Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, infected 3, ESET found these.Now cannot open ESET to re- scan


  • This topic is locked This topic is locked
15 replies to this topic

#1 Milla-Bach

Milla-Bach

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 19 May 2015 - 07:05 AM

This computer had problems with infections and virus issues in the past. It was given to me. Just installed ESET Smart Security 8.0 today. Problems with Group Policy controlling windows firewall so I disabled it and use Eset personal firewall. I cannot access my Eset scan logs or Eset at all now. When I try to I get a pop-up message "Error communicating with kernel"  I don't know how to fix this, other than to ask you guys for some help. I wanted to post the scan results for you. I tried to repair/reinstall Eset and it tells me that it is already installed but I cannot open it up. I know that it found 3 Trojans, I also ran R-kill before downloading Eset and I saved the results of the scan. I seem to have another problen with Hosts, here is a copy of the scan.

 

 

 

 

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/16/2015 10:18:34 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
   "EnableFirewall" = dword:00000000

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
  127.0.0.1 10sek.com
  127.0.0.1 www.10sek.com
  127.0.0.1 123topsearch.com

  20 out of 9239 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 05/16/2015 10:19:55 AM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)

 

 

This is an older computer but its all I have right now. Windows XP Home Edition 32-bit SP3 OEM It was serviced and partially rebuilt accordind to my friend that gave it to me. The CPU is AMD Athlon XP Proswssor Thouroughbred 0.13um technology. Motherboard is Asus A7V8X-MX (Socket A)  RAM has 512 MB DDR @ 132 MHz Storage is 40GB Western Digital WDC WD400BB-75DEAO (ATA)  Video is Asus A9200SE Secondary  Install date was 8/23/2008  I found this information through Speccy and D7  I would appreciate any help and advice other than to get an updated system. I wish I could do that and not have these problems but this old desktop is all I have for now. I really don't know what else is wrong with it other than Eset finding three infections that were trojans. I wrote down some of the results "1 object has been deleted and it only contained the virus body". "4 objects cannot be opened, it may be used by another application or OS". I remember it saying that there was an infection somewhere in Java too. I also ran Super Anti Spyware before R-kill and Eset, it found some infections too. I deleted it before I installed Eset so I cant post what it found. Thank you for taking the time to read my problem and all of your help over the years with a few other infected computers.

 

 

 

 

Here is FRST scan results,

 

