 eewiz

eewiz

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 12 April 2015 - 06:18 PM

I have been getting Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA on my XP x64 box for about six months now.

The frequency of crashes is about once per week.

The box has been alive for about two years and was rock stable for the first 18 months.

 

It has been suggested that I past the FRST log and attach the FRST Addition log.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by eewiz (administrator) on MUFF on 12-04-2015 15:27:36
Running from C:\Documents and Settings\eewiz\Desktop
Loaded Profiles: eewiz (Available profiles: eewiz & Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> RAIDXpertService.exe
Failed to access process -> RAIDXpert.exe
Failed to access process -> svchost.exe
Failed to access process -> jqs.exe
Failed to access process -> mdm.exe
Failed to access process -> SDFSSvc.exe
Failed to access process -> SDUpdSvc.exe
Failed to access process -> ServiioService.exe
Failed to access process -> ServiioService.exe
Failed to access process -> ToolTipFixer.exe
Failed to access process -> wdfmgr.exe
Failed to access process -> WHSConnector.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> alg.exe
Failed to access process -> explorer.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> WinMsgBalloonServer.exe
Failed to access process -> rundll32.exe
Failed to access process -> WinMsgBalloonClient.exe
Failed to access process -> networx.exe
Failed to access process -> Ghrone.exe
Failed to access process -> DesktopOK_x64.exe
Failed to access process -> ch64.exe
Failed to access process -> mouse_od.exe
Failed to access process -> TrueCrypt.exe
Failed to access process -> WiFiGuard.exe
Failed to access process -> KeePass.exe
Failed to access process -> ctfmon.exe
Failed to access process -> ctfmon.exe
Failed to access process -> Core Temp.exe
Failed to access process -> StartMenuX.exe
Failed to access process -> glint.exe
Failed to access process -> DAODx.exe
Failed to access process -> Neko95.exe
Failed to access process -> UnlockerAssistant.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> purevpn.exe
Failed to access process -> AvastUI.exe
Failed to access process -> SDTray.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> WHSTrayApp.exe
Failed to access process -> ServiioConsole.exe
Failed to access process -> EMET_Agent.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WPFFontCache_v0400.exe
Failed to access process -> firefox.exe
Failed to access process -> notepad.exe
Failed to access process -> notepad.exe
Failed to access process -> FRST64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20117648 2012-10-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-11-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-11-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-11-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6552272 2014-05-23] (SoftPerfect Research)
HKLM-x32\...\Run: [RunDAOD] => C:\WINDOWS\DAODx.exe [32768 2009-03-29] ()
HKLM-x32\...\Run: [UnlockerAssistant] => C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [15360 2006-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695416 2009-06-11] (brother)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5512912 2015-03-30] (Avast Software s.r.o.)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\WINDOWS\SysWOW64\xRaidSetup.exe [1976944 2010-01-18] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [81416 2014-04-29] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime7\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit, [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [Ghrone] => C:\Program Files (x86)\Ghrone\Ghrone.exe [385024 2002-02-19] (Garoosoft - http://software.garoo.net/)
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [DesktopOK] => C:\Program Files (x86)\DesktopOK\DesktopOK_x64.exe [349184 2011-12-08] (Nenad Hrg SoftwareOK)
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [Copy Handler] => C:\Program Files\Copy Handler\ch64.exe [756736 2010-03-07] ( )
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [MouseOdometer] => C:\Program Files (x86)\Odometer16F\mouse_od.exe [247824 2007-09-06] ()
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-02-04] (TrueCrypt Foundation)
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [WiFi Guard] => C:\Program Files\WiFiGuard\WiFiGuard.exe [3869392 2014-05-26] (SoftPerfect Research)
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [20992 2006-03-29] (Microsoft Corporation)
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [PCMeter] => C:\Program Files\PCMeter\PCMeterV0.4.exe
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [Core Temp] => C:\Program Files\CoreTemp\Core Temp.exe [890016 2013-10-08] ()
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\...\Run: [StartMenuX50] => C:\Program Files\Start Menu X\StartMenuX.exe [7690048 2014-06-02] (OrdinarySoft)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\glint.lnk
ShortcutTarget: glint.lnk -> C:\Program Files (x86)\Glint\glint.exe (Alexander Vechersky)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NekoTheCat.lnk
ShortcutTarget: NekoTheCat.lnk -> C:\Program Files (x86)\NekoTheCat95\Neko95.exe (DHSoft)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PureVPN.lnk
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
ShortcutTarget: Windows Home Server.lnk -> C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\eewiz\Start Menu\Programs\Startup\PureVPN.lnk
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
Startup: C:\Documents and Settings\eewiz\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc169
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc169&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc169&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc169
HKU\S-1-5-21-3507806485-1088486640-3718273695-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc169
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc169&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3507806485-1088486640-3718273695-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-3507806485-1088486640-3718273695-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-30] (Avast Software s.r.o.)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-30] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-16] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
DPF: HKLM {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/distribution/alternatiff-ax-w64-2.0.4.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2014-06-02] (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-06-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll [2014-06-02] (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll [2014-06-02] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2014-06-02] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-06-02] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-06-02] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll [2014-06-02] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2012-06-08] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll [2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [234496] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [493056] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D1F85FEC-9743-49C7-B999-66804230D6E1}: [NameServer] 8.8.8.8,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF NetworkProxy: "autoconfig_url", "http://clientconfig.immunicity.org/pacs/all.pac"
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "97.77.104.22"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "97.77.104.22"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "97.77.104.22"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "97.77.104.22"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-16] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-29] (Adobe Systems, Inc.)
FF Plugin-x32: @alternatiff.com/AlternaTIFF -> C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll [2012-04-30] (Medical Informatics Engineering, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> C:\Program Files (x86)\GPAC_MP4Box\nposmozilla.dll [2012-05-25] ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [2014-07-16] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3507806485-1088486640-3718273695-1002: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\eewiz\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-04-25] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-25] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\100-search-engines.xml [2010-09-15]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\astalavista.xml [2015-04-11]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\dailymotion.xml [2015-03-09]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\dictionarycom.xml [2013-12-06]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\FireSearch.xml [2008-06-21]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\google-avast.xml [2015-01-19]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\google-images.xml [2015-01-08]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\hulu.xml [2015-03-06]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\imdb.xml [2014-12-11]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\kickasstorrents.xml [2012-07-23]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\leo-de-en.xml [2013-12-06]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\limetorrentscom-search.xml [2014-04-28]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\mininova.xml [2013-12-06]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\mycroft-project.xml [2013-03-02]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\pdf-search.xml [2010-09-22]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\rarbgcom-torrents.xml [2014-04-28]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\referencecom---encyclopedia.xml [2008-06-21]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\scroogle.xml [2012-03-03]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\secure-torrentz-search.xml [2014-04-28]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\seedpeer-torrent-search.xml [2014-04-28]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\the-pirate-bay-https.xml [2012-06-15]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\thesauruscom.xml [2013-12-06]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\torlock.xml [2014-04-28]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\torrentfunk.xml [2014-04-28]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\torrentz.xml [2012-12-02]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\urban-dictionary.xml [2013-12-06]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\wr-english-french.xml [2008-06-21]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\wr-english-spanish.xml [2008-06-21]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\wr-english.xml [2008-06-21]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\youtube.xml [2014-12-11]
FF SearchPlugin: C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\searchplugins\yzoo.xml [2013-06-07]
FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\artur.dubovoy@gmail.com [2014-07-14]
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\https-everywhere@eff.org [2015-04-08]
FF Extension: Hola Better Internet - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-04-06]
FF Extension: EPUBReader - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-03-18]
FF Extension: Disconnect - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\2.0@disconnect.me.xpi [2014-06-22]
FF Extension: Bookmark Favicon Changer - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2014-06-22]
FF Extension: Copy Pure Text - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\copy-pure-text@kashiif-gmail.com.xpi [2013-09-18]
FF Extension: Copy Urls Expert - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2013-09-18]
FF Extension: Hide My Ass Proxy Extension - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\extension@hidemyass.com.xpi [2014-07-31]
FF Extension: MEGA - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\firefox@mega.co.nz.xpi [2014-10-17]
FF Extension: PassIFox - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\passifox@hanhuy.com.xpi [2014-06-14]
FF Extension: Status-4-Evar - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\status4evar@caligonstudios.com.xpi [2014-05-09]
FF Extension: Tab Utilities - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\tabutils@ithinc.cn.xpi [2014-05-13]
FF Extension: Thumbnail Zoom Plus - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-09-18]
FF Extension: Youtube and more - Easy Video Downloader - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\vdpure@link64.xpi [2013-09-18]
FF Extension: Video WithOut Flash - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\vwof@drev.com.xpi [2014-08-28]
FF Extension: Weather Watcher Live - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\weatherwatcherlive@singerscreations.com.xpi [2014-05-09]
FF Extension: Bluhell Firewall - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-07-30]
FF Extension: IE View - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2012-03-03]
FF Extension: {736f3106-2281-4e77-9a62-3ca3968ce548} - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\{736f3106-2281-4e77-9a62-3ca3968ce548}.xpi [2013-11-08]
FF Extension: Tamper Data - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-05-31]
FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-09-18]
FF Extension: Text-to-Image - C:\Documents and Settings\eewiz\Application Data\Mozilla\Firefox\Profiles\aiezpaqb.default\Extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi [2013-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-23]

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=odc169
CHR StartupUrls: Default -> "https://www.yahoo.com?fr=hp-avast&type=odc169"
CHR Profile: C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-14]
CHR Extension: (Google Drive) - C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-14]
CHR Extension: (YouTube) - C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-14]
CHR Extension: (Google Search) - C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-14]
CHR Extension: (Gmail) - C:\Documents and Settings\eewiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2006-03-29] (Microsoft Corporation)
R2 Alerter; C:\Windows\system32\alrsvc.dll [29696 2006-03-29] (Microsoft Corporation)
R3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2006-03-29] (Microsoft Corporation)
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2006-03-29] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-30] (Avast Software s.r.o.)
R2 Browser; C:\Windows\SysWOW64\browser.dll [78336 2012-06-29] (Microsoft Corporation)
S4 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1379664 2011-02-02] (Flexera Software, Inc.)
S3 CallerIP; C:\Program Files (x86)\CallerIP\cip-nt.exe [25673 2009-07-23] () [File not signed]
S4 CiSvc; C:\Windows\SysWOW64\cisvc.exe [6656 2006-03-29] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2006-03-29] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2006-03-29] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-16] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-16] (Microsoft Corporation)
R2 Dnscache; C:\Windows\SysWOW64\dnsrslvr.dll [45568 2011-03-03] (Microsoft Corporation)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2006-03-29] (Microsoft Corporation)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-18] (Ellora Assets Corp.) [File not signed]
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-16] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2006-03-29] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\SysWOW64\w3ssl.dll [15360 2006-03-29] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2006-03-29] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-16] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2014-07-16] (Oracle Corporation)
R2 LmHosts; C:\Windows\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-16] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2006-03-29] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-16] (Microsoft Corporation)
S3 NetDDE; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-16] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [493056 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWOW64\mswsock.dll [234496 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2006-03-29] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-16] (Microsoft Corporation)
S4 NVSvc; C:\Windows\system32\nvsvc64.exe [160256 2008-05-16] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2014-06-05] (The OpenVPN Project)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2006-03-29] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-16] (Microsoft Corporation)
R2 RemoteRegistry; C:\Windows\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 RpcLocator; C:\Windows\SysWOW64\locator.exe [71680 2006-03-29] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-16] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-16] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
S4 stisvc; C:\Windows\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-16] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-16] (Microsoft Corporation)
R2 ToolTipFixer; C:\Program Files (x86)\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [61952 2008-10-14] (NeoSmart Technologies) [File not signed]
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S2 TrueCryptSystemFavorites; C:\WINDOWS\SysWOW64\TrueCrypt.exe [1516496 2014-02-04] (TrueCrypt Foundation)
R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2006-03-29] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2006-03-29] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2006-03-29] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2006-03-29] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2008-05-09] (Microsoft Corporation)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [36352 2007-02-16] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINDOWS\SysWOW64\MsPMSNSv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1066496 2013-04-22] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [620032 2013-04-22] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2006-03-29] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-16] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-16] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S4 Crypkey License; crypserv.exe [X]
R2 Eventlog;  [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; No ImagePath
R0 ACPIEC; C:\Windows\System32\DRIVERS\ACPIEC.sys [18432 2006-03-29] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S3 altio; C:\PROGRAM FILES (X86)\ALTIUM2004\System\altio.sys [3328 2003-11-24] (Altium Limited) [File not signed]
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-17] (Creative)
S4 AmdIde; No ImagePath
R1 AmdPPM64; C:\Windows\System32\DRIVERS\AmdPPM64.sys [44544 2007-04-16] (Advanced Micro Devices)
S4 arc; No ImagePath
R3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-30] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-03-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-30] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-30] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-03-30] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-30] ()
S4 Atdisk; No ImagePath
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-16] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [24576 2007-02-16] (Microsoft Corporation)
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
R1 CSN5PDTS82x64; C:\Windows\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Colasoft Co., Ltd.)
S3 DHEAPDMP; C:\WINDOWS\system32\drivers\DHEAPDMP.SYS [20200 2006-03-29] (Microsoft Corporation)
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-16] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-16] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2006-03-29] (Microsoft Corporation)
S4 dpti2o; No ImagePath
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-16] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-09-01] (Microsoft Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-08] (GFI Software)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-16] (Microsoft Corporation)
S3 GVTDrv64; C:\WINDOWS\GVTDrv64.sys [30528 2011-05-23] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2006-03-29] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [8098448 2012-10-30] (Realtek Semiconductor Corp.)
S4 IntelIde; No ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-16] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-16] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-11] (Malwarebytes Corporation)
S3 MCHPUSB; C:\Windows\System32\DRIVERS\mchpusb64.sys [64512 2008-05-12] (Microchip Technology, Inc.)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2006-03-29] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-17] (Creative Technology Ltd.)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [23040 2005-03-24] (Microsoft Corporation)
S4 mraid35x; No ImagePath
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [103680 2007-02-16] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [17408 2005-03-24] (Microsoft Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [59384 2014-05-09] (NetFilterSDK.com)
R3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [71168 2007-02-16] (Microsoft Corporation)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [8688640 2008-05-16] (NVIDIA Corporation)
R2 nxsIO32; C:\WINDOWS\SysWOW64\DRIVERS\nxsIO64.sys [1504 2014-12-04] () [File not signed]
R3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [81280 2014-05-12] (VSO Software) [File not signed]
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-16] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2006-03-29] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2006-03-29] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [238096 2012-05-21] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-12-29] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [399464 2011-12-07] (Realtek Semiconductor Corporation                           )
S3 RTLTEAMING; C:\Windows\System32\DRIVERS\RTLTEAMING.SYS [30720 2009-10-11] (Realtek Semiconductor Corporation) [File not signed]
S3 RTLVLAN; C:\Windows\System32\DRIVERS\RTLVLAN.SYS [23040 2009-02-16] (Realtek Semiconductor Corporation                           ) [File not signed]
S3 RTLVLANMP; C:\Windows\System32\DRIVERS\RTLVLAN.SYS [23040 2009-02-16] (Realtek Semiconductor Corporation                           ) [File not signed]
R2 RtNdPt5x; C:\Windows\System32\DRIVERS\RtNdPt5x.sys [30720 2008-07-08] (Realtek Semiconductor Corporation                           )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-16] (Microsoft Corporation)
S4 Simbad; No ImagePath
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [19968 2005-03-24] (Microsoft Corporation)