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by walter pico (administrator) on WALTERPICO179 on 19-05-2015 06:16:52
Running from C:\Documents and Settings\walter pico.WALTERPICO179\Desktop
Loaded Profiles: walter pico (Available profiles: walter pico)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\MountPoints2: {87bd2f46-fbc7-11e4-8dff-000c6eed51fa} - E:\Setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-02-05] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-02-05] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-05-17] (Adobe Systems Incorporated) [File not signed]
S4 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-01-28] (Motive Communications, Inc.) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S4 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2015-05-16] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AM10; C:\WINDOWS\System32\DRIVERS\AM10XP.sys [816672 2010-03-23] (Ralink Technology, Corp.)
R2 aslm75; C:\WINDOWS\system32\drivers\aslm75.sys [6272 1997-04-22] () [File not signed]
R1 asuskbnt; C:\WINDOWS\System32\drivers\asuskbnt.sys [17246 2003-07-21] (ASUSTeK COMPUTER INC.) [File not signed]
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-04-23] (VIA Technologies, Inc.              )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NTSIM; C:\WINDOWS\System32\ntsim.sys [7040 2003-04-09] (VIA Networking, Inc.                    ) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-01-22] (Padus, Inc.) [File not signed]
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [27064 2009-12-30] (VS Revo Group) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
R3 Video3D; C:\WINDOWS\System32\Drivers\Video3D.sys [32732 2003-05-23] (ASUSTeK COMPUTER INC.) [File not signed]
R3 Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [917988 2002-04-30] (Conexant)
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 06:16 - 2015-05-19 06:17 - 00007703 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FRST.txt
2015-05-19 06:16 - 2015-05-19 06:16 - 00000000 ____D () C:\FRST
2015-05-19 06:15 - 2015-05-19 06:15 - 01146368 _____ (Farbar) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FRST.exe
2015-05-19 04:35 - 2015-05-19 04:37 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-19 04:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-19 04:35 - 04095448 _____ (BrightFort LLC ) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\spywareblastersetup50.exe
2015-05-19 04:35 - 2015-05-19 04:35 - 00000754 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SpywareBlaster.lnk
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSSTDFMT.DLL
2015-05-19 02:57 - 2015-05-19 02:57 - 00001767 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Belarc Advisor.lnk
2015-05-19 02:57 - 2015-05-19 02:57 - 00001767 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Belarc Advisor.lnk
2015-05-19 02:57 - 2015-05-19 02:57 - 00001761 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Belarc Advisor.lnk
2015-05-19 02:56 - 2015-05-19 02:56 - 03946096 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\advisorinstaller.exe
2015-05-19 02:56 - 2015-05-19 02:56 - 00000000 ____D () C:\Program Files\Belarc
2015-05-19 02:56 - 2013-09-10 19:25 - 00003840 _____ () C:\WINDOWS\system32\Drivers\BANTExt.sys
2015-05-19 02:43 - 2015-05-19 02:43 - 00000654 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Speccy.lnk
2015-05-19 02:43 - 2015-05-19 02:43 - 00000000 ____D () C:\Program Files\Speccy
2015-05-19 02:43 - 2015-05-19 02:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Speccy
2015-05-19 02:43 - 2015-05-19 02:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Speccy
2015-05-19 02:42 - 2015-05-19 02:43 - 05127432 _____ (Piriform Ltd) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\spsetup128.exe
2015-05-19 01:17 - 2015-05-19 01:18 - 00000000 ___SD () C:\cf8675309
2015-05-19 00:59 - 2015-01-30 16:13 - 00190880 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2015-05-19 00:48 - 2014-07-31 23:59 - 00363672 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\RebootMaster.exe
2015-05-19 00:47 - 2014-07-31 23:59 - 00892056 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FileHandler.exe
2015-05-19 00:47 - 2014-07-31 23:59 - 00429200 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\WinsockReset.exe
2015-05-19 00:47 - 2014-07-31 23:59 - 00314520 _____ (Foolish IT LLC) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\StartupKill.exe
2015-05-19 00:46 - 2014-08-18 12:17 - 00265376 _____ (Foolish IT LLC) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\BootSafe.exe
2015-05-19 00:46 - 2014-07-31 23:59 - 00441488 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\D7_Browser.exe
2015-05-19 00:46 - 2012-02-17 12:10 - 00261000 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\D7_Locksmith.exe
2015-05-18 18:10 - 2015-05-18 18:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\ESET
2015-05-18 18:10 - 2015-05-18 18:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\ESET
2015-05-18 18:09 - 2015-05-18 18:09 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ESET
2015-05-18 18:09 - 2015-01-30 16:13 - 00039464 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwndis.sys
2015-05-18 18:08 - 2015-05-19 00:59 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-18 18:07 - 2015-05-18 18:07 - 00000000 ____D () C:\Program Files\ESET
2015-05-18 18:07 - 2015-05-18 18:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-18 18:07 - 2015-05-18 18:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-18 18:07 - 2015-05-18 18:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-18 18:07 - 2015-05-18 18:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-18 17:56 - 2015-05-18 17:58 - 00000000 ____D () C:\WINSSLog
2015-05-18 17:55 - 2015-05-18 17:55 - 01661128 _____ (ESET) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\eset_smart_security_live_installer.exe
2015-05-18 17:48 - 2015-05-18 17:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2015-05-18 17:47 - 2015-05-18 17:48 - 00015326 _____ () C:\WINDOWS\KB955759.log
2015-05-17 12:44 - 2015-05-19 04:43 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:21 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:17 - 2015-05-17 12:17 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-17 12:17 - 2015-05-17 12:17 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-17 12:17 - 2015-05-17 12:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-17 11:18 - 2015-05-19 05:25 - 00000340 _____ () C:\WINDOWS\Tasks\UninstallMonitor.job
2015-05-17 11:09 - 2015-05-17 11:09 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 11:09 - 2015-05-17 11:09 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 09:42 - 2015-05-17 09:42 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-05-17 07:30 - 2015-05-19 05:29 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\backups
2015-05-17 06:39 - 2015-05-17 06:39 - 00000172 _____ () C:\UnInstall.dat
2015-05-17 06:35 - 2015-05-17 06:35 - 00000925 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Revo Uninstaller Pro.lnk
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Revo Uninstaller Pro
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Revo Uninstaller Pro
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-05-17 06:08 - 2015-05-17 06:08 - 00002076 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Common Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2014-03-07 10:25 - 00042496 _____ () C:\WINDOWS\system32\AdvUninstCPL.cpl
2015-05-17 06:06 - 2015-05-17 03:51 - 19346032 _____ (Innovative Solutions ) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Advanced_Uninstaller11.exe
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:08 - 2015-05-17 05:08 - 00012747 _____ () C:\WINDOWS\KB2900986.log
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2015-05-17 04:54 - 2015-05-17 04:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2015-05-17 04:50 - 2015-05-17 05:08 - 00037773 _____ () C:\WINDOWS\KB2345886.log
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\0fdecc0d6dc190c411e430792fc036ac
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-05-17 04:23 - 2008-07-06 05:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-05-17 04:06 - 2015-05-17 04:06 - 00000000 __SHD () C:\Documents and Settings\walter pico.WALTERPICO179\IECompatCache
2015-05-17 04:05 - 2015-05-17 04:05 - 00000000 __SHD () C:\Documents and Settings\walter pico.WALTERPICO179\PrivacIE
2015-05-17 03:47 - 2015-05-17 04:42 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2015-05-17 03:42 - 2015-05-17 03:42 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 __SHD () C:\Documents and Settings\walter pico.WALTERPICO179\IETldCache
2015-05-17 03:32 - 2015-05-17 03:33 - 00114812 _____ () C:\WINDOWS\KB2909921-IE8.log
2015-05-17 03:32 - 2015-05-17 03:32 - 00107693 _____ () C:\WINDOWS\KB2598845-IE8.log
2015-05-17 03:32 - 2015-05-17 03:32 - 00107053 _____ () C:\WINDOWS\KB2467659.log
2015-05-17 03:32 - 2015-05-17 03:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2015-05-17 03:32 - 2014-02-05 18:26 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-05-17 03:32 - 2011-08-16 05:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-17 03:31 - 2015-05-17 03:32 - 00130323 _____ () C:\WINDOWS\KB982381-IE8.log
2015-05-17 03:31 - 2015-05-17 03:31 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-17 03:30 - 2015-05-17 04:43 - 00009572 _____ () C:\WINDOWS\spupdsvc.log
2015-05-17 03:30 - 2014-02-05 18:26 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-05-17 03:27 - 2015-05-17 03:30 - 00113646 _____ () C:\WINDOWS\ie8.log
2015-05-17 03:27 - 2015-05-17 03:29 - 00000000 __HDC () C:\WINDOWS\ie8
2015-05-17 03:13 - 2015-05-17 03:33 - 00074006 _____ () C:\WINDOWS\ie8_main.log
2015-05-17 03:13 - 2015-05-17 03:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2015-05-17 03:12 - 2015-05-17 03:13 - 00041905 _____ () C:\WINDOWS\KB2904266.log
2015-05-17 02:48 - 2015-02-06 09:00 - 02398079 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7II_Core_v3.zip
2015-05-17 02:47 - 2015-02-06 09:17 - 07792813 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7.zip
2015-05-17 02:41 - 2015-05-17 02:41 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\PCHealth
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-05-16 13:13 - 2015-05-16 01:36 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\HijackThis.exe
2015-05-16 12:33 - 2015-05-16 12:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2015-05-16 12:24 - 2015-05-18 17:48 - 00103763 _____ () C:\WINDOWS\FaxSetup.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00060475 _____ () C:\WINDOWS\ocgen.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00050502 _____ () C:\WINDOWS\updspapi.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00041699 _____ () C:\WINDOWS\tsoc.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00034923 _____ () C:\WINDOWS\comsetup.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00022136 _____ () C:\WINDOWS\ntdtcsetup.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00015746 _____ () C:\WINDOWS\iis6.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00006015 _____ () C:\WINDOWS\ocmsn.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00005512 _____ () C:\WINDOWS\msgsocm.log
2015-05-16 12:24 - 2015-05-18 17:48 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-05-16 12:24 - 2015-05-17 10:23 - 00004566 _____ () C:\WINDOWS\imsins.BAK
2015-05-16 12:24 - 2015-05-16 12:25 - 00014526 _____ () C:\WINDOWS\KB2934207.log
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2015-05-16 11:53 - 2015-05-16 12:05 - 00011463 _____ () C:\WINDOWS\KB2868626.log
2015-05-16 11:53 - 2015-05-16 12:05 - 00011455 _____ () C:\WINDOWS\KB2922229.log
2015-05-16 11:52 - 2015-05-16 12:05 - 00011637 _____ () C:\WINDOWS\KB2859537.log
2015-05-16 11:52 - 2015-05-16 12:05 - 00011376 _____ () C:\WINDOWS\KB2876331.log
2015-05-16 11:52 - 2015-05-16 12:05 - 00011285 _____ () C:\WINDOWS\KB959426.log