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-16] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [761592 2013-03-18] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2006-03-29] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [24576 2005-03-24] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-16] (Microsoft Corporation)
S4 TosIde; No ImagePath
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-09] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-09] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-09] ()
S4 ultra; No ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-29] (Microsoft Corporation)
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-16] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [24192 2007-02-16] (Microsoft Corporation)
R3 ALSysIO; \??\C:\DOCUME~1\eewiz\LOCALS~1\Temp\ALSysIO64.sys [X]
S4 CdaC15BA; system32\DRIVERS\CdaC15BA.sys [X]
S4 CdaD10BA; system32\DRIVERS\CdaD10BA.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 15:26 - 2015-04-12 15:26 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\FRST-OlderVersion
2015-04-12 13:13 - 2015-04-12 13:13 - 00001062 ____C () C:\Documents and Settings\eewiz\Desktop\Phantom_CCS_ay9i55pq.reg
2015-04-12 13:12 - 2015-04-12 13:12 - 00002596 ____C () C:\Documents and Settings\eewiz\Desktop\Phantom_CS003_PNPA000.reg
2015-04-12 13:11 - 2015-04-12 13:11 - 00001030 ____C () C:\Documents and Settings\eewiz\Desktop\Phantom_CS001_ay9i55pq.reg
2015-04-12 13:10 - 2015-04-12 13:10 - 00003844 ____C () C:\Documents and Settings\eewiz\Desktop\Phantom_CS001_PNPA000.reg
2015-04-12 13:05 - 2015-04-12 14:51 - 00002316 ____C () C:\Documents and Settings\eewiz\Desktop\Phantom_SCSI.reg
2015-04-12 13:03 - 2015-04-12 13:03 - 00002220 ____C () C:\Documents and Settings\eewiz\Desktop\Phantom_SCSI_Port_2.reg
2015-04-12 01:29 - 2015-04-12 01:29 - 00286720 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2015-04-12 01:29 - 2015-04-12 01:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2015-04-12 00:34 - 2015-04-12 00:35 - 00000000 ___DC () C:\Windows Home Server Drivers for Restore
2015-04-11 22:46 - 2015-04-11 22:46 - 00009346 ____C () C:\Documents and Settings\eewiz\Desktop\ESET_Results.txt
2015-04-11 20:27 - 2015-04-11 20:30 - 00043455 ____C () C:\Documents and Settings\eewiz\Desktop\MiniToolBox Result.txt
2015-04-11 20:21 - 2015-04-11 20:21 - 00000000 ___DC () C:\Documents and Settings\eewiz\Start Menu\Programs\Notepad++
2015-04-11 20:21 - 2015-04-11 20:21 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
2015-04-11 20:20 - 2015-04-11 20:24 - 00001322 ____C () C:\Documents and Settings\eewiz\Desktop\checkup.txt
2015-04-11 17:47 - 2015-04-11 17:47 - 00402944 ____C (Farbar) C:\Documents and Settings\eewiz\Desktop\MiniToolBox.exe
2015-04-11 17:45 - 2015-04-11 17:45 - 00852616 ____C () C:\Documents and Settings\eewiz\Desktop\SecurityCheck.exe
2015-04-10 22:07 - 2015-04-10 22:07 - 01201085 ____C () C:\Documents and Settings\eewiz\Desktop\Shortcut.txt
2015-04-10 21:35 - 2015-04-10 22:09 - 00078008 ____C () C:\Documents and Settings\eewiz\Desktop\Addition.txt
2015-04-10 21:34 - 2015-04-12 15:27 - 00053780 ____C () C:\Documents and Settings\eewiz\Desktop\FRST.txt
2015-04-10 21:34 - 2015-04-12 15:27 - 00000000 ___DC () C:\FRST
2015-04-10 21:33 - 2015-04-12 15:26 - 02096640 ____C (Farbar) C:\Documents and Settings\eewiz\Desktop\FRST64.exe
2015-04-09 13:00 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\SET121F.tmp
2015-04-09 12:29 - 2005-03-24 17:14 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\SETB8B.tmp
2015-04-09 12:28 - 2005-03-24 17:14 - 00006656 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\SETB35.tmp
2015-04-09 12:18 - 2005-03-24 17:35 - 00214272 ____C (Microsoft) C:\Windows\System32\dllcache\yk51x64.sys
2015-04-09 12:17 - 2006-03-29 05:00 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wwshirda.dll
2015-04-09 12:17 - 2005-03-24 17:35 - 00232448 ____C (Eicon Networks) C:\Windows\System32\dllcache\xlog.exe
2015-04-09 12:17 - 2005-03-24 17:35 - 00055808 ____C (S2io Inc.) C:\Windows\System32\dllcache\xenamd64.sys
2015-04-09 12:17 - 2005-03-24 17:35 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wshirda.dll
2015-04-09 12:15 - 2007-02-17 01:02 - 00119552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wceusbsh.sys
2015-04-09 12:15 - 2007-02-17 01:02 - 00080896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wiamsmud.dll
2015-04-09 12:15 - 2005-03-24 17:34 - 00128000 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wiafbdrv.dll
2015-04-09 12:15 - 2005-03-24 17:34 - 00114816 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\wetn5b64.sys
2015-04-09 12:15 - 2005-03-24 17:34 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wd.sys
2015-04-09 12:14 - 2007-02-17 01:00 - 00061440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\uliagpkx.sys
2015-04-09 12:14 - 2007-02-17 01:00 - 00042496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbccid.sys
2015-04-09 12:14 - 2007-02-17 01:00 - 00029696 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbprint.sys
2015-04-09 12:14 - 2005-03-24 17:34 - 00038912 ____C (Promise Technology, Inc.) C:\Windows\System32\dllcache\ultra.sys
2015-04-09 12:14 - 2005-03-24 17:34 - 00036608 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\viairda.sys
2015-04-09 12:14 - 2005-03-24 17:34 - 00034432 ____C (ULi Electronics Inc.) C:\Windows\System32\dllcache\uli5261.sys
2015-04-09 12:14 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\viaide.sys
2015-04-09 12:13 - 2007-02-17 01:00 - 00058880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\uagp35.sys
2015-04-09 12:13 - 2005-03-24 17:34 - 00084992 ____C (LSI Logic) C:\Windows\System32\dllcache\symmpi.sys
2015-04-09 12:13 - 2005-03-24 17:34 - 00041984 ____C (LSI Logic) C:\Windows\System32\dllcache\symc8xx.sys
2015-04-09 12:13 - 2005-03-24 17:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\tandqic.sys
2015-04-09 12:13 - 2005-03-24 17:34 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\toside.sys
2015-04-09 12:13 - 2005-03-24 17:25 - 00039936 ____C (LSI Logic) C:\Windows\System32\dllcache\sym_u3.sys
2015-04-09 12:13 - 2005-03-24 17:25 - 00037376 ____C (LSI Logic) C:\Windows\System32\dllcache\sym_hi.sys
2015-04-09 12:12 - 2007-02-17 00:55 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\smb0w.dll
2015-04-09 12:12 - 2007-02-17 00:55 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sonyait.sys
2015-04-09 12:12 - 2005-03-24 17:25 - 00028160 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\stcusb.sys
2015-04-09 12:12 - 2005-03-24 17:24 - 00068608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\smb3w.dll
2015-04-09 12:12 - 2005-03-24 17:24 - 00046080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sm91w.dll
2015-04-09 12:12 - 2005-03-24 17:24 - 00043008 ____C (SiS Corporation) C:\Windows\System32\dllcache\sisnic.sys
2015-04-09 12:12 - 2005-03-24 17:24 - 00017920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sonymc.sys
2015-04-09 12:12 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\snyaitmc.sys
2015-04-09 12:11 - 2007-02-17 00:54 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scsiscan.sys
2015-04-09 12:11 - 2007-02-17 00:53 - 00073728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sbp2port.sys
2015-04-09 12:11 - 2007-02-17 00:53 - 00040576 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\sccmusbm.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00059904 ____C (Realtek Semiconductor Corporation) C:\Windows\System32\dllcache\rtl39a64.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00044032 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\sccmn50m.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00037888 ____C (Realtek Semiconductor Corporation ) C:\Windows\System32\dllcache\rtl69a64.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00032256 ____C (SCM Microsystems) C:\Windows\System32\dllcache\scr111.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00031232 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scmstcs.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00030720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\sermouse.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00019968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\scsiprnt.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\seaddsmc.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\serscan.sys
2015-04-09 12:11 - 2005-03-24 17:24 - 00010240 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\rsmgrstr.dll
2015-04-09 12:10 - 2007-02-17 00:51 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rndismpx.sys
2015-04-09 12:10 - 2007-02-17 00:51 - 00033792 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rasirda.sys
2015-04-09 12:10 - 2007-02-17 00:51 - 00032256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys
2015-04-09 12:10 - 2007-02-17 00:50 - 00271872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ptpusd.dll
2015-04-09 12:10 - 2007-02-17 00:50 - 00025344 ____C (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\pscr.sys
2015-04-09 12:10 - 2007-02-17 00:50 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\qic157.sys
2015-04-09 12:10 - 2005-03-24 17:24 - 00094208 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rfcomm.sys
2015-04-09 12:09 - 2007-02-17 00:44 - 00944640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2psvc.dll
2015-04-09 12:09 - 2007-02-17 00:44 - 00505856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pgraph.dll
2015-04-09 12:09 - 2007-02-17 00:44 - 00161024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\phildec.sys
2015-04-09 12:09 - 2007-02-17 00:44 - 00015872 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\powerfil.sys
2015-04-09 12:09 - 2007-02-17 00:41 - 00124416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nv_agp.sys
2015-04-09 12:09 - 2006-03-29 05:00 - 00302080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wp2pgraph.dll
2015-04-09 12:09 - 2006-03-29 05:00 - 00116736 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wp2p.dll
2015-04-09 12:09 - 2006-03-29 05:00 - 00088576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wp2pnetsh.dll
2015-04-09 12:09 - 2006-03-29 05:00 - 00048640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wpnrpNsp.dll
2015-04-09 12:09 - 2005-03-24 17:22 - 00186880 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2p.dll
2015-04-09 12:09 - 2005-03-24 17:22 - 00135680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pnetsh.dll
2015-04-09 12:09 - 2005-03-24 17:22 - 00132608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\p2pgasvc.dll
2015-04-09 12:09 - 2005-03-24 17:22 - 00077824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\pnrpnsp.dll
2015-04-09 12:09 - 2005-03-24 17:22 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\pnrmc.sys
2015-04-09 12:09 - 2005-03-24 17:21 - 00185344 ____C (NVIDIA Corporation) C:\Windows\System32\dllcache\nvenet.sys
2015-04-09 12:08 - 2007-02-17 00:39 - 00062976 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstape.sys
2015-04-09 12:08 - 2007-02-17 00:39 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msircomm.sys
2015-04-09 12:08 - 2005-03-24 17:21 - 00042240 ____C (National Semiconductor Corporation) C:\Windows\System32\dllcache\nscirda.sys
2015-04-09 12:08 - 2005-03-24 17:21 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ne2000.sys
2015-04-09 12:08 - 2005-03-24 17:21 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nsmmc.sys
2015-04-09 12:08 - 2005-03-24 17:21 - 00005120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msmpu401.sys
2015-04-09 12:07 - 2007-02-17 00:38 - 00071680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdv.sys
2015-04-09 12:07 - 2007-02-17 00:36 - 00010752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ltotape.sys
2015-04-09 12:07 - 2005-03-24 17:21 - 00036352 ____C (LSI Logic Corporation) C:\Windows\System32\dllcache\mraid35x.sys
2015-04-09 12:07 - 2005-03-24 17:21 - 00028672 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\modemcsa.sys
2015-04-09 12:07 - 2005-03-24 17:21 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\miniqic.sys
2015-04-09 12:07 - 2005-03-24 17:20 - 00569344 ____C (Agere Systems) C:\Windows\System32\dllcache\ltmdm64.sys
2015-04-09 12:07 - 2005-03-24 17:20 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mammoth.sys
2015-04-09 12:07 - 2005-03-24 17:20 - 00008704 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\loop.sys
2015-04-09 12:06 - 2007-02-17 00:35 - 00026112 ____C (Litronic Industries) C:\Windows\System32\dllcache\lit220p.sys
2015-04-09 12:06 - 2007-02-17 00:34 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbdjpn.dll
2015-04-09 12:06 - 2007-02-17 00:34 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbdkor.dll
2015-04-09 12:05 - 2007-02-17 00:31 - 00237056 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irftp.exe
2015-04-09 12:05 - 2007-02-17 00:31 - 00152576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irda.sys
2015-04-09 12:05 - 2007-02-17 00:31 - 00043008 ____C (SigmaTel, Inc.) C:\Windows\System32\dllcache\irstusb.sys
2015-04-09 12:05 - 2007-02-17 00:31 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irsir.sys
2015-04-09 12:05 - 2005-03-24 17:20 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106.dll
2015-04-09 12:05 - 2005-03-24 17:20 - 00007680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101c.dll
2015-04-09 12:05 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd103.dll
2015-04-09 12:05 - 2005-03-24 17:20 - 00007168 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101b.dll
2015-04-09 12:05 - 2005-03-24 17:19 - 00070784 ____C (Intel Corporation) C:\Windows\System32\dllcache\ixg5132e.sys
2015-04-09 12:05 - 2005-03-24 17:19 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irmon.dll
2015-04-09 12:05 - 2005-03-24 17:19 - 00009216 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\intelide.sys
2015-04-09 12:04 - 2007-02-17 00:28 - 00385024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpojwia.dll
2015-04-09 12:04 - 2007-02-17 00:22 - 00061952 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\gagp30kx.sys
2015-04-09 12:04 - 2006-03-29 05:00 - 00096256 ____C () C:\Windows\System32\dllcache\ieencode.dll
2015-04-09 12:04 - 2006-03-29 05:00 - 00082432 ____C () C:\Windows\System32\dllcache\wieencode.dll
2015-04-09 12:04 - 2005-03-24 17:19 - 00048128 ____C (Intel Corp./ICP vortex GmbH) C:\Windows\System32\dllcache\iirsp.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 01080832 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsf_dp4.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 01038048 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmnt5.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00885760 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdd5.dll
2015-04-09 12:04 - 2005-03-24 17:18 - 00804352 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfcnxt4.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00244992 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdev5.dll
2015-04-09 12:04 - 2005-03-24 17:18 - 00241664 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaudio.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00236032 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfbs4.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00136704 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmdnt5.dll
2015-04-09 12:04 - 2005-03-24 17:18 - 00080896 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdashcut.exe
2015-04-09 12:04 - 2005-03-24 17:18 - 00063872 ____C (VIA Networking Technologies, Inc. ) C:\Windows\System32\dllcache\get5a64.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00055296 ____C (Intel Corporation) C:\Windows\System32\dllcache\ialmrnt5.dll
2015-04-09 12:04 - 2005-03-24 17:18 - 00044544 ____C (Gemplus) C:\Windows\System32\dllcache\grserial.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00043008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidbth.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00037402 ____C (Conexant Systems, Inc.) C:\Windows\System32\dllcache\hsfc4.dll
2015-04-09 12:04 - 2005-03-24 17:18 - 00033280 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpsjmcro.dll
2015-04-09 12:04 - 2005-03-24 17:18 - 00030720 ____C (Gemplus) C:\Windows\System32\dllcache\gpr400.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00028672 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaprop.dll
2015-04-09 12:04 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidir.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00012288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidgame.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00009728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hpt4qic.sys
2015-04-09 12:04 - 2005-03-24 17:18 - 00006144 ____C (Windows ® Server 2003 DDK provider) C:\Windows\System32\dllcache\hdaudres.dll
2015-04-09 12:03 - 2007-02-17 00:17 - 00182784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4.sys
2015-04-09 12:03 - 2007-02-17 00:09 - 00260096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\csamsp.dll
2015-04-09 12:03 - 2007-02-17 00:09 - 00031360 ____C (OMNIKEY AG) C:\Windows\System32\dllcache\cmbp0wdm.sys
2015-04-09 12:03 - 2007-02-17 00:09 - 00021120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cmbatt.sys
2015-04-09 12:03 - 2005-03-24 17:17 - 00652288 ____C (AVM Berlin) C:\Windows\System32\dllcache\fpcibase.sys
2015-04-09 12:03 - 2005-03-24 17:17 - 00643072 ____C (AVM Berlin) C:\Windows\System32\dllcache\fpcmbase.sys
2015-04-09 12:03 - 2005-03-24 17:17 - 00232960 ____C (Intel Corporation) C:\Windows\System32\dllcache\e1g5132e.sys
2015-04-09 12:03 - 2005-03-24 17:17 - 00191744 ____C (Intel Corporation) C:\Windows\System32\dllcache\efe5b32e.sys
2015-04-09 12:03 - 2005-03-24 17:17 - 00103936 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucm.dll
2015-04-09 12:03 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunib.dll
2015-04-09 12:03 - 2005-03-24 17:17 - 00081408 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuni.dll
2015-04-09 12:03 - 2005-03-24 17:17 - 00076800 ____C (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimg.dll
2015-04-09 12:03 - 2005-03-24 17:17 - 00062848 ____C (VIA Technologies, Inc. ) C:\Windows\System32\dllcache\fet5a64.sys
2015-04-09 12:03 - 2005-03-24 17:17 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\elmsmc.sys