2015-05-16 11:51 - 2015-05-16 12:05 - 00011297 _____ () C:\WINDOWS\KB2780091.log
2015-05-16 11:51 - 2015-05-16 12:05 - 00011291 _____ () C:\WINDOWS\KB2864063.log
2015-05-16 11:51 - 2015-05-16 12:05 - 00011208 _____ () C:\WINDOWS\KB2712808.log
2015-05-16 11:51 - 2015-05-16 12:04 - 00011208 _____ () C:\WINDOWS\KB2876217.log
2015-05-16 11:50 - 2015-05-16 12:04 - 00011658 _____ () C:\WINDOWS\KB2909212.log
2015-05-16 11:50 - 2015-05-16 12:04 - 00011040 _____ () C:\WINDOWS\KB2929961.log
2015-05-16 11:50 - 2015-05-16 12:04 - 00010956 _____ () C:\WINDOWS\KB2820917.log
2015-05-16 11:50 - 2015-05-16 12:04 - 00010949 _____ () C:\WINDOWS\KB960859.log
2015-05-16 11:50 - 2015-05-16 12:04 - 00010872 _____ () C:\WINDOWS\KB2479943.log
2015-05-16 11:50 - 2015-05-16 12:04 - 00010870 _____ () C:\WINDOWS\KB2916036.log
2015-05-16 11:49 - 2015-05-16 12:03 - 00011328 _____ () C:\WINDOWS\KB2930275.log
2015-05-16 11:49 - 2015-05-16 12:03 - 00010876 _____ () C:\WINDOWS\KB2898715.log
2015-05-16 11:49 - 2015-05-16 12:03 - 00010872 _____ () C:\WINDOWS\KB2847311.log
2015-05-16 11:49 - 2015-05-16 12:03 - 00010870 _____ () C:\WINDOWS\KB2850869.log
2015-05-16 11:49 - 2015-05-16 12:03 - 00010796 _____ () C:\WINDOWS\KB2757638.log
2015-05-16 11:48 - 2015-05-16 12:03 - 00010704 _____ () C:\WINDOWS\KB2893294.log
2015-05-16 11:48 - 2015-05-16 12:03 - 00010703 _____ () C:\WINDOWS\KB2802968.log
2015-05-16 11:47 - 2015-05-16 12:25 - 00029618 _____ () C:\WINDOWS\KB2749655.log
2015-05-16 11:47 - 2015-05-16 12:02 - 00059684 _____ () C:\WINDOWS\KB2909921-IE7.log
2015-05-16 11:47 - 2015-05-16 12:02 - 00010704 _____ () C:\WINDOWS\KB2862152.log
2015-05-16 11:46 - 2015-05-16 12:02 - 00010536 _____ () C:\WINDOWS\KB2585542.log
2015-05-16 11:46 - 2015-05-16 12:02 - 00010460 _____ () C:\WINDOWS\KB2691442.log
2015-05-16 11:46 - 2015-05-16 12:01 - 00010369 _____ () C:\WINDOWS\KB2655992.log
2015-05-16 11:45 - 2015-05-16 12:01 - 00010295 _____ () C:\WINDOWS\KB2719985.log
2015-05-16 11:45 - 2015-05-16 12:01 - 00010199 _____ () C:\WINDOWS\KB2478971.log
2015-05-16 11:45 - 2015-05-16 12:01 - 00010122 _____ () C:\WINDOWS\KB2508429.log
2015-05-16 11:44 - 2015-05-16 12:01 - 00010180 _____ () C:\WINDOWS\KB2544893-v2.log
2015-05-16 11:44 - 2015-05-16 12:01 - 00010032 _____ () C:\WINDOWS\KB2507938.log
2015-05-16 11:43 - 2015-05-16 12:00 - 00009862 _____ () C:\WINDOWS\KB2598479.log
2015-05-16 11:43 - 2015-05-16 12:00 - 00009717 _____ () C:\WINDOWS\KB979687.log
2015-05-16 11:42 - 2015-05-16 12:25 - 00028130 _____ () C:\WINDOWS\KB971029.log
2015-05-16 11:42 - 2015-05-16 12:00 - 00009706 _____ () C:\WINDOWS\KB2631813.log
2015-05-16 11:41 - 2015-05-16 12:00 - 00009458 _____ () C:\WINDOWS\KB982132.log
2015-05-16 11:41 - 2015-05-16 12:00 - 00009375 _____ () C:\WINDOWS\KB975025.log
2015-05-16 11:40 - 2015-05-16 11:59 - 00009359 _____ () C:\WINDOWS\KB2115168.log
2015-05-16 11:40 - 2015-05-16 11:59 - 00009218 _____ () C:\WINDOWS\KB952004.log
2015-05-16 11:39 - 2015-05-16 11:59 - 00009297 _____ () C:\WINDOWS\KB977914.log
2015-05-16 11:39 - 2015-05-16 11:59 - 00009201 _____ () C:\WINDOWS\KB2506212.log
2015-05-16 11:38 - 2015-05-16 11:59 - 00008880 _____ () C:\WINDOWS\KB977816.log
2015-05-16 11:37 - 2015-05-16 11:58 - 00009470 _____ () C:\WINDOWS\KB2481109.log
2015-05-16 11:37 - 2015-05-16 11:58 - 00008858 _____ () C:\WINDOWS\KB2653956.log
2015-05-16 11:37 - 2015-05-16 11:58 - 00008711 _____ () C:\WINDOWS\KB971657.log
2015-05-16 11:37 - 2015-05-16 11:58 - 00008627 _____ () C:\WINDOWS\KB974392.log
2015-05-16 11:36 - 2015-05-16 11:58 - 00008461 _____ () C:\WINDOWS\KB974112.log
2015-05-16 11:36 - 2015-05-16 11:58 - 00008370 _____ () C:\WINDOWS\KB974571.log
2015-05-16 11:35 - 2015-05-16 11:58 - 00008295 _____ () C:\WINDOWS\KB969059.log
2015-05-16 11:35 - 2015-05-16 11:57 - 00009328 _____ () C:\WINDOWS\KB2510581.log
2015-05-16 11:35 - 2015-05-16 11:57 - 00008215 _____ () C:\WINDOWS\KB978338.log
2015-05-16 11:35 - 2015-05-16 11:57 - 00008124 _____ () C:\WINDOWS\KB973507.log
2015-05-16 11:35 - 2009-11-21 10:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2015-05-16 11:35 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-05-16 11:34 - 2015-05-16 11:57 - 00007943 _____ () C:\WINDOWS\KB2419632.log
2015-05-16 11:34 - 2015-05-16 11:56 - 00007798 _____ () C:\WINDOWS\KB974318.log
2015-05-16 11:34 - 2015-05-16 11:56 - 00007761 _____ () C:\WINDOWS\KB2443105.log
2015-05-16 11:34 - 2015-05-16 11:56 - 00007635 _____ () C:\WINDOWS\KB975713.log
2015-05-16 11:33 - 2015-05-16 11:56 - 00007609 _____ () C:\WINDOWS\KB2483185.log
2015-05-16 11:32 - 2015-05-16 11:56 - 00007660 _____ () C:\WINDOWS\KB2705219-v2.log
2015-05-16 11:31 - 2015-05-16 11:55 - 00007512 _____ () C:\WINDOWS\KB2892075.log
2015-05-16 11:31 - 2015-05-16 11:55 - 00007427 _____ () C:\WINDOWS\KB2727528.log
2015-05-16 11:31 - 2015-05-16 11:55 - 00007296 _____ () C:\WINDOWS\KB979482.log
2015-05-16 11:31 - 2015-05-16 11:55 - 00007216 _____ () C:\WINDOWS\KB978706.log
2015-05-16 11:31 - 2015-05-16 11:55 - 00007176 _____ () C:\WINDOWS\KB2619339.log
2015-05-16 11:30 - 2015-05-16 11:55 - 00007064 _____ () C:\WINDOWS\KB978542.log
2015-05-16 11:30 - 2015-05-16 11:55 - 00006965 _____ () C:\WINDOWS\KB960803.log
2015-05-16 11:30 - 2015-05-16 11:54 - 00006884 _____ () C:\WINDOWS\KB973815.log
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-05-16 11:29 - 2015-05-16 11:54 - 00008116 _____ () C:\WINDOWS\KB2676562.log
2015-05-16 11:29 - 2015-05-16 11:54 - 00007701 _____ () C:\WINDOWS\KB2813345.log
2015-05-16 11:29 - 2015-05-16 11:54 - 00006770 _____ () C:\WINDOWS\KB2509553.log
2015-05-16 11:28 - 2015-05-16 11:54 - 00006547 _____ () C:\WINDOWS\KB982665.log
2015-05-16 11:28 - 2015-05-16 11:53 - 00006415 _____ () C:\WINDOWS\KB2620712.log
2015-05-16 11:27 - 2015-05-16 12:24 - 00024207 _____ () C:\WINDOWS\KB975467.log
2015-05-16 11:27 - 2015-05-16 11:53 - 00006251 _____ () C:\WINDOWS\KB2584146.log
2015-05-16 11:27 - 2015-05-16 11:28 - 00006299 _____ () C:\WINDOWS\KB979309.log
2015-05-16 11:22 - 2015-05-16 12:24 - 00024841 _____ () C:\WINDOWS\KB968389.log
2015-05-16 10:18 - 2015-05-16 10:19 - 00004554 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Rkill.txt
2015-05-16 07:41 - 2015-05-16 07:41 - 00045056 _____ () C:\WINDOWS\system32\UTSCSI.EXE
2015-05-16 07:41 - 2015-05-16 07:41 - 00005910 _____ () C:\WINDOWS\DPINST.LOG
2015-05-16 07:41 - 2010-03-23 14:53 - 00816672 ____H (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\AM10XP.sys
2015-05-16 07:41 - 2010-03-23 14:53 - 00226592 ____H (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-05-16 07:41 - 2010-03-23 14:53 - 00013931 ____H () C:\WINDOWS\system32\RaCoInst.dat
2015-05-16 07:36 - 2015-05-16 06:06 - 00347440 _____ (Microsoft Corporation) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\MicrosoftFixit-portable.exe
2015-05-16 06:38 - 2015-05-16 06:38 - 00000000 _RSHD () C:\cmdcons
2015-05-16 06:38 - 2008-10-15 16:31 - 00000211 _____ () C:\Boot.bak
2015-05-16 06:38 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-05-16 06:34 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-16 06:34 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-16 06:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-16 06:31 - 2015-05-16 06:33 - 00000000 ____D () C:\Qoobox
2015-05-16 06:31 - 2015-05-16 06:31 - 00000000 ____D () C:\WINDOWS\erdnt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 06:17 - 2008-08-23 15:56 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Temp
2015-05-19 04:38 - 2003-03-31 07:00 - 00013734 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-19 02:49 - 2012-11-14 16:11 - 00117254 _____ () C:\WINDOWS\setupapi.log
2015-05-19 02:46 - 2008-08-27 22:29 - 01621190 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-19 01:08 - 2004-10-07 10:17 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-05-19 00:59 - 2008-08-23 15:56 - 00000178 ___SH () C:\Documents and Settings\walter pico.WALTERPICO179\ntuser.ini
2015-05-18 18:52 - 2005-02-12 19:20 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-18 17:47 - 2004-10-13 11:54 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-05-18 17:46 - 2008-08-23 10:36 - 00500732 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-18 17:26 - 2012-11-14 16:12 - 00000450 _____ () C:\WINDOWS\setupact.log
2015-05-17 13:06 - 2004-10-07 11:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-17 12:23 - 2005-01-30 23:17 - 00000000 ____D () C:\Program Files\Java
2015-05-17 12:22 - 2005-01-30 23:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-17 12:21 - 2008-08-31 11:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-17 12:17 - 2004-10-07 10:18 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-17 10:53 - 2003-03-31 07:00 - 00000577 _____ () C:\WINDOWS\win.ini
2015-05-17 10:45 - 2008-08-23 15:56 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179
2015-05-17 10:42 - 2004-10-13 12:12 - 00000000 ____D () C:\Documents and Settings\tiersa\Local Settings\Temp
2015-05-17 10:41 - 2006-04-24 17:34 - 00000000 ____D () C:\Documents and Settings\brittney\Local Settings\Application Data\Help
2015-05-17 10:41 - 2004-10-19 18:23 - 00000000 ____D () C:\Documents and Settings\brittney\Local Settings\Temp
2015-05-17 10:23 - 2008-08-23 15:41 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-17 10:23 - 2008-08-23 15:41 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 10:23 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Help
2015-05-17 10:05 - 2008-08-23 10:35 - 00095072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 09:47 - 2008-08-27 23:41 - 00013104 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-17 09:45 - 2003-03-31 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-17 08:18 - 2008-08-23 15:50 - 00032252 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-17 08:18 - 2008-08-23 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-17 06:45 - 2008-08-27 01:16 - 00324465 _____ () C:\Program Files\INSTALL.LOG
2015-05-17 06:44 - 2008-08-30 17:01 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Move Networks
2015-05-17 06:43 - 2004-10-07 12:29 - 00000000 ____D () C:\Program Files\CyberLink
2015-05-17 06:43 - 2004-10-07 10:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-17 06:29 - 2008-10-16 16:29 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Mozilla
2015-05-17 06:28 - 2008-10-14 16:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-05-17 06:28 - 2008-10-14 16:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-17 06:28 - 2008-10-14 16:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-17 06:25 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Ahead
2015-05-17 06:24 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2015-05-17 06:21 - 2008-10-16 09:06 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Auslogics
2015-05-17 06:17 - 2008-08-23 16:51 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Adobe
2015-05-17 06:17 - 2004-10-27 16:38 - 00000000 ____D () C:\Program Files\Adobe
2015-05-17 03:42 - 2008-08-23 15:50 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2015-05-17 03:37 - 2008-08-23 15:56 - 00000803 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Internet Explorer.lnk
2015-05-17 03:36 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Media
2015-05-17 03:13 - 2008-08-28 21:33 - 00215046 _____ () C:\WINDOWS\system32\TZLog.log
2015-05-16 10:15 - 2008-08-23 15:56 - 00001599 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Remote Assistance.lnk
2015-05-16 06:38 - 2004-10-07 05:00 - 00000327 __RSH () C:\boot.ini
2015-04-30 10:07 - 2008-08-27 23:46 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2008-08-27 01:16 - 2015-05-17 06:45 - 0324465 _____ () C:\Program Files\INSTALL.LOG
2008-10-14 12:58 - 2008-10-14 16:36 - 0004608 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\brittney\Local Settings\Temp\eftwg2j6.exe
C:\Documents and Settings\brittney\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\tiersa\Local Settings\Temp\IadHide4.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 PM