2015-04-09 12:03 - 2005-03-24 17:17 - 00011776 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\exabyte2.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00491520 ____C (Eicon Networks) C:\Windows\System32\dllcache\diwansrv.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00462336 ____C (Eicon Networks) C:\Windows\System32\dllcache\dimaint.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00404480 ____C (Eicon Networks) C:\Windows\System32\dllcache\ditrace.exe
2015-04-09 12:03 - 2005-03-24 17:16 - 00310784 ____C (Eicon Networks) C:\Windows\System32\dllcache\dicapi.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00045056 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvsu.dll
2015-04-09 12:03 - 2005-03-24 17:16 - 00038400 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvpp.dll
2015-04-09 12:03 - 2005-03-24 17:16 - 00035328 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\dpti2o.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00032768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4usb.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00023552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4prt.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00014848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dot4scan.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00013824 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlttape.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ddsmc.sys
2015-04-09 12:03 - 2005-03-24 17:16 - 00006144 ____C (Eicon Networks) C:\Windows\System32\dllcache\disrvci.dll
2015-04-09 12:03 - 2005-03-24 17:15 - 00096768 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzport.sys
2015-04-09 12:03 - 2005-03-24 17:15 - 00094720 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyyport.sys
2015-04-09 12:03 - 2005-03-24 17:15 - 00039424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyycoins.dll
2015-04-09 12:03 - 2005-03-24 17:15 - 00036864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzcoins.dll
2015-04-09 12:03 - 2005-03-24 17:15 - 00035328 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyzports.dll
2015-04-09 12:03 - 2005-03-24 17:15 - 00034816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyyports.dll
2015-04-09 12:03 - 2005-03-24 17:15 - 00027136 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyclad-z.sys
2015-04-09 12:03 - 2005-03-24 17:15 - 00024064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\cyclom-y.sys
2015-04-09 12:03 - 2005-03-24 17:15 - 00013824 ____C (CMD Technology, Inc.) C:\Windows\System32\dllcache\cmdide.sys
2015-04-09 12:02 - 2005-03-24 17:16 - 00023552 ____C (Eicon Networks Corporation) C:\Windows\System32\dllcache\diapi264.dll
2015-04-09 12:02 - 2005-03-24 17:14 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\changer.sys
2015-04-09 12:02 - 2005-03-24 17:12 - 00018432 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmc2064.dll
2015-04-09 12:01 - 2007-02-17 00:05 - 00196608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthpan.sys
2015-04-09 12:01 - 2007-02-17 00:05 - 00065536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthmodem.sys
2015-04-09 12:01 - 2007-02-17 00:05 - 00051200 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthprint.sys
2015-04-09 12:01 - 2007-02-17 00:05 - 00027648 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthenum.sys
2015-04-09 12:01 - 2007-02-17 00:03 - 01452544 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ati2mtag.sys
2015-04-09 12:01 - 2007-02-17 00:03 - 00342016 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ati2dvag.dll
2015-04-09 12:01 - 2007-02-17 00:03 - 00067968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\avc.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00480256 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\bcmwl564.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00147456 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\brmfcwia.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00082944 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmflpt.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00068608 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfusb.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00063488 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfrsmg.exe
2015-04-09 12:01 - 2005-03-24 17:14 - 00059904 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brserwdm.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00041984 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparwdm.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00037376 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brevif.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00036352 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfbidi.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00035840 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brbidiif.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00024576 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bthusb.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00022528 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\bulltlp3.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00022016 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltlo.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00019968 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbmdm.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbscn.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00019456 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brcoinst.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00015360 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brserif.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00008192 ____C (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltup.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries,Ltd.) C:\Windows\System32\dllcache\brscnrsm.dll
2015-04-09 12:01 - 2005-03-24 17:14 - 00007168 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparimg.sys
2015-04-09 12:01 - 2005-03-24 17:14 - 00006656 ____C (Brother Industries Ltd.) C:\Windows\System32\dllcache\brfilt.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 03036032 ____C (ATI Technologies Inc. ) C:\Windows\System32\dllcache\ati3duag.dll
2015-04-09 12:01 - 2005-03-24 17:12 - 00568416 ____C (ATI Technologies Inc. ) C:\Windows\System32\dllcache\ativvaxx.dll
2015-04-09 12:01 - 2005-03-24 17:12 - 00340480 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ati2cqag.dll
2015-04-09 12:01 - 2005-03-24 17:12 - 00264704 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinevxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00192768 ____C (AVM GmbH) C:\Windows\System32\dllcache\b1cbase.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00191488 ____C (Broadcom Corporation) C:\Windows\System32\dllcache\b57amd64.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00188416 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmcoxp.dll
2015-04-09 12:01 - 2005-03-24 17:12 - 00168960 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmenum.dll
2015-04-09 12:01 - 2005-03-24 17:12 - 00104960 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmcowan.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00101888 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinesxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00084992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinraxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00080896 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinbtxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00073728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atineuxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00040960 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinxbxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00036864 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinsnxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00036352 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativtmxx.dll
2015-04-09 12:01 - 2005-03-24 17:12 - 00033280 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativtmww.dll
2015-04-09 12:01 - 2005-03-24 17:12 - 00031744 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativmvxx.ax
2015-04-09 12:01 - 2005-03-24 17:12 - 00030720 ____C (AVM GmbH) C:\Windows\System32\dllcache\avmunet.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00023552 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativmvww.ax
2015-04-09 12:01 - 2005-03-24 17:12 - 00022144 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\avcstrm.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00020992 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinpdxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00020480 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinmdxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00018944 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\atinttxx.sys
2015-04-09 12:01 - 2005-03-24 17:12 - 00013824 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativdaxx.ax
2015-04-09 12:01 - 2005-03-24 17:12 - 00009728 ____C (ATI Technologies Inc.) C:\Windows\System32\dllcache\ativdaww.ax
2015-04-09 12:01 - 2005-03-24 17:11 - 00062464 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\arc.sys