Posted 24 May 2015 - 07:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576663 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 24 May 2015 - 09:45 AM

Attached File  Addition.txt   16.78KB   1 downloadsScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015
Ran by walter pico (administrator) on WALTERPICO179 on 24-05-2015 09:19:26
Running from G:\
Loaded Profiles: walter pico (Available Profiles: walter pico)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -osint -url "%1")
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS\system32\utilman.exe
(Microsoft Corporation) C:\WINDOWS\system32\osk.exe
(Microsoft Corporation) C:\WINDOWS\system32\msswchx.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_45\bin\jusched.exe"
HKLM\...\Run: [ATIPTA] => C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE [335872 2003-08-29] (ATI Technologies, Inc.)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6276888 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [system restore] => C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Computer Management.lnk [1602 2015-05-21] ()
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\MountPoints2: {87bd2f46-fbc7-11e4-8dff-000c6eed51fa} - E:\Setup.exe
Startup: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Startup\Connection Manager.lnk [2006-02-21]
ShortcutTarget: Connection Manager.lnk -> C:\Program Files\BellSouth\Connection Manager\CManager.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET)
S2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
S2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S3 ClipSrv; %SystemRoot%\system32\clipsrv.exe [X]
S3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S4 RemoteAccess; %SystemRoot%\system32\svchost.exe -k netsvcs [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 asuskbnt; C:\WINDOWS\System32\drivers\asuskbnt.sys [17246 2003-07-21] (ASUSTeK COMPUTER INC.)
S1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
S1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
S2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [176448 2015-01-30] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39464 2015-01-30] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [63160 2015-01-30] (ESET)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-04-23] (VIA Technologies, Inc.              )
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NTSIM; C:\WINDOWS\System32\ntsim.sys [7040 2003-04-09] (VIA Networking, Inc.                    )
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-01-22] (Padus, Inc.)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
S3 Video3D; C:\WINDOWS\System32\Drivers\Video3D.sys [32732 2003-05-23] (ASUSTeK COMPUTER INC.)
S3 Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [917988 2002-04-30] (Conexant)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-22 04:11 - 2015-05-22 04:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\CyberLink
2015-05-21 22:09 - 2015-05-21 22:10 - 00000000 ___SD () C:\cf8675309
2015-05-21 21:09 - 2015-05-22 10:14 - 00005710 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-21 21:04 - 2015-05-22 07:36 - 00143297 _____ () C:\WINDOWS\setupapi.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00036005 _____ () C:\WINDOWS\spuninst.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00002359 _____ () C:\WINDOWS\tsoc.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00002021 _____ () C:\WINDOWS\comsetup.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00001230 _____ () C:\WINDOWS\ntdtcsetup.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00000966 _____ () C:\WINDOWS\iis6.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00002956 _____ () C:\WINDOWS\ocgen.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-05-21 20:58 - 2015-05-24 09:19 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Temp
2015-05-21 20:49 - 2015-05-21 20:49 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-05-21 16:08 - 2015-05-21 16:08 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Start Menu\Programs\Accessories
2015-05-21 16:08 - 2015-05-21 16:08 - 00000000 _____ () C:\av.mof
2015-05-21 15:57 - 2015-05-21 15:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY\IETldCache
2015-05-21 15:41 - 2015-05-21 15:48 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Tweaking.com - Windows Repair
2015-05-21 14:51 - 2015-05-21 14:51 - 00000346 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\startup.txt
2015-05-21 07:25 - 2015-05-21 07:31 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-05-21 07:18 - 2015-05-21 14:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-21 07:18 - 2015-05-21 07:18 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2015-05-21 07:18 - 2015-05-21 07:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-21 07:18 - 2015-05-21 07:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-21 05:06 - 2015-05-21 05:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Desktop\CC Support
2015-05-20 08:08 - 2015-05-20 08:08 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp
2015-05-20 08:05 - 2008-10-14 16:42 - 00266048 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ccebak
2015-05-20 07:40 - 2015-05-20 07:40 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2015-05-20 05:37 - 2015-05-21 21:09 - 00005126 _____ () C:\WINDOWS\CUAppUsage.Dat
2015-05-20 04:03 - 2015-05-20 04:03 - 00005570 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\FavThemeDragon.Theme
2015-05-20 02:40 - 2015-05-20 02:40 - 00000427 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to Downloads.lnk
2015-05-20 02:35 - 2015-05-20 02:35 - 00000787 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Comodo IceDragon.lnk
2015-05-20 02:12 - 2015-05-21 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo
2015-05-20 02:12 - 2015-05-21 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo
2015-05-20 02:12 - 2015-05-20 08:20 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Mozilla
2015-05-20 02:11 - 2015-05-21 21:11 - 00000000 ____D () C:\Program Files\Comodo
2015-05-20 02:11 - 2015-05-20 02:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Comodo
2015-05-20 02:11 - 2015-05-20 02:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Comodo
2015-05-20 02:10 - 2015-05-20 02:10 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2015-05-20 02:10 - 2015-05-20 02:10 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc71.dll
2015-05-20 02:10 - 2015-05-20 02:10 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2015-05-20 01:31 - 2015-05-20 01:31 - 23732069 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\cce_2.5.242177.201_x32.zip
2015-05-19 14:27 - 2007-08-10 20:46 - 00017272 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-05-19 14:21 - 2015-05-19 14:21 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2015-05-19 12:30 - 2015-05-19 12:30 - 00000000 ____D () C:\RegBackup
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Program Files\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-19 06:17 - 2015-05-19 06:19 - 00021057 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Addition.txt
2015-05-19 06:16 - 2015-05-24 09:19 - 00000000 ____D () C:\FRST
2015-05-19 06:16 - 2015-05-19 06:19 - 00039909 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FRST.txt
2015-05-19 04:35 - 2015-05-21 05:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-21 05:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-21 05:27 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000754 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SpywareBlaster.lnk
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSSTDFMT.DLL
2015-05-19 02:56 - 2015-05-19 02:56 - 00000000 ____D () C:\Program Files\Belarc
2015-05-19 02:56 - 2013-09-10 19:25 - 00003840 _____ () C:\WINDOWS\system32\Drivers\BANTExt.sys
2015-05-19 00:46 - 2014-08-18 12:17 - 00265376 _____ (Foolish IT LLC) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\BootSafe.exe
2015-05-19 00:46 - 2014-07-31 23:59 - 00441488 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\D7_Browser.exe
2015-05-18 18:10 - 2015-05-20 08:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\ESET
2015-05-18 18:10 - 2015-05-18 18:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\ESET
2015-05-18 18:09 - 2015-05-18 18:09 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ESET
2015-05-18 18:09 - 2015-01-30 16:13 - 00039464 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwndis.sys
2015-05-18 17:56 - 2015-05-18 17:58 - 00000000 ____D () C:\WINSSLog
2015-05-18 17:48 - 2015-05-18 17:48 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB955759$
2015-05-17 12:44 - 2015-05-21 22:05 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:21 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:17 - 2015-05-21 14:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-17 12:17 - 2015-05-17 12:17 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-17 12:17 - 2015-05-17 12:17 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-17 11:18 - 2015-05-21 21:50 - 00000340 _____ () C:\WINDOWS\Tasks\UninstallMonitor.job
2015-05-17 11:09 - 2015-05-20 07:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 11:09 - 2015-05-20 07:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 07:30 - 2015-05-21 17:48 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\backups
2015-05-17 06:39 - 2015-05-17 06:39 - 00000172 _____ () C:\UnInstall.dat
2015-05-17 06:35 - 2015-05-21 21:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-17 06:35 - 2015-05-21 19:09 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00002076 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Common Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2014-03-07 10:25 - 00042496 _____ () C:\WINDOWS\system32\AdvUninstCPL.cpl
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2900986$
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2345886$
2015-05-17 04:54 - 2015-05-17 04:54 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB970430$
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\0fdecc0d6dc190c411e430792fc036ac
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-05-17 04:23 - 2008-07-06 05:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-05-17 04:06 - 2015-05-17 04:06 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\IECompatCache
2015-05-17 04:05 - 2015-05-17 04:05 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\PrivacIE
2015-05-17 03:47 - 2015-05-17 04:42 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2015-05-17 03:42 - 2015-05-17 03:42 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 __SHD () C:\Documents and Settings\walter pico.WALTERPICO179\IETldCache
2015-05-17 03:32 - 2015-05-17 03:32 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2467659$
2015-05-17 03:32 - 2014-02-05 18:26 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-05-17 03:32 - 2011-08-16 05:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-17 03:30 - 2014-02-05 18:26 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-05-17 03:27 - 2015-05-17 03:29 - 00000000 ___DC () C:\WINDOWS\ie8
2015-05-17 03:13 - 2015-05-17 03:13 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2904266$
2015-05-17 02:48 - 2015-02-06 09:00 - 02398079 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7II_Core_v3.zip
2015-05-17 02:47 - 2015-02-06 09:17 - 07792813 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7.zip
2015-05-17 02:41 - 2015-05-17 02:41 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\PCHealth
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-05-16 13:13 - 2015-05-16 01:36 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\HijackThis.exe
2015-05-16 12:33 - 2015-05-16 12:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB971029$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2934207$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2749655$
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB975467$
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB968389$
2015-05-16 11:35 - 2009-11-21 10:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2015-05-16 11:35 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-05-16 10:18 - 2015-05-21 04:57 - 00264100 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Rkill.txt
2015-05-16 07:41 - 2010-03-23 14:53 - 00226592 _____ (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-05-16 07:41 - 2010-03-23 14:53 - 00013931 _____ () C:\WINDOWS\system32\RaCoInst.dat
2015-05-16 06:38 - 2015-05-16 06:38 - 00000000 ____D () C:\cmdcons
2015-05-16 06:38 - 2008-10-15 16:31 - 00000211 _____ () C:\Boot.bak
2015-05-16 06:38 - 2004-08-03 23:00 - 00260272 _____ () C:\cmldr
2015-05-16 06:34 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-16 06:34 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-16 06:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-16 06:31 - 2015-05-21 16:16 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-16 06:31 - 2015-05-20 09:55 - 00000000 ____D () C:\Qoobox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-24 09:19 - 2008-08-23 15:50 - 00000178 ___SH () C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
2015-05-24 09:03 - 2008-08-23 15:50 - 00000178 ___SH () C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
2015-05-24 09:03 - 2003-03-31 07:00 - 00013734 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-22 10:14 - 2008-08-23 15:56 - 00000178 ___SH () C:\Documents and Settings\walter pico.WALTERPICO179\ntuser.ini
2015-05-21 20:52 - 2008-08-27 23:41 - 00013104 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-21 20:08 - 2008-08-23 15:56 - 00000792 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Windows Media Player.lnk
2015-05-21 20:08 - 2003-03-31 07:00 - 00000567 _____ () C:\WINDOWS\win.ini
2015-05-21 16:15 - 2008-08-23 10:35 - 00095072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-21 16:08 - 2008-08-23 15:50 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY
2015-05-21 16:08 - 2008-08-23 10:36 - 00521064 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-21 14:57 - 2008-08-31 11:56 - 00006587 _____ () C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log
2015-05-21 14:55 - 2008-08-23 15:56 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179
2015-05-21 14:52 - 2003-03-31 07:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe
2015-05-21 08:02 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\security
2015-05-21 07:10 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Help
2015-05-21 07:03 - 2008-08-23 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-21 07:03 - 2008-08-23 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-20 19:46 - 2008-08-23 10:33 - 00001024 _____ () C:\WINDOWS\system32\config\userdiff.LOG
2015-05-20 19:44 - 2008-08-23 15:50 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY
2015-05-20 19:44 - 2008-08-23 10:35 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS
2015-05-20 19:42 - 2004-10-13 12:12 - 00000000 ____D () C:\Documents and Settings\tiersa
2015-05-20 19:42 - 2004-10-07 10:27 - 00000000 ____D () C:\Documents and Settings\Walter Pico
2015-05-20 09:55 - 2008-08-23 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
2015-05-20 07:37 - 2008-08-27 01:33 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\UserData
2015-05-20 07:37 - 2008-08-23 16:46 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\WINDOWS
2015-05-20 07:37 - 2006-02-21 23:47 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\Google
2015-05-20 07:37 - 2005-11-16 18:11 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\You've Got Pictures Screensaver
2015-05-20 07:37 - 2004-11-01 21:09 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\Adobe
2015-05-20 07:37 - 2004-10-16 19:13 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Desktop\New Briefcase
2015-05-20 07:37 - 2004-10-13 11:19 - 00000000 ____D () C:\Documents and Settings\Walter Pico\My Documents\My Games
2015-05-20 07:37 - 2004-10-07 12:21 - 00000000 ____D () C:\Documents and Settings\Walter Pico\My Documents\NeroVision
2015-05-20 07:37 - 2004-10-07 11:52 - 00000000 ____D () C:\Documents and Settings\Walter Pico\UserData
2015-05-20 07:37 - 2004-10-07 10:56 - 00000000 ____D () C:\Documents and Settings\Walter Pico\WINDOWS
2015-05-20 07:37 - 2004-10-07 10:27 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Local Settings\Temp
2015-05-20 07:36 - 2008-08-31 11:57 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Google
2015-05-20 07:36 - 2008-08-23 16:51 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\InterTrust
2015-05-20 07:36 - 2005-02-09 21:46 - 00000000 ____D () C:\Documents and Settings\tiersa\WINDOWS
2015-05-20 07:36 - 2004-10-13 12:12 - 00000000 ____D () C:\Documents and Settings\tiersa\Local Settings\Temp
2015-05-20 04:32 - 2004-10-07 10:52 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-05-20 02:59 - 2003-03-31 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-19 14:27 - 2004-10-07 10:57 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-05-19 13:47 - 2008-10-15 16:51 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-05-19 01:08 - 2004-10-07 10:17 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-05-18 18:52 - 2005-02-12 19:20 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-18 17:47 - 2004-10-13 11:54 - 00000000 ____D () C:\WINDOWS\$hf_mig$
2015-05-17 13:06 - 2004-10-07 11:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-17 12:23 - 2005-01-30 23:17 - 00000000 ____D () C:\Program Files\Java
2015-05-17 12:22 - 2005-01-30 23:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-17 12:21 - 2008-08-31 11:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-17 12:17 - 2004-10-07 10:18 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 08:18 - 2008-08-23 15:45 - 00000006 _____ () C:\WINDOWS\Tasks\SA.DAT
2015-05-17 06:45 - 2008-08-27 01:16 - 00324465 _____ () C:\Program Files\INSTALL.LOG
2015-05-17 06:44 - 2008-08-30 17:01 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Move Networks
2015-05-17 06:25 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Ahead
2015-05-17 06:24 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2015-05-17 06:17 - 2008-08-23 16:51 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Adobe
2015-05-17 06:17 - 2004-10-27 16:38 - 00000000 ____D () C:\Program Files\Adobe
2015-05-17 03:37 - 2008-08-23 15:56 - 00000803 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Internet Explorer.lnk
2015-05-17 03:36 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Media
2015-05-17 03:13 - 2008-08-28 21:33 - 00215046 _____ () C:\WINDOWS\system32\TZLog.log
2015-05-16 10:15 - 2008-08-23 15:56 - 00001599 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Remote Assistance.lnk
2015-05-16 06:38 - 2004-10-07 05:00 - 00000327 __RSH () C:\boot.ini
2015-04-30 10:07 - 2008-08-27 23:46 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2008-08-27 01:16 - 2015-05-17 06:45 - 0324465 _____ () C:\Program Files\INSTALL.LOG
2008-10-14 12:58 - 2008-10-14 16:36 - 0004608 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Documents and Settings\tiersa\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\insmac2k.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\InstHelp.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\instph.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\Luninst.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\mny2F8A.exe
C:\Documents and Settings\Walter Pico\Local Settings\Temp\ocpchk.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\QTInstallerHelper.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\SPR2F88.EXE
C:\Documents and Settings\Walter Pico\Local Settings\Temp\_tfEEA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe is missing <==== ATTENTION!.
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End of log ============================


#4 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 24 May 2015 - 09:49 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015
Ran by walter pico (administrator) on WALTERPICO179 on 24-05-2015 09:19:26
Running from G:\
Loaded Profiles: walter pico (Available Profiles: walter pico)
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -osint -url "%1")
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS\system32\utilman.exe
(Microsoft Corporation) C:\WINDOWS\system32\osk.exe
(Microsoft Corporation) C:\WINDOWS\system32\msswchx.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_45\bin\jusched.exe"
HKLM\...\Run: [ATIPTA] => C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE [335872 2003-08-29] (ATI Technologies, Inc.)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6276888 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [system restore] => C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Computer Management.lnk [1602 2015-05-21] ()
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\MountPoints2: {87bd2f46-fbc7-11e4-8dff-000c6eed51fa} - E:\Setup.exe
Startup: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Startup\Connection Manager.lnk [2006-02-21]
ShortcutTarget: Connection Manager.lnk -> C:\Program Files\BellSouth\Connection Manager\CManager.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET)
S2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
S2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S3 ClipSrv; %SystemRoot%\system32\clipsrv.exe [X]
S3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S4 RemoteAccess; %SystemRoot%\system32\svchost.exe -k netsvcs [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 asuskbnt; C:\WINDOWS\System32\drivers\asuskbnt.sys [17246 2003-07-21] (ASUSTeK COMPUTER INC.)
S1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
S1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
S2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [176448 2015-01-30] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39464 2015-01-30] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [63160 2015-01-30] (ESET)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-04-23] (VIA Technologies, Inc.              )
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NTSIM; C:\WINDOWS\System32\ntsim.sys [7040 2003-04-09] (VIA Networking, Inc.                    )
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-01-22] (Padus, Inc.)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
S3 Video3D; C:\WINDOWS\System32\Drivers\Video3D.sys [32732 2003-05-23] (ASUSTeK COMPUTER INC.)
S3 Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [917988 2002-04-30] (Conexant)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-22 04:11 - 2015-05-22 04:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\CyberLink
2015-05-21 22:09 - 2015-05-21 22:10 - 00000000 ___SD () C:\cf8675309
2015-05-21 21:09 - 2015-05-22 10:14 - 00005710 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-21 21:04 - 2015-05-22 07:36 - 00143297 _____ () C:\WINDOWS\setupapi.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00036005 _____ () C:\WINDOWS\spuninst.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00002359 _____ () C:\WINDOWS\tsoc.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00002021 _____ () C:\WINDOWS\comsetup.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00001230 _____ () C:\WINDOWS\ntdtcsetup.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00000966 _____ () C:\WINDOWS\iis6.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00002956 _____ () C:\WINDOWS\ocgen.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-05-21 20:58 - 2015-05-24 09:19 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Temp
2015-05-21 20:49 - 2015-05-21 20:49 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-05-21 16:08 - 2015-05-21 16:08 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Start Menu\Programs\Accessories
2015-05-21 16:08 - 2015-05-21 16:08 - 00000000 _____ () C:\av.mof
2015-05-21 15:57 - 2015-05-21 15:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY\IETldCache
2015-05-21 15:41 - 2015-05-21 15:48 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Tweaking.com - Windows Repair
2015-05-21 14:51 - 2015-05-21 14:51 - 00000346 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\startup.txt
2015-05-21 07:25 - 2015-05-21 07:31 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-05-21 07:18 - 2015-05-21 14:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-21 07:18 - 2015-05-21 07:18 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2015-05-21 07:18 - 2015-05-21 07:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-21 07:18 - 2015-05-21 07:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-21 05:06 - 2015-05-21 05:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Desktop\CC Support
2015-05-20 08:08 - 2015-05-20 08:08 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp
2015-05-20 08:05 - 2008-10-14 16:42 - 00266048 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ccebak
2015-05-20 07:40 - 2015-05-20 07:40 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2015-05-20 05:37 - 2015-05-21 21:09 - 00005126 _____ () C:\WINDOWS\CUAppUsage.Dat
2015-05-20 04:03 - 2015-05-20 04:03 - 00005570 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\FavThemeDragon.Theme
2015-05-20 02:40 - 2015-05-20 02:40 - 00000427 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to Downloads.lnk
2015-05-20 02:35 - 2015-05-20 02:35 - 00000787 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Comodo IceDragon.lnk
2015-05-20 02:12 - 2015-05-21 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo
2015-05-20 02:12 - 2015-05-21 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo
2015-05-20 02:12 - 2015-05-20 08:20 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Mozilla
2015-05-20 02:11 - 2015-05-21 21:11 - 00000000 ____D () C:\Program Files\Comodo
2015-05-20 02:11 - 2015-05-20 02:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Comodo
2015-05-20 02:11 - 2015-05-20 02:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Comodo
2015-05-20 02:10 - 2015-05-20 02:10 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2015-05-20 02:10 - 2015-05-20 02:10 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc71.dll
2015-05-20 02:10 - 2015-05-20 02:10 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2015-05-20 01:31 - 2015-05-20 01:31 - 23732069 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\cce_2.5.242177.201_x32.zip
2015-05-19 14:27 - 2007-08-10 20:46 - 00017272 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-05-19 14:21 - 2015-05-19 14:21 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2015-05-19 12:30 - 2015-05-19 12:30 - 00000000 ____D () C:\RegBackup
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Program Files\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-19 06:17 - 2015-05-19 06:19 - 00021057 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Addition.txt
2015-05-19 06:16 - 2015-05-24 09:19 - 00000000 ____D () C:\FRST
2015-05-19 06:16 - 2015-05-19 06:19 - 00039909 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FRST.txt
2015-05-19 04:35 - 2015-05-21 05:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-21 05:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-21 05:27 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000754 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SpywareBlaster.lnk
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSSTDFMT.DLL
2015-05-19 02:56 - 2015-05-19 02:56 - 00000000 ____D () C:\Program Files\Belarc
2015-05-19 02:56 - 2013-09-10 19:25 - 00003840 _____ () C:\WINDOWS\system32\Drivers\BANTExt.sys
2015-05-19 00:46 - 2014-08-18 12:17 - 00265376 _____ (Foolish IT LLC) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\BootSafe.exe
2015-05-19 00:46 - 2014-07-31 23:59 - 00441488 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\D7_Browser.exe
2015-05-18 18:10 - 2015-05-20 08:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\ESET
2015-05-18 18:10 - 2015-05-18 18:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\ESET
2015-05-18 18:09 - 2015-05-18 18:09 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ESET
2015-05-18 18:09 - 2015-01-30 16:13 - 00039464 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwndis.sys
2015-05-18 17:56 - 2015-05-18 17:58 - 00000000 ____D () C:\WINSSLog
2015-05-18 17:48 - 2015-05-18 17:48 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB955759$
2015-05-17 12:44 - 2015-05-21 22:05 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:21 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:17 - 2015-05-21 14:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-17 12:17 - 2015-05-17 12:17 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-17 12:17 - 2015-05-17 12:17 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-17 11:18 - 2015-05-21 21:50 - 00000340 _____ () C:\WINDOWS\Tasks\UninstallMonitor.job
2015-05-17 11:09 - 2015-05-20 07:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 11:09 - 2015-05-20 07:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 07:30 - 2015-05-21 17:48 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\backups
2015-05-17 06:39 - 2015-05-17 06:39 - 00000172 _____ () C:\UnInstall.dat
2015-05-17 06:35 - 2015-05-21 21:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-17 06:35 - 2015-05-21 19:09 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00002076 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Common Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2014-03-07 10:25 - 00042496 _____ () C:\WINDOWS\system32\AdvUninstCPL.cpl
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2900986$
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2345886$
2015-05-17 04:54 - 2015-05-17 04:54 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB970430$
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\0fdecc0d6dc190c411e430792fc036ac
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-05-17 04:23 - 2008-07-06 05:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-05-17 04:06 - 2015-05-17 04:06 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\IECompatCache
2015-05-17 04:05 - 2015-05-17 04:05 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\PrivacIE
2015-05-17 03:47 - 2015-05-17 04:42 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2015-05-17 03:42 - 2015-05-17 03:42 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 __SHD () C:\Documents and Settings\walter pico.WALTERPICO179\IETldCache
2015-05-17 03:32 - 2015-05-17 03:32 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2467659$
2015-05-17 03:32 - 2014-02-05 18:26 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-05-17 03:32 - 2011-08-16 05:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-17 03:30 - 2014-02-05 18:26 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-05-17 03:27 - 2015-05-17 03:29 - 00000000 ___DC () C:\WINDOWS\ie8
2015-05-17 03:13 - 2015-05-17 03:13 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2904266$
2015-05-17 02:48 - 2015-02-06 09:00 - 02398079 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7II_Core_v3.zip
2015-05-17 02:47 - 2015-02-06 09:17 - 07792813 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7.zip
2015-05-17 02:41 - 2015-05-17 02:41 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\PCHealth
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-05-16 13:13 - 2015-05-16 01:36 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\HijackThis.exe
2015-05-16 12:33 - 2015-05-16 12:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB971029$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2934207$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2749655$
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB975467$
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB968389$
2015-05-16 11:35 - 2009-11-21 10:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2015-05-16 11:35 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-05-16 10:18 - 2015-05-21 04:57 - 00264100 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Rkill.txt
2015-05-16 07:41 - 2010-03-23 14:53 - 00226592 _____ (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-05-16 07:41 - 2010-03-23 14:53 - 00013931 _____ () C:\WINDOWS\system32\RaCoInst.dat
2015-05-16 06:38 - 2015-05-16 06:38 - 00000000 ____D () C:\cmdcons
2015-05-16 06:38 - 2008-10-15 16:31 - 00000211 _____ () C:\Boot.bak
2015-05-16 06:38 - 2004-08-03 23:00 - 00260272 _____ () C:\cmldr
2015-05-16 06:34 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-16 06:34 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-16 06:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-16 06:31 - 2015-05-21 16:16 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-16 06:31 - 2015-05-20 09:55 - 00000000 ____D () C:\Qoobox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-24 09:19 - 2008-08-23 15:50 - 00000178 ___SH () C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
2015-05-24 09:03 - 2008-08-23 15:50 - 00000178 ___SH () C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
2015-05-24 09:03 - 2003-03-31 07:00 - 00013734 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-22 10:14 - 2008-08-23 15:56 - 00000178 ___SH () C:\Documents and Settings\walter pico.WALTERPICO179\ntuser.ini
2015-05-21 20:52 - 2008-08-27 23:41 - 00013104 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-21 20:08 - 2008-08-23 15:56 - 00000792 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Windows Media Player.lnk
2015-05-21 20:08 - 2003-03-31 07:00 - 00000567 _____ () C:\WINDOWS\win.ini
2015-05-21 16:15 - 2008-08-23 10:35 - 00095072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-21 16:08 - 2008-08-23 15:50 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY
2015-05-21 16:08 - 2008-08-23 10:36 - 00521064 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-21 14:57 - 2008-08-31 11:56 - 00006587 _____ () C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log
2015-05-21 14:55 - 2008-08-23 15:56 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179
2015-05-21 14:52 - 2003-03-31 07:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe
2015-05-21 08:02 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\security
2015-05-21 07:10 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Help
2015-05-21 07:03 - 2008-08-23 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-21 07:03 - 2008-08-23 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-20 19:46 - 2008-08-23 10:33 - 00001024 _____ () C:\WINDOWS\system32\config\userdiff.LOG
2015-05-20 19:44 - 2008-08-23 15:50 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY
2015-05-20 19:44 - 2008-08-23 10:35 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS
2015-05-20 19:42 - 2004-10-13 12:12 - 00000000 ____D () C:\Documents and Settings\tiersa
2015-05-20 19:42 - 2004-10-07 10:27 - 00000000 ____D () C:\Documents and Settings\Walter Pico
2015-05-20 09:55 - 2008-08-23 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
2015-05-20 07:37 - 2008-08-27 01:33 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\UserData
2015-05-20 07:37 - 2008-08-23 16:46 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\WINDOWS
2015-05-20 07:37 - 2006-02-21 23:47 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\Google
2015-05-20 07:37 - 2005-11-16 18:11 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\You've Got Pictures Screensaver
2015-05-20 07:37 - 2004-11-01 21:09 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\Adobe
2015-05-20 07:37 - 2004-10-16 19:13 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Desktop\New Briefcase
2015-05-20 07:37 - 2004-10-13 11:19 - 00000000 ____D () C:\Documents and Settings\Walter Pico\My Documents\My Games
2015-05-20 07:37 - 2004-10-07 12:21 - 00000000 ____D () C:\Documents and Settings\Walter Pico\My Documents\NeroVision
2015-05-20 07:37 - 2004-10-07 11:52 - 00000000 ____D () C:\Documents and Settings\Walter Pico\UserData
2015-05-20 07:37 - 2004-10-07 10:56 - 00000000 ____D () C:\Documents and Settings\Walter Pico\WINDOWS
2015-05-20 07:37 - 2004-10-07 10:27 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Local Settings\Temp
2015-05-20 07:36 - 2008-08-31 11:57 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Google
2015-05-20 07:36 - 2008-08-23 16:51 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\InterTrust
2015-05-20 07:36 - 2005-02-09 21:46 - 00000000 ____D () C:\Documents and Settings\tiersa\WINDOWS
2015-05-20 07:36 - 2004-10-13 12:12 - 00000000 ____D () C:\Documents and Settings\tiersa\Local Settings\Temp
2015-05-20 04:32 - 2004-10-07 10:52 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-05-20 02:59 - 2003-03-31 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-19 14:27 - 2004-10-07 10:57 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-05-19 13:47 - 2008-10-15 16:51 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-05-19 01:08 - 2004-10-07 10:17 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-05-18 18:52 - 2005-02-12 19:20 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-18 17:47 - 2004-10-13 11:54 - 00000000 ____D () C:\WINDOWS\$hf_mig$
2015-05-17 13:06 - 2004-10-07 11:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-17 12:23 - 2005-01-30 23:17 - 00000000 ____D () C:\Program Files\Java
2015-05-17 12:22 - 2005-01-30 23:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-17 12:21 - 2008-08-31 11:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-17 12:17 - 2004-10-07 10:18 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 08:18 - 2008-08-23 15:45 - 00000006 _____ () C:\WINDOWS\Tasks\SA.DAT
2015-05-17 06:45 - 2008-08-27 01:16 - 00324465 _____ () C:\Program Files\INSTALL.LOG
2015-05-17 06:44 - 2008-08-30 17:01 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Move Networks
2015-05-17 06:25 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Ahead
2015-05-17 06:24 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2015-05-17 06:17 - 2008-08-23 16:51 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Adobe
2015-05-17 06:17 - 2004-10-27 16:38 - 00000000 ____D () C:\Program Files\Adobe
2015-05-17 03:37 - 2008-08-23 15:56 - 00000803 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Internet Explorer.lnk
2015-05-17 03:36 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Media
2015-05-17 03:13 - 2008-08-28 21:33 - 00215046 _____ () C:\WINDOWS\system32\TZLog.log
2015-05-16 10:15 - 2008-08-23 15:56 - 00001599 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Remote Assistance.lnk
2015-05-16 06:38 - 2004-10-07 05:00 - 00000327 __RSH () C:\boot.ini
2015-04-30 10:07 - 2008-08-27 23:46 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2008-08-27 01:16 - 2015-05-17 06:45 - 0324465 _____ () C:\Program Files\INSTALL.LOG
2008-10-14 12:58 - 2008-10-14 16:36 - 0004608 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Documents and Settings\tiersa\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\insmac2k.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\InstHelp.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\instph.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\Luninst.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\mny2F8A.exe
C:\Documents and Settings\Walter Pico\Local Settings\Temp\ocpchk.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\QTInstallerHelper.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\SPR2F88.EXE
C:\Documents and Settings\Walter Pico\Local Settings\Temp\_tfEEA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe is missing <==== ATTENTION!.
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End of log ============================


#5 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 PM

Posted 28 May 2015 - 05:47 PM

Hi,

 

Before we start cleaning up any malware related issues, I see your svchost.exe copy has been deleted some way. This file is actually functioning as some kind of 'shell' in which other processes can run. This possibly causes the problems like not being able to open your anti-virus software etc.