2015-04-09 12:00 - 2007-02-17 00:03 - 00056320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\agp440.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 01127424 ____C (Agere Systems) C:\Windows\System32\dllcache\agrsm64.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 00120832 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 00117248 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 00053248 ____C (AMD) C:\Windows\System32\dllcache\amdac97.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 00031744 ____C (Advanced Micro Devices (AMD), Inc.) C:\Windows\System32\dllcache\amd64n5.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 00009216 ____C (Acer Laboratories Inc.) C:\Windows\System32\dllcache\aliide.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 00008192 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\amdide.sys
2015-04-09 12:00 - 2005-03-24 17:11 - 00004608 ____C (Agere Systems) C:\Windows\System32\dllcache\agrsco64.dll
2015-04-09 11:59 - 2007-02-17 00:02 - 00078080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
2015-04-09 11:59 - 2006-03-29 05:00 - 00292864 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\nntpadm.dll
2015-04-09 11:59 - 2006-03-29 05:00 - 00187392 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wnntpadm.dll
2015-04-09 11:59 - 2005-03-24 17:11 - 00246784 ____C (Adaptec, Inc.) C:\Windows\System32\dllcache\adpu320.sys
2015-04-09 11:59 - 2005-03-24 17:11 - 00182272 ____C (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
2015-04-09 11:59 - 2005-03-24 17:11 - 00160256 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
2015-04-09 11:59 - 2005-03-24 17:11 - 00108032 ____C (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
2015-04-09 11:59 - 2005-03-24 17:11 - 00093696 ____C (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
2015-04-09 11:59 - 2005-03-24 17:11 - 00059392 ____C (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
2015-04-09 11:59 - 2005-03-24 17:11 - 00018432 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
2015-04-09 11:59 - 2005-03-24 17:11 - 00014336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
2015-04-09 11:54 - 2015-04-11 20:25 - 00002630 ____C () C:\Documents and Settings\eewiz\Desktop\FSS.txt
2015-04-09 11:53 - 2015-04-09 11:53 - 00415232 ____C (Farbar) C:\Documents and Settings\eewiz\Desktop\FSS.exe
2015-04-09 04:57 - 2015-04-09 04:57 - 00002773 ____C () C:\Documents and Settings\eewiz\Desktop\aswMBR.txt
2015-04-09 04:57 - 2015-04-09 04:57 - 00000512 ____C () C:\Documents and Settings\eewiz\Desktop\MBR.dat
2015-04-09 04:48 - 2015-04-09 04:47 - 05200384 ____C (AVAST Software) C:\Documents and Settings\eewiz\Desktop\aswmbr.exe
2015-04-09 03:57 - 2015-04-11 22:05 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-04-09 03:56 - 2015-04-11 22:05 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\mbar
2015-04-09 03:56 - 2015-04-09 03:56 - 16502728 ____C (Malwarebytes Corp.) C:\Documents and Settings\eewiz\Desktop\mbar-1.09.1.1004.exe
2015-04-09 03:39 - 2015-04-09 03:39 - 00305832 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-04-09 03:38 - 2015-04-09 03:38 - 14861360 ____C (Trend Micro Inc.) C:\Documents and Settings\eewiz\Desktop\RootkitBusterV5.0-1180x64.exe
2015-04-09 03:36 - 2015-04-09 11:50 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\TMRBLog
2015-04-09 02:24 - 2015-04-09 22:36 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\SysProt
2015-04-09 02:24 - 2015-04-09 02:24 - 00688992 ____C (Swearware) C:\Documents and Settings\eewiz\Desktop\dds.scr
2015-04-09 02:14 - 2015-04-11 22:09 - 00004782 ____C () C:\Documents and Settings\eewiz\Desktop\Rkill.txt
2015-04-09 02:13 - 2015-04-09 02:13 - 01943800 ____C (Bleeping Computer, LLC) C:\Documents and Settings\eewiz\Desktop\rkill.com
2015-04-09 01:55 - 2015-04-09 01:55 - 00001559 ____C () C:\Documents and Settings\eewiz\Desktop\JRT.txt
2015-04-09 01:41 - 2015-04-09 01:41 - 00000000 ___DC () C:\RegBackup
2015-04-09 01:39 - 2015-04-09 01:39 - 02686959 ____C (Thisisu) C:\Documents and Settings\eewiz\Desktop\JRT.exe
2015-04-09 01:26 - 2015-04-09 04:48 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\gmer
2015-04-08 21:45 - 2015-04-08 21:51 - 00001023 ____C () C:\Documents and Settings\eewiz\Desktop\Disabled Services on Muff.txt
2015-04-08 21:30 - 2015-04-08 21:30 - 04197016 ____C (Kaspersky Lab ZAO) C:\Documents and Settings\eewiz\Desktop\tdsskiller.exe
2015-04-07 18:05 - 2015-04-07 18:06 - 00007784 _____ () C:\WINDOWS\FaxSetup.log
2015-04-07 18:05 - 2015-04-07 18:06 - 00003338 _____ () C:\WINDOWS\tsoc.log
2015-04-07 18:05 - 2015-04-07 18:06 - 00002200 _____ () C:\WINDOWS\iis6.log
2015-04-07 18:05 - 2015-04-07 18:06 - 00001451 _____ () C:\WINDOWS\comsetup.log
2015-04-07 18:05 - 2015-04-07 18:06 - 00000956 _____ () C:\WINDOWS\imsins.log
2015-04-07 18:05 - 2015-04-07 18:06 - 00000945 _____ () C:\WINDOWS\ntdtcsetup.log
2015-04-07 18:05 - 2015-04-07 18:06 - 00000266 _____ () C:\WINDOWS\ocmsn.log
2015-04-07 18:05 - 2015-04-07 18:05 - 00006848 _____ () C:\WINDOWS\KB2813170.log
2015-04-07 18:05 - 2015-04-07 18:05 - 00004728 _____ () C:\WINDOWS\msmqinst.log
2015-04-07 18:05 - 2015-04-07 18:05 - 00002470 _____ () C:\WINDOWS\ocgen.log
2015-04-07 18:05 - 2015-04-07 18:05 - 00001123 _____ () C:\WINDOWS\updspapi.log
2015-04-07 18:05 - 2015-04-07 18:05 - 00000474 _____ () C:\WINDOWS\msgsocm.log
2015-04-07 18:05 - 2015-04-07 18:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB939875$
2015-04-07 18:05 - 2015-04-07 18:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813170$
2015-04-07 18:05 - 2015-04-07 18:05 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-07 18:05 - 2015-04-07 18:05 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-04-07 18:03 - 2013-03-08 14:26 - 04592640 ____C (Microsoft Corporation) C:\Documents and Settings\eewiz\Desktop\ntoskrnl.exe
2015-04-07 18:02 - 2013-03-08 14:26 - 04592640 ____C (Microsoft Corporation) C:\Documents and Settings\eewiz\Desktop\ntkrnlmp.exe
2015-04-07 17:59 - 2007-02-16 22:24 - 00279040 ____C (Microsoft Corporation) C:\Documents and Settings\eewiz\Desktop\hal.dll
2015-04-07 17:56 - 2015-04-07 18:06 - 00009207 _____ () C:\WINDOWS\KB939875.log
2015-04-07 15:33 - 2015-04-07 15:33 - 00000010 ____C () C:\csb.log
2015-04-07 01:50 - 2015-04-07 01:50 - 00000000 ___DC () C:\Program Files (x86)\FolderMatch
2015-04-07 01:50 - 2015-04-07 01:50 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\FolderMatch
2015-04-07 01:50 - 2010-06-08 13:08 - 00869016 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\WINDOWS\SysWOW64\SmartUI2.ocx
2015-04-07 01:50 - 2009-01-15 14:13 - 00396960 _____ (Namtuk.com) C:\WINDOWS\SysWOW64\MyCommandButton.ocx
2015-04-07 01:50 - 2005-07-07 09:57 - 00159744 _____ (MicroDexterity, Inc.) C:\WINDOWS\SysWOW64\stamin32.dll
2015-04-07 01:50 - 2003-04-04 12:37 - 00319488 _____ (Seekford Solutions, Inc.) C:\WINDOWS\SysWOW64\SNTP Wizard2.ocx
2015-04-07 01:50 - 2002-02-05 09:59 - 00599800 _____ (Software FX, Inc.) C:\WINDOWS\SysWOW64\Cfx4032.ocx
2015-04-07 01:50 - 2001-10-08 07:46 - 00136976 _____ (Software FX, Inc.) C:\WINDOWS\SysWOW64\SfxBar.dll
2015-04-03 16:06 - 2015-04-03 16:25 - 00000000 ___DC () C:\AdwCleaner
2015-04-02 19:02 - 2015-04-02 19:02 - 00000000 ___DC () C:\Documents and Settings\eewiz\Start Menu\Programs\Freemake
2015-04-02 19:02 - 2015-04-02 19:02 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
2015-04-01 21:56 - 2015-04-01 21:56 - 00000000 ___DC () C:\Program Files (x86)\Meteorite0.11b
2015-03-30 20:45 - 2015-03-30 20:44 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-03-30 20:44 - 2015-03-30 20:44 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-03-28 16:05 - 2015-04-12 14:36 - 00000000 _____ () C:\WINDOWS\0.log
2015-03-28 16:04 - 2015-03-28 16:04 - 00000000 ___DC () C:\Documents and Settings\Default User\Application Data\LHService
2015-03-28 16:03 - 2015-04-07 13:41 - 00007794 _____ () C:\WINDOWS\PFRO.log
2015-03-26 18:46 - 2015-03-26 18:47 - 00003865 ____C () C:\Documents and Settings\All Users\Application Data\lpm.dat
2015-03-26 03:45 - 2015-04-12 15:01 - 00245365 _____ () C:\WINDOWS\setupapi.log
2015-03-23 21:45 - 2015-03-23 21:45 - 00001045 ____C () C:\Documents and Settings\eewiz\Desktop\PIC24F Flash Prog. Spec..lnk
2015-03-23 21:37 - 2015-03-23 21:37 - 00000825 ____C () C:\Documents and Settings\eewiz\Desktop\LD Linker Manual.lnk
2015-03-22 21:57 - 2015-03-22 21:58 - 00000920 ____C () C:\Backup_Muff_to_WHS.bat
2015-03-21 12:50 - 2015-04-04 13:13 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 01:47 - 2015-03-21 01:47 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-03-21 01:42 - 2015-03-21 01:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2015-03-20 20:24 - 2015-03-20 18:16 - 00450702 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150320-202439.backup
2015-03-20 18:16 - 2014-07-24 23:39 - 00000771 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150320-181651.backup
2015-03-20 16:49 - 2015-03-20 16:49 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-20 14:01 - 2015-03-20 14:01 - 00000000 ___DC () C:\Program Files (x86)\AvastBrowserCleanup
2015-03-15 23:00 - 2015-03-15 23:00 - 00000000 ___DC () C:\Program Files (x86)\CDex_150
2015-03-15 23:00 - 2015-03-15 23:00 - 00000000 ___DC () C:\Documents and Settings\eewiz\Start Menu\Programs\CDex
2015-03-15 21:43 - 2015-03-15 23:02 - 00001451 _____ () C:\WINDOWS\CDEX.INI
2015-03-15 21:43 - 2015-03-15 23:01 - 00000000 ___DC () C:\Program Files (x86)\CDex_120