 

Please do the following:

  • Boot into [url=http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#winxo]Safe Mode[/color] (please use the "F8 Method" as described in the linked article).

  • Now click Start Menu > Run (or press Windows Key + R). A process execute window will open.

  • In the window that opens, type: cmd and press ENTER key.

  • Command Prompt will now open.

    • Type the following command and press ENTER:

      cd c:\i386

    • Then continue doing the same with this command:

      expand svchost.ex_ c:\windows\system32\svchost.exe

  • When done, please reboot your PC and boot into Normal mode.

 

Now please tell me if you can access your programs again. Also please do a new, fresh scan with FRST (make sure "Addition.txt" is checked) and post both logfiles (FRST.txt and Addition.txt) into your next reply.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#6 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 30 May 2015 - 02:42 AM

Hello Black_Bird, Thanks again for quick response. Sincerely appreciate your help. Back in town, but have to leave again this morning. At the desktop now. Have time to type the following commands as you instructed me to do.

 

cd c:\i386   enter

 

then I continued doing the same

 

expand svchost.ex_ c:\windows\system32\svchost.exe

 

I pressed Alt + F4  to quit application of the current window and then had to press the power button to turn computer off and then back on again to boot back up in normal mode.  I do not have use of my mouse either. That happened when I tried to uninstall SP3. I used my friends laptop (same one I am borrowing now) to access and write down some important command prompts, tab management, windows management, web browser, text editing, browser/go menu, user interface navigation widgets & controls, accessibility and some keyboard short cuts. I'm not very good with using them, have had this problem only once in the past with a different system that was also running Windows XP Home Ed, I believe it happened when I tried to uninstall SP3 just to reinstall it just as I did with my desktop that has similar problems now. ok, now I am going to try to run a fresh scan with FRST for you. I found that the only way to do it on the desktop with problems is to use a flashdrive with a copy of FRST program on it, run it then save results to flashdrive and then use this laptop to copy & paste results here for you. So here we go :)  It will take me a little bit since I am not good without use of mouse.