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 15:27 - 2012-07-20 18:27 - 04051242 _____ () C:\WINDOWS\pfirewall.log
2015-04-12 15:27 - 2011-04-26 17:18 - 00000000 ___DC () C:\Documents and Settings\eewiz\Local Settings\Temp
2015-04-12 14:41 - 2014-11-06 12:54 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\purevpn
2015-04-12 14:37 - 2011-04-12 17:23 - 01884069 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 14:37 - 2009-11-20 19:41 - 00254152 _____ () C:\WINDOWS\system32\NvApps.xml
2015-04-12 14:36 - 2012-07-10 20:51 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-12 14:35 - 2014-05-11 13:29 - 00000110 ____C () C:\Documents and Settings\Default User\.dir
2015-04-12 14:35 - 2011-04-12 17:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 14:35 - 2006-03-29 05:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-12 14:32 - 2011-04-26 17:18 - 00000178 __SHC () C:\Documents and Settings\eewiz\ntuser.ini
2015-04-12 14:32 - 2011-04-12 17:28 - 00032632 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2015-04-12 14:31 - 2014-06-06 22:50 - 00000000 ___DC () C:\Documents and Settings\eewiz\Application Data\KeePass
2015-04-12 14:31 - 2011-04-26 17:18 - 00000000 ___DC () C:\Documents and Settings\eewiz
2015-04-12 13:30 - 2015-01-02 01:41 - 00000258 _____ () C:\Documents and Settings\eewiz\Split.xml
2015-04-12 04:00 - 2013-03-10 21:43 - 00000338 _____ () C:\WINDOWS\Tasks\ERUNT 7_Sunday.job
2015-04-11 21:24 - 2014-06-26 20:07 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 21:23 - 2014-06-26 20:06 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-11 21:22 - 2011-12-18 01:20 - 00000000 ___DC () C:\Program Files (x86)\DesktopOK
2015-04-11 20:58 - 2012-07-20 18:27 - 33490189 _____ () C:\WINDOWS\pfirewall.log.old
2015-04-11 20:21 - 2014-05-04 04:51 - 00000000 ___DC () C:\Documents and Settings\eewiz\Application Data\Notepad++
2015-04-11 04:00 - 2013-03-10 21:40 - 00000342 _____ () C:\WINDOWS\Tasks\ERUNT 6_Saturday.job
2015-04-11 01:11 - 2013-09-20 13:07 - 00000664 _____ () C:\WINDOWS\SysWOW64\d3d9caps.dat
2015-04-10 22:41 - 2014-07-14 10:29 - 00022462 ____C () C:\KeePassDatabaseMuff.kdbx
2015-04-09 04:52 - 2011-04-27 19:10 - 00000000 __SHD () C:\WINDOWS\CSC
2015-04-09 04:00 - 2013-03-10 21:34 - 00000342 _____ () C:\WINDOWS\Tasks\ERUNT 4_Thursday.job
2015-04-08 21:45 - 2011-04-12 17:28 - 00000216 ____C () C:\Documents and Settings\LocalService\wiadebug.log
2015-04-08 15:33 - 2014-11-26 23:22 - 00000000 ___DC () C:\Program Files\JKDefrag64
2015-04-08 04:00 - 2013-03-10 21:30 - 00000344 _____ () C:\WINDOWS\Tasks\ERUNT 3_Wednesday.job
2015-04-07 21:53 - 2011-12-03 19:55 - 00000288 _____ () C:\WINDOWS\Brownie.ini
2015-04-07 17:38 - 2014-11-25 23:39 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Fixes
2015-04-07 16:23 - 2011-04-12 17:22 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-07 15:40 - 2013-09-24 07:28 - 00065536 _____ () C:\WINDOWS\system32\config\CaptureL.evt
2015-04-07 04:00 - 2013-03-10 21:20 - 00000340 _____ () C:\WINDOWS\Tasks\ERUNT 2_Tuesday.job
2015-04-06 23:52 - 2011-12-04 10:59 - 00000000 ___DC () C:\Documents and Settings\eewiz\Application Data\Azureus
2015-04-06 04:00 - 2013-03-10 21:11 - 00000338 _____ () C:\WINDOWS\Tasks\ERUNT 1_Monday.job
2015-04-05 13:13 - 2014-10-17 19:58 - 00000000 __SDC () C:\Documents and Settings\eewiz\Desktop\Backup Stuff
2015-04-04 13:13 - 2012-04-24 22:05 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 16:02 - 2014-05-27 19:43 - 00000000 ___DC () C:\Program Files (x86)\AdwCleaner
2015-04-03 04:00 - 2013-03-10 21:37 - 00000338 _____ () C:\WINDOWS\Tasks\ERUNT 5_Friday.job
2015-04-02 19:04 - 2013-09-18 21:45 - 00000000 ___DC () C:\Documents and Settings\eewiz\My Documents\Freemake
2015-04-02 19:04 - 2013-09-18 21:45 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Freemake
2015-04-02 19:02 - 2013-09-24 07:27 - 00000000 ___DC () C:\Program Files (x86)\Freemake
2015-04-02 18:48 - 2013-12-19 22:58 - 00001321 ____C () C:\Documents and Settings\eewiz\Desktop\VBScript Reference.lnk
2015-04-02 03:33 - 2013-05-30 02:26 - 00000000 ____D () C:\Temp
2015-04-01 23:45 - 2014-05-12 20:54 - 00000000 ___DC () C:\Program Files (x86)\MkvToMp4v0.224
2015-04-01 21:57 - 2013-08-21 08:19 - 00000000 ___DC () C:\Documents and Settings\All Users\Start Menu\Programs\Video
2015-03-30 20:44 - 2014-04-28 04:01 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-03-30 20:44 - 2013-03-03 12:45 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-03-30 20:44 - 2013-03-03 12:45 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-03-30 20:44 - 2011-05-23 20:51 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-03-30 20:44 - 2011-05-23 20:51 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-03-30 20:44 - 2011-05-23 20:51 - 00065224 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-03-30 20:44 - 2011-05-23 20:51 - 00064712 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-03-30 12:30 - 2013-12-17 15:49 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Software
2015-03-29 20:14 - 2014-11-25 23:28 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Backup
2015-03-26 02:03 - 2014-05-09 08:51 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\LockHunter
2015-03-26 01:53 - 2014-07-09 19:33 - 00000000 ___DC () C:\Documents and Settings\eewiz\Application Data\Media Player Classic
2015-03-26 01:53 - 2014-07-05 15:16 - 00065536 _____ () C:\WINDOWS\system32\config\PowerShell.evt
2015-03-26 01:53 - 2014-07-04 08:12 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-03-26 01:53 - 2013-11-25 10:58 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Skype
2015-03-26 01:53 - 2013-09-09 01:07 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-26 01:53 - 2013-09-08 18:41 - 00065536 _____ () C:\WINDOWS\system32\config\Switcher.evt
2015-03-26 01:53 - 2013-07-26 23:11 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-03-26 01:53 - 2011-04-12 18:44 - 00065536 _____ () C:\WINDOWS\system32\config\Internet Explorer.evt
2015-03-25 00:29 - 2013-12-17 15:39 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\RCH_EC
2015-03-25 00:28 - 2013-12-17 15:46 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Lib
2015-03-25 00:04 - 2014-02-27 11:50 - 00000000 ___DC () C:\Documents and Settings\eewiz\Application Data\dvdcss
2015-03-24 20:10 - 2013-03-30 18:42 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\DVD Shrink
2015-03-23 22:41 - 2013-03-31 17:06 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Desktop Puff_II
2015-03-23 21:52 - 2015-02-18 18:29 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Elux Work
2015-03-22 21:57 - 2014-03-11 23:46 - 00001601 ____C () C:\Documents and Settings\eewiz\Desktop\Backup Muff to WHS.lnk
2015-03-22 02:01 - 2014-05-13 07:23 - 00000000 ___DC () C:\Documents and Settings\eewiz\Application Data\vlc
2015-03-21 01:43 - 2014-05-13 07:29 - 00000000 ___DC () C:\Program Files (x86)\DivX
2015-03-21 01:43 - 2014-05-13 07:28 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\DivX
2015-03-21 01:35 - 2012-03-29 22:39 - 00778928 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-21 01:35 - 2011-08-11 00:02 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-21 00:39 - 2014-06-26 20:06 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-20 18:06 - 2014-10-05 01:47 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-03-20 14:01 - 2014-10-05 01:47 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-19 23:27 - 2014-11-25 23:32 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Common
2015-03-17 23:14 - 2012-07-20 13:45 - 00000000 ___DC () C:\Program Files (x86)\Azureus4.7
2015-03-16 18:39 - 2013-12-17 20:50 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Windows Home Server
2015-03-13 01:44 - 2014-07-05 07:31 - 00000000 ___DC () C:\Documents and Settings\eewiz\Desktop\Video Work