#7 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 30 May 2015 - 04:20 AM

ok, think I finally got it for you here Black_Bird

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by walter pico (administrator) on WALTERPICO179 on 30-05-2015 02:48:49
Running from F:\
Loaded Profiles: walter pico (Available Profiles: walter pico)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_45\bin\jusched.exe"
HKLM\...\Run: [ATIPTA] => C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE [335872 2003-08-29] (ATI Technologies, Inc.)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6276888 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [system restore] => C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Computer Management.lnk [1602 2015-05-21] ()
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\MountPoints2: {87bd2f46-fbc7-11e4-8dff-000c6eed51fa} - E:\Setup.exe
Startup: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Startup\Connection Manager.lnk [2006-02-21]
ShortcutTarget: Connection Manager.lnk -> C:\Program Files\BellSouth\Connection Manager\CManager.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKU\S-1-5-21-1275210071-1060284298-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [77824 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [399360 2008-04-13] (Microsoft Corporation) [File not signed]
S2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET) [File not signed]
S2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [108544 2008-04-13] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
S4 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
S2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
S2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S2 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [108544 2008-04-13] (Microsoft Corporation) [File not signed]
S2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\system32\svchost.exe [12800 2001-08-17] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [399360 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\System32\rsvp.exe [132608 2003-03-31] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
S2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [57856 2008-04-13] (Microsoft Corporation) [File not signed]
S2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R2 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
S2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
S2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S3 ClipSrv; %SystemRoot%\system32\clipsrv.exe [X]
S3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
R3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [4816 2002-04-01] (Andrea Electronics Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2008-08-14] (Microsoft Corporation) [File not signed]
R1 AmdK7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [37760 2008-04-13] (Microsoft Corporation) [File not signed]
R1 asuskbnt; C:\WINDOWS\System32\drivers\asuskbnt.sys [17246 2003-07-21] (ASUSTeK COMPUTER INC.) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [594432 2003-08-12] (ATI Technologies Inc.) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2003-03-31] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET) [File not signed]
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET) [File not signed]
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [176448 2015-01-30] (ESET) [File not signed]
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39464 2015-01-30] (ESET) [File not signed]
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [63160 2015-01-30] (ESET) [File not signed]
S3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              ) [File not signed]
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              ) [File not signed]
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              ) [File not signed]
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-04-23] (VIA Technologies, Inc.              ) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2003-03-31] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2003-03-31] (Microsoft Corporation) [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
R2 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2003-03-31] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [9855 2001-10-22] (Conexant) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2003-03-31] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MODEMCSA; C:\WINDOWS\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456576 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105344 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10112 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NTSIM; C:\WINDOWS\System32\ntsim.sys [7040 2003-04-09] (VIA Networking, Inc.                    ) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2003-03-31] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2003-03-31] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2003-03-31] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2003-03-31] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-01-22] (Padus, Inc.) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2003-03-31] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2003-03-31] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2003-03-31] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2003-03-31] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [578368 2003-07-15] (Analog Devices, Inc.) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357248 2010-08-26] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
S3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Video3D; C:\WINDOWS\System32\Drivers\Video3D.sys [32732 2003-05-23] (ASUSTeK COMPUTER INC.) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
S3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [917988 2002-04-30] (Conexant) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2003-03-31] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [12800 2001-08-17] (Microsoft Corporation) [File not signed]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 01:53 - 2015-05-30 01:53 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-05-30 01:52 - 2015-05-30 01:52 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-30 01:52 - 2015-05-30 01:52 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-05-30 01:51 - 2015-05-30 01:53 - 00000917 _____ () C:\WINDOWS\spupdsvc.log
2015-05-30 01:49 - 2015-05-30 01:49 - 00000354 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-30 01:45 - 2001-08-17 22:36 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2015-05-22 04:11 - 2015-05-22 04:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\CyberLink
2015-05-21 22:09 - 2015-05-21 22:10 - 00000000 ___SD () C:\cf8675309
2015-05-21 21:09 - 2015-05-30 02:40 - 00006933 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-21 21:04 - 2015-05-22 07:36 - 00143297 _____ () C:\WINDOWS\setupapi.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00036005 _____ () C:\WINDOWS\spuninst.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00002359 _____ () C:\WINDOWS\tsoc.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00002021 _____ () C:\WINDOWS\comsetup.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00001230 _____ () C:\WINDOWS\ntdtcsetup.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00000966 _____ () C:\WINDOWS\iis6.log
2015-05-21 21:04 - 2015-05-21 21:09 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00002956 _____ () C:\WINDOWS\ocgen.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-21 21:04 - 2015-05-21 21:04 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-05-21 20:58 - 2015-05-30 02:49 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Temp
2015-05-21 20:49 - 2015-05-21 20:49 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-05-21 16:08 - 2015-05-21 16:08 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Start Menu\Programs\Accessories
2015-05-21 16:08 - 2015-05-21 16:08 - 00000000 _____ () C:\av.mof
2015-05-21 15:57 - 2015-05-21 15:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY\IETldCache
2015-05-21 15:41 - 2015-05-21 15:48 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Tweaking.com - Windows Repair
2015-05-21 14:51 - 2015-05-21 14:51 - 00000346 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\startup.txt
2015-05-21 07:25 - 2015-05-21 07:31 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-05-21 07:18 - 2015-05-21 14:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-21 07:18 - 2015-05-21 07:18 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2015-05-21 07:18 - 2015-05-21 07:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-21 07:18 - 2015-05-21 07:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-21 05:06 - 2015-05-21 05:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Desktop\CC Support
2015-05-20 08:08 - 2015-05-20 08:08 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp
2015-05-20 08:05 - 2008-10-14 16:42 - 00266048 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ccebak
2015-05-20 07:40 - 2015-05-20 07:40 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2015-05-20 05:37 - 2015-05-21 21:09 - 00005126 _____ () C:\WINDOWS\CUAppUsage.Dat
2015-05-20 04:03 - 2015-05-20 04:03 - 00005570 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\FavThemeDragon.Theme
2015-05-20 02:40 - 2015-05-20 02:40 - 00000427 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to Downloads.lnk
2015-05-20 02:35 - 2015-05-20 02:35 - 00000787 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Comodo IceDragon.lnk
2015-05-20 02:12 - 2015-05-21 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo
2015-05-20 02:12 - 2015-05-21 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo
2015-05-20 02:12 - 2015-05-20 08:20 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Mozilla
2015-05-20 02:11 - 2015-05-21 21:11 - 00000000 ____D () C:\Program Files\Comodo
2015-05-20 02:11 - 2015-05-20 02:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Comodo
2015-05-20 02:11 - 2015-05-20 02:11 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Comodo
2015-05-20 02:10 - 2015-05-20 02:10 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2015-05-20 02:10 - 2015-05-20 02:10 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc71.dll
2015-05-20 02:10 - 2015-05-20 02:10 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2015-05-20 01:31 - 2015-05-20 01:31 - 23732069 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\cce_2.5.242177.201_x32.zip
2015-05-19 14:27 - 2007-08-10 20:46 - 00017272 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-05-19 14:21 - 2015-05-19 14:21 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2015-05-19 12:30 - 2015-05-19 12:30 - 00000000 ____D () C:\RegBackup
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Program Files\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-19 09:19 - 2015-05-19 09:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2015-05-19 06:17 - 2015-05-19 06:19 - 00021057 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Addition.txt
2015-05-19 06:16 - 2015-05-30 02:48 - 00000000 ____D () C:\FRST
2015-05-19 06:16 - 2015-05-19 06:19 - 00039909 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FRST.txt
2015-05-19 04:35 - 2015-05-21 05:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-21 05:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-05-19 04:35 - 2015-05-21 05:27 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000754 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SpywareBlaster.lnk
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2015-05-19 04:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
2015-05-19 04:35 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSSTDFMT.DLL
2015-05-19 02:56 - 2015-05-19 02:56 - 00000000 ____D () C:\Program Files\Belarc
2015-05-19 02:56 - 2013-09-10 19:25 - 00003840 _____ () C:\WINDOWS\system32\Drivers\BANTExt.sys
2015-05-19 00:46 - 2014-08-18 12:17 - 00265376 _____ (Foolish IT LLC) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\BootSafe.exe
2015-05-19 00:46 - 2014-07-31 23:59 - 00441488 _____ (Foolish IT) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\D7_Browser.exe
2015-05-18 18:10 - 2015-05-20 08:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\ESET
2015-05-18 18:10 - 2015-05-18 18:10 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\ESET
2015-05-18 18:09 - 2015-05-18 18:09 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\ESET
2015-05-18 18:09 - 2015-01-30 16:13 - 00039464 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwndis.sys
2015-05-18 17:56 - 2015-05-18 17:58 - 00000000 ____D () C:\WINSSLog
2015-05-18 17:48 - 2015-05-18 17:48 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB955759$
2015-05-17 12:44 - 2015-05-21 22:05 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:22 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2015-05-17 12:22 - 2015-05-17 12:21 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:21 - 2015-05-17 12:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
2015-05-17 12:17 - 2015-05-30 01:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-17 12:17 - 2015-05-17 12:17 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-17 12:17 - 2015-05-17 12:17 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-17 11:18 - 2015-05-30 01:53 - 00000340 _____ () C:\WINDOWS\Tasks\UninstallMonitor.job
2015-05-17 11:09 - 2015-05-20 07:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 11:09 - 2015-05-20 07:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2015-05-17 07:30 - 2015-05-21 17:48 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\backups
2015-05-17 06:39 - 2015-05-17 06:39 - 00000172 _____ () C:\UnInstall.dat
2015-05-17 06:35 - 2015-05-21 21:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-17 06:35 - 2015-05-21 19:09 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2015-05-17 06:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\VS Revo Group
2015-05-17 06:35 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-20 17:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00002076 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00001954 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Program Files\Common Files\Innovative Solutions
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2015-05-17 06:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO
2015-05-17 06:08 - 2014-03-07 10:25 - 00042496 _____ () C:\WINDOWS\system32\AdvUninstCPL.cpl
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:41 - 2015-05-17 05:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2900986$
2015-05-17 05:08 - 2015-05-17 05:08 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2345886$
2015-05-17 04:54 - 2015-05-17 04:54 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB970430$
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-05-17 04:24 - 2015-05-17 04:24 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-17 04:23 - 2015-05-17 04:23 - 00000000 ____D () C:\0fdecc0d6dc190c411e430792fc036ac
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 01676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-05-17 04:23 - 2008-07-06 07:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-05-17 04:23 - 2008-07-06 05:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-05-17 04:06 - 2015-05-17 04:06 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\IECompatCache
2015-05-17 04:05 - 2015-05-17 04:05 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\PrivacIE
2015-05-17 03:47 - 2015-05-17 04:42 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2015-05-17 03:42 - 2015-05-17 03:42 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 __SHD () C:\Documents and Settings\walter pico.WALTERPICO179\IETldCache
2015-05-17 03:32 - 2015-05-17 03:32 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2467659$
2015-05-17 03:32 - 2014-02-05 18:26 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-05-17 03:32 - 2011-08-16 05:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-17 03:30 - 2014-02-05 18:26 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-05-17 03:30 - 2014-02-05 18:26 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-05-17 03:27 - 2015-05-17 03:29 - 00000000 ___DC () C:\WINDOWS\ie8
2015-05-17 03:13 - 2015-05-17 03:13 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2904266$
2015-05-17 02:48 - 2015-02-06 09:00 - 02398079 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7II_Core_v3.zip
2015-05-17 02:47 - 2015-02-06 09:17 - 07792813 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\d7.zip
2015-05-17 02:41 - 2015-05-17 02:41 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\PCHealth
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-05-17 02:26 - 2008-04-13 19:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-05-16 13:13 - 2015-05-16 01:36 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\HijackThis.exe
2015-05-16 12:33 - 2015-05-16 12:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB971029$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2934207$
2015-05-16 12:25 - 2015-05-16 12:25 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2749655$
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB975467$
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB968389$
2015-05-16 11:35 - 2009-11-21 10:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2015-05-16 11:35 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-05-16 11:30 - 2014-02-25 20:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-05-16 10:18 - 2015-05-21 04:57 - 00264100 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Rkill.txt
2015-05-16 07:41 - 2010-03-23 14:53 - 00226592 _____ (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-05-16 07:41 - 2010-03-23 14:53 - 00013931 _____ () C:\WINDOWS\system32\RaCoInst.dat
2015-05-16 06:38 - 2015-05-16 06:38 - 00000000 ____D () C:\cmdcons
2015-05-16 06:38 - 2008-10-15 16:31 - 00000211 _____ () C:\Boot.bak
2015-05-16 06:38 - 2004-08-03 23:00 - 00260272 _____ () C:\cmldr
2015-05-16 06:34 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-16 06:34 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-16 06:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-16 06:34 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-16 06:31 - 2015-05-21 16:16 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-16 06:31 - 2015-05-20 09:55 - 00000000 ____D () C:\Qoobox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 01:58 - 2008-08-23 10:36 - 00521064 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-30 01:53 - 2008-08-23 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-30 01:48 - 2008-08-23 15:56 - 00000178 ___SH () C:\Documents and Settings\walter pico.WALTERPICO179\ntuser.ini
2015-05-30 01:33 - 2008-08-23 15:50 - 00000178 ___SH () C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
2015-05-30 01:33 - 2008-08-23 15:50 - 00000178 ___SH () C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
2015-05-30 01:23 - 2003-03-31 07:00 - 00013734 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-21 20:52 - 2008-08-27 23:41 - 00013104 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-21 20:08 - 2008-08-23 15:56 - 00000792 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Windows Media Player.lnk
2015-05-21 20:08 - 2003-03-31 07:00 - 00000567 _____ () C:\WINDOWS\win.ini
2015-05-21 16:15 - 2008-08-23 10:35 - 00095072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-21 16:08 - 2008-08-23 15:50 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY
2015-05-21 14:57 - 2008-08-31 11:56 - 00006587 _____ () C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log
2015-05-21 14:55 - 2008-08-23 15:56 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179
2015-05-21 14:52 - 2003-03-31 07:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe
2015-05-21 08:02 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\security
2015-05-21 07:10 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Help
2015-05-21 07:03 - 2008-08-23 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-21 07:03 - 2008-08-23 15:41 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
2015-05-20 19:46 - 2008-08-23 10:33 - 00001024 _____ () C:\WINDOWS\system32\config\userdiff.LOG
2015-05-20 19:44 - 2008-08-23 15:50 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY
2015-05-20 19:44 - 2008-08-23 10:35 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS
2015-05-20 19:42 - 2004-10-13 12:12 - 00000000 ____D () C:\Documents and Settings\tiersa
2015-05-20 19:42 - 2004-10-07 10:27 - 00000000 ____D () C:\Documents and Settings\Walter Pico
2015-05-20 09:55 - 2008-08-23 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
2015-05-20 07:37 - 2008-08-27 01:33 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\UserData
2015-05-20 07:37 - 2008-08-23 16:46 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\WINDOWS
2015-05-20 07:37 - 2006-02-21 23:47 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\Google
2015-05-20 07:37 - 2005-11-16 18:11 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\You've Got Pictures Screensaver
2015-05-20 07:37 - 2004-11-01 21:09 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Application Data\Adobe
2015-05-20 07:37 - 2004-10-16 19:13 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Desktop\New Briefcase
2015-05-20 07:37 - 2004-10-13 11:19 - 00000000 ____D () C:\Documents and Settings\Walter Pico\My Documents\My Games
2015-05-20 07:37 - 2004-10-07 12:21 - 00000000 ____D () C:\Documents and Settings\Walter Pico\My Documents\NeroVision
2015-05-20 07:37 - 2004-10-07 11:52 - 00000000 ____D () C:\Documents and Settings\Walter Pico\UserData
2015-05-20 07:37 - 2004-10-07 10:56 - 00000000 ____D () C:\Documents and Settings\Walter Pico\WINDOWS
2015-05-20 07:37 - 2004-10-07 10:27 - 00000000 ____D () C:\Documents and Settings\Walter Pico\Local Settings\Temp
2015-05-20 07:36 - 2008-08-31 11:57 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Google
2015-05-20 07:36 - 2008-08-23 16:51 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\InterTrust
2015-05-20 07:36 - 2005-02-09 21:46 - 00000000 ____D () C:\Documents and Settings\tiersa\WINDOWS
2015-05-20 07:36 - 2004-10-13 12:12 - 00000000 ____D () C:\Documents and Settings\tiersa\Local Settings\Temp
2015-05-20 04:32 - 2004-10-07 10:52 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-05-20 02:59 - 2003-03-31 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-19 14:27 - 2004-10-07 10:57 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-05-19 13:47 - 2008-10-15 16:51 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-05-19 01:08 - 2004-10-07 10:17 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-05-18 18:52 - 2005-02-12 19:20 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-18 17:47 - 2004-10-13 11:54 - 00000000 ____D () C:\WINDOWS\$hf_mig$
2015-05-17 13:06 - 2004-10-07 11:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-17 12:23 - 2005-01-30 23:17 - 00000000 ____D () C:\Program Files\Java
2015-05-17 12:22 - 2005-01-30 23:16 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-17 12:21 - 2008-08-31 11:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-17 12:17 - 2004-10-07 10:18 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 10:23 - 2008-08-23 15:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
2015-05-17 06:45 - 2008-08-27 01:16 - 00324465 _____ () C:\Program Files\INSTALL.LOG
2015-05-17 06:44 - 2008-08-30 17:01 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Move Networks
2015-05-17 06:25 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Ahead
2015-05-17 06:24 - 2004-10-07 12:08 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2015-05-17 06:17 - 2008-08-23 16:51 - 00000000 ____D () C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Adobe
2015-05-17 06:17 - 2004-10-27 16:38 - 00000000 ____D () C:\Program Files\Adobe
2015-05-17 03:37 - 2008-08-23 15:56 - 00000803 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Internet Explorer.lnk
2015-05-17 03:36 - 2004-10-07 04:57 - 00000000 ____D () C:\WINDOWS\Media
2015-05-17 03:13 - 2008-08-28 21:33 - 00215046 _____ () C:\WINDOWS\system32\TZLog.log
2015-05-16 10:15 - 2008-08-23 15:56 - 00001599 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Remote Assistance.lnk
2015-05-16 06:38 - 2004-10-07 05:00 - 00000327 __RSH () C:\boot.ini
2015-04-30 10:07 - 2008-08-27 23:46 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2008-08-27 01:16 - 2015-05-17 06:45 - 0324465 _____ () C:\Program Files\INSTALL.LOG
2008-10-14 12:58 - 2008-10-14 16:36 - 0004608 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\tiersa\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\insmac2k.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\InstHelp.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\instph.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\Luninst.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\mny2F8A.exe
C:\Documents and Settings\Walter Pico\Local Settings\Temp\ocpchk.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\QTInstallerHelper.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\SPR2F88.EXE
C:\Documents and Settings\Walter Pico\Local Settings\Temp\_tfEEA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2015-05-30 01:45] - [2001-08-17 22:36] - 0012800 ____A (Microsoft Corporation) 0f7d9c87b0ce1fa520473119752c6f79     

C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End of log ============================

Attached Files



#8 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 30 May 2015 - 04:29 AM

If in case I did not copy and attach the Addition.txt correctly here it is

 

      
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by walter pico at 2015-05-30 02:49:51
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1275210071-1060284298-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1275210071-1060284298-839522115-1010 - Limited - Enabled)
Guest (S-1-5-21-1275210071-1060284298-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1275210071-1060284298-839522115-1000 - Limited - Disabled)
Mara (S-1-5-21-1275210071-1060284298-839522115-1011 - Administrator - Enabled)
SUPPORT_388945a0 (S-1-5-21-1275210071-1060284298-839522115-1002 - Limited - Disabled)
walter pico (S-1-5-21-1275210071-1060284298-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\walter pico.WALTERPICO179