==================== Files in the root of some directories =======

2012-08-21 09:51 - 2012-08-21 09:46 - 0010752 ____C (Ramesh Srinivasan) C:\Program Files\NoFindInsideZip.exe
2014-05-12 18:17 - 2014-05-12 18:17 - 0000017 ____C () C:\Program Files (x86)\GPAC_MP4Boxgpac_pl.m3u
2013-03-10 23:56 - 2012-08-21 17:01 - 0010752 ____C (Ramesh Srinivasan) C:\Program Files (x86)\NoFindInsideZip.exe
2012-05-04 00:04 - 2012-05-04 00:04 - 2174976 ____C (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-07-04 07:09 - 2014-07-04 07:09 - 0000024 __SHC () C:\Documents and Settings\eewiz\Application Data\1D959CA221C7573.sys
2013-08-14 12:54 - 2013-11-25 23:22 - 0000021 ____C () C:\Documents and Settings\eewiz\Application Data\ISOWorkshop.ini
2012-08-25 23:35 - 2013-12-06 02:02 - 0004383 ____C () C:\Documents and Settings\eewiz\Application Data\LTspiceIV.ini
2013-08-09 17:35 - 2013-08-09 18:20 - 0000499 ____C () C:\Documents and Settings\eewiz\Application Data\repmand.ini
2013-08-09 17:35 - 2013-08-09 18:20 - 0000033 ____C () C:\Documents and Settings\eewiz\Application Data\repmandlib.ini
2011-12-07 18:23 - 2012-03-10 09:04 - 0000000 ____C () C:\Documents and Settings\eewiz\Application Data\sversion.ini
2014-07-04 07:09 - 2014-07-04 07:09 - 0000024 __SHC () C:\Documents and Settings\eewiz\Application Data\System5908ConfigCollection.dat
2013-05-22 01:24 - 2013-05-22 01:24 - 0000128 ____C () C:\Documents and Settings\eewiz\Local Settings\Application Data\fusioncache.dat
2013-08-02 21:10 - 2013-08-02 21:10 - 0000218 ____C () C:\Documents and Settings\eewiz\Local Settings\Application Data\recently-used.xbel

Some content of TEMP:
====================
C:\Documents and Settings\eewiz\Local Settings\Temp\FreemakeVideoConverterFull.exe
C:\Documents and Settings\eewiz\Local Settings\Temp\i4jdel0.exe
C:\Documents and Settings\eewiz\Local Settings\Temp\npp.6.7.5.Installer.exe
C:\Documents and Settings\eewiz\Local Settings\Temp\perplex.dll
C:\Documents and Settings\eewiz\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\eewiz\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\eewiz\Local Settings\Temp\xmlUpdater.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\mp4norm.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

 

Attached File  Addition.txt   74.33KB   0 downloads

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 17 April 2015 - 06:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573033 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:19 AM

Posted 23 April 2015 - 09:53 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi eewiz,
 
Have you tested the RAM on this machine?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 eewiz

eewiz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 23 April 2015 - 09:21 PM

Hi Toffee,

I have tested the ram several times in the last month or two through multiple rounds for 24 to 48 hours each time with Memtest86+ booted from a CD.
The results were always, no errors found.
The motherboard is a Gigabyte GA-880GA-UD3H with 16,384 MB of memory in 4 slots populated with Patriot PC3-12800 CL9 4GB memories running in 128-bit mode at whatever speed is default for the motherboard.

The XP boot up GUI reports only 16,375 MB and once this XP 64-bit box is fully booted up, Gabriel Topala's System Info utility reports only 16,374 MB.

There is 9 then 10 MB of missing memory as far as Windows is concerned.

My Computer/Properties reports only 15.9GB of memory in both safe mode and normal mode.

Win PE (XP) booted from a hiren's utility disc reports 2.99GB since the Win PE (XP) is the 32-bit model, although I would expect it to report 3GB not 2.99GB.

The C: drive is system partition encrypted with TrueCrypt and I have Daemon Tools 4.06 installed which loads the SPTD driver.

I do not know for sure if either of these applications reserves memory outside of the Windows kernel.

Memtest86+ reports all 16,384 MB of memory when booted from a CD so, it does not appear to be the motherboard that is reserving the memory.

I hope some or all of this information might be helpful.

 

eewiz



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:19 AM

Posted 27 April 2015 - 01:42 PM

Hi eewiz,
 
Have you tried running the system with only one stick of RAM, or buying some cheap RAM to test? It may be that one of the RAM slots is bad.
Have you run any hard drive diagnostics?
 
Any particular reason you still run XP, since it is no longer supported or updated?
 

My Computer/Properties reports only 15.9GB of memory in both safe mode and normal mode.

Certain hardware may use a small amount of memory, this is not uncommon to see. The amount of memory reported is the amount that windows can use. My computer has 6GBs, but only 5.85GB is usable.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 eewiz

eewiz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 27 April 2015 - 09:08 PM

Hey Toffee,

 

My Commit Charge is at 3.5GB idling at the desktop so, I would be into the swap file even before fully booted so, no I have not tried only one stick of memory.

Wouldn't memtest86+ detect a bad RAM slot as well as a bad RAM stick?

 

I have no SMART errors and no Read errors using Seatools booted from a CD.

 

I have a Win 7 box and I will state without reserve that the Win 7 user interface is atrocious. Microsoft took a giant leap backwards when they saw fit to create that mess.

I have all XP64 updates until Microsoft abandoned it, are still collecting all server 2003 updates until abandoned later this year, and can reapply them at will to any new installation of XP64.

Xp64 is actually Server 2003 made over with the XP user interface and is as rock solid stable as the 2003 server product.

Except for this issue of mine that cropped up a few months ago, I have never had an unplanned reboot with the XP64 product.

This cannot be said for the 32-bit version of XP. The 32-bit version of XP won't stay up for a month without running out of some resource or another.

Oh, it is very polite about telling you that it ran out of this or that resource and must reboot but, that is no good for me. I want an OpSys that will stay up forever.

I ran this XP64 box for 18 months without failure before my issue started to appear. I love XP64, it is Microsoft's greatest achievement.

I ran this XP64 on it's previous motherboard for 5 years until that motherboard died. It never needed an unplanned reboot.

It never bluescreened, not once, until the motherboard died and would never boot up again.

The RAID controller on the previous motherboard was incompatible with the new motherboard so I had to rebuild the entire system over again from scratch.

Now, almost 2 years since, I still do not have all of my programs reinstalled. I have a start menu structure littered with nonfunctional shortcuts used as reminders of what still needs to be reinstalled.

I tried a restore of a full backup of the original system after installing the new UEFI motherboard but, it would always crash during boot up.

I tried restoring non-RAID, non-UEFI, upgrading to Vista64, then upgrading to Win 7-64 just to see if it would work. This was a total disaster. The Win 7-64 would crash ten time a day.

 

eewiz



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:19 AM

Posted 01 May 2015 - 11:56 AM

Hi eewiz,

 

This does not sound like a malware issue and so you would probably be better off in this section, as I am not as experienced with non-malware troubleshooting.

 

My Commit Charge is at 3.5GB idling at the desktop so, I would be into the swap file even before fully booted so, no I have not tried only one stick of memory.

Wouldn't memtest86+ detect a bad RAM slot as well as a bad RAM stick?

You could try two RAM inserted. Memtest can give you an indication of bad slots, but would mostly just error out on one slot every time.

 

xXToffeeXx~


Edited by xXToffeeXx, 01 May 2015 - 11:56 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 eewiz

eewiz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 04 May 2015 - 03:57 PM

Toffee,

I have run Memtest for more than 100 hours and it has never produced any errors, socket, RAM or otherwise.

At this point, it does not appear to be a memory issue.

 

I will try the XP-Home-and-Professional forum as suggested.

 

Thank You



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:19 AM

Posted 06 May 2015 - 12:51 PM

Hi eewiz,

 

I shall close this as resolved. Good luck with the XP forum.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:19 AM

Posted 06 May 2015 - 12:51 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users