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM\...\AU11_is1) (Version: 11.65.0.324 - Innovative Solutions)
AOpen FM56-PV Controllerless PCI Modem (HKLM\...\CXT10B6) (Version:  - )
ASUS Enhanced Display Driver (HKLM\...\InstallShield_{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}) (Version: 6.14.10.101 - ASUSTeK COMPUTER INC.)
ASUS Enhanced Display Driver (Version: 6.14.10.101 - ASUSTeK COMPUTER INC.) Hidden
ASUS Probe V2.20.08 (HKLM\...\ASUS Probe V2.20.08) (Version:  - )
ASUSDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1005 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5029 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 7.93.7-030829m-010959C-Asus - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Comodo IceDragon (HKLM\...\Comodo IceDragon) (Version: 26.0.0.2 - COMODO)
ESET Smart Security (HKLM\...\{D66C9F03-5F7C-4A4F-A4D0-7D04FCD426AE}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3663 - Analog Devices)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-05-2015 01:08:18 System Checkpoint
19-05-2015 04:40:52 D7 Automatic Restore Point
19-05-2015 04:41:11 D7 Automatic Restore Point
19-05-2015 04:42:03 D7 Automatic Restore Point
19-05-2015 04:43:22 ESET error kernel
19-05-2015 05:24:06 Revo Uninstaller Pro's restore point - att
19-05-2015 09:12:38 Removed ESET Smart Security
19-05-2015 13:52:31 Installed Windows Media Player 11
19-05-2015 14:27:25 Installed Windows XP Service Pack 3.
20-05-2015 04:30:23 Configured ASUS GameFace
20-05-2015 05:36:54 B4RestartDelServs&Drivers

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 07:00 - 2015-05-21 16:10 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\UninstallMonitor.job => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe

==================== Loaded Modules (Whitelisted) ==============

2003-03-31 07:00 - 2003-03-31 07:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2013-12-19 03:07 - 2013-12-19 03:07 - 01821384 _____ () C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
2015-04-01 14:51 - 2015-04-01 14:51 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Memory info ===========================

Processor: AMD Athlon™ Proswssor
Percentage of memory in use: 60%
Total physical RAM: 511.49 MB
Available physical RAM: 202.27 MB
Total Pagefile: 1249.64 MB
Available Pagefile: 993.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.24 GB) (Free:26.03 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (USB20FD) (Removable) (Total:7.61 GB) (Free:2.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 0000675F)
Partition 1: (Active) - (Size=37.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=07 NTFS)

==================== End of log ============================



#9 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 PM

Posted 30 May 2015 - 07:09 AM

Hi,

 

Let's clean up. :)

 

1. Please download to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!


2. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.


3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


4. Please remove fixlist.txt from your PC.

 

5. Download AdwCleaner and save it to your Desktop.

  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • When the program has started, click the Scan button and wait untill the scan has finished.
  • Make sure everything (on all tabs) is selected, and click the Clean button.
  • It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this.
  • After restart a logfile will appear. Please post the contents of that logfile in your next reply.


6. Please reboot your PC.

 

7. Uninstall Windows XP Service Pack 3.

  • Please follow-up the instructions for removing on this Microsoft Knowledge Base page. Use "method 1" (if that doesn't work, use method 2).

  • Reboot your PC afterwards.

  • When finished, please let me know if you succeeded in uninstalling the software.


8. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.

  • Please make sure "Addition.txt" and Shortcuts.txt are both checked.
  • Click Scan.
  • It will create 3 logfiles (FRST.txt, Addition.txt and Shortcuts.txt) in the same directory the tool is run. Please copy and paste them into your reply.


9. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt

  • AdwCleaner

  • Results of uninstalling Windows XP Service Pack 3
  • Farbar Recovery Scan Tool - regular scan + addition.txt + shortcuts.txt


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#10 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 PM

Posted 23 June 2015 - 07:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#11 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 PM

Posted 25 June 2015 - 05:55 PM

This topic has been re-opened at the request of the person who originally posted.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#12 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 28 June 2015 - 04:22 PM

Hello Black_Bird, I have use of the mouse on the infected computer but not the keyboard. Using the mouse made it so much easier for me to run fresh scans for you. It was the opposite last time I posted results for you, I had use of the keyboard but not the mouse. Well here they are...Rkill   FRST...Addition...Shortcut... 

 

Thank you for helping me with this. Please let me know if I need to post anything else for you.

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/28/2015 03:44:42 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Possibly Patched Files.
 
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic
 
 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic
 
 * Alerter [Missing Service]
 * mnmsrvc [Missing Service]
 * NetDDE [Missing Service]
 * NetDDEdsdm [Missing Service]
 * RDSessMgr [Missing Service]
 * SCardSvr [Missing Service]
 
 * RemoteAccess [Missing Parameters Key]
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\svchost.exe : 12,800 : 08/17/2001 10:36 PM : 0f7d9c87b0ce1fa520473119752c6f79 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\svchost.exe : 14,336 : 08/04/2004 02:56 AM : 8f078ae4ed187aaabc0a305146de6716 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\svchost.exe : 14,336 : 04/13/2008 07:12 PM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 06/28/2015 03:46:14 PM
Execution time: 0 hours(s), 1 minute(s), and 31 seconds(s)
 
 
 
 
 
 
Here is FRST results...
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015
Ran by walter pico (administrator) on WALTERPICO179 on 28-06-2015 15:49:36
Running from C:\Documents and Settings\walter pico.WALTERPICO179\Desktop
Loaded Profiles: walter pico (Available Profiles: walter pico)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_45\bin\jusched.exe"
HKLM\...\Run: [ATIPTA] => C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE [335872 2003-08-29] (ATI Technologies, Inc.)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6276888 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET) [File not signed]
S2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
S4 RemoteAccess; C:\WINDOWS\system32\svchost.exe [12800 2001-08-17] (Microsoft Corporation) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 asuskbnt; C:\WINDOWS\System32\drivers\asuskbnt.sys [17246 2003-07-21] (ASUSTeK COMPUTER INC.) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [176448 2015-01-30] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39464 2015-01-30] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [63160 2015-01-30] (ESET)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-06-25] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-04-23] (VIA Technologies, Inc.              )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NTSIM; C:\WINDOWS\System32\ntsim.sys [7040 2003-04-09] (VIA Networking, Inc.                    ) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-01-22] (Padus, Inc.) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
R3 Video3D; C:\WINDOWS\System32\Drivers\Video3D.sys [32732 2003-05-23] (ASUSTeK COMPUTER INC.) [File not signed]
R3 Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [917988 2002-04-30] (Conexant)
U5 Messenger; C:\WINDOWS\system32\svchost.exe [12800 2001-08-17] (Microsoft Corporation) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-28 15:49 - 2015-06-28 15:49 - 00007692 _____ C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FRST.txt
2015-06-28 15:44 - 2015-06-28 15:46 - 00004506 _____ C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Rkill.txt
2015-06-28 15:41 - 2015-06-28 15:37 - 01636352 _____ (Farbar) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\FRST.exe
2015-06-28 15:41 - 2015-06-28 15:36 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\rkill.exe
2015-06-28 15:40 - 2015-06-28 15:39 - 02244096 _____ C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\adwcleaner_4.207.exe
2015-06-28 15:19 - 2015-06-28 15:37 - 00000434 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{9865CAE9-0C4E-43B6-B069-E48D04522FE6}.job
2015-06-04 22:24 - 2015-06-04 22:51 - 00000000 ____D C:\AdwCleaner
2015-06-04 21:41 - 2015-06-04 21:41 - 00000384 _____ C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to AdwCleaner.exe.lnk
2015-06-04 20:48 - 2015-06-04 20:48 - 00000369 _____ C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to copy run this.lnk
2015-06-04 19:17 - 2015-06-04 19:17 - 00000362 _____ C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to FRST.exe.lnk
2015-05-30 01:53 - 2015-06-28 13:43 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-05-30 01:52 - 2015-06-28 13:41 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-05-30 01:52 - 2015-05-30 01:52 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-05-30 01:51 - 2015-05-30 01:53 - 00000917 _____ C:\WINDOWS\spupdsvc.log
2015-05-30 01:49 - 2015-06-28 13:41 - 00004622 _____ C:\WINDOWS\SchedLgU.Txt
2015-05-30 01:45 - 2001-08-17 22:36 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-28 15:49 - 2015-05-21 20:58 - 00000000 ____D C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Temp
2015-06-28 15:49 - 2015-05-19 06:16 - 00000000 ____D C:\FRST
2015-06-28 15:15 - 2015-05-21 21:04 - 00162861 _____ C:\WINDOWS\setupapi.log
2015-06-28 13:43 - 2008-08-23 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-28 13:41 - 2003-03-31 07:00 - 00013734 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-07 13:42 - 2015-05-21 21:09 - 00014271 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-07 13:42 - 2008-08-23 15:56 - 00000178 ___SH C:\Documents and Settings\walter pico.WALTERPICO179\ntuser.ini
2015-06-06 12:52 - 2015-05-21 21:04 - 00000075 _____ C:\WINDOWS\setupact.log
2015-06-04 22:53 - 2015-05-17 11:18 - 00000340 _____ C:\WINDOWS\Tasks\UninstallMonitor.job
2015-06-04 16:35 - 2008-08-30 16:07 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-05-30 01:58 - 2008-08-23 10:36 - 00521064 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-30 01:49 - 2015-05-17 12:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-30 01:33 - 2008-08-23 15:50 - 00000178 ___SH C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
2015-05-30 01:33 - 2008-08-23 15:50 - 00000178 ___SH C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
 
==================== Files in the root of some directories =======
 
2008-08-27 01:16 - 2015-05-17 06:45 - 0324465 _____ () C:\Program Files\INSTALL.LOG
2008-10-14 12:58 - 2008-10-14 16:36 - 0004608 _____ () C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Documents and Settings\tiersa\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\insmac2k.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\InstHelp.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\instph.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\Luninst.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\mny2F8A.exe
C:\Documents and Settings\Walter Pico\Local Settings\Temp\ocpchk.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\QTInstallerHelper.dll
C:\Documents and Settings\Walter Pico\Local Settings\Temp\SPR2F88.EXE
C:\Documents and Settings\Walter Pico\Local Settings\Temp\_tfEEA.exe
C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe
[2015-05-30 01:45] - [2001-08-17 22:36] - 0012800 ____A (Microsoft Corporation) 0f7d9c87b0ce1fa520473119752c6f79     
 
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================
 
 
Here is Shortcut.txt results...
 
Users shortcut scan result (x86) Version: 28-06-2015
Ran by walter pico at 2015-06-28 15:52:08
Running from C:\Documents and Settings\walter pico.WALTERPICO179\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\Documents and Settings\All Users\Start Menu\America Online 9.0.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\WinZip.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album 2.0 Starter Edition.lnk -> C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe (Adobe Systems Incorporated)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\SC_Reader_PM.ico (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Roxio PhotoSuite 5.lnk -> C:\Program Files\Roxio\PhotoSuite\RoxioPhotoSuite.exe (Roxio Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk -> C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\Help Manual.lnk -> C:\Program Files\WinZip\WINZIP.CHM ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\ReadMe.txt.lnk -> C:\Program Files\WinZip\README.TXT ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\What's New.lnk -> C:\Program Files\WinZip\WHATSNEW.TXT ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\WinZip 9.0 SR-1.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX\DLS Loader.lnk -> C:\Program Files\Analog Devices\SoundMAX\DLSLoader.exe (Analog Devices, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX\SoundMAX FAQs.lnk -> C:\Program Files\Analog Devices\SoundMAX\SMaxFAQ.htm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer Help.lnk -> C:\Program Files\Real\RealPlayer\realplay.hlp ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk -> C:\Program Files\Real\RealPlayer\playrlic.html ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk -> C:\Program Files\Real\RealPlayer\Readme.html ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer Setup.lnk -> C:\Program Files\Real\RealPlayer\Setup\setup.exe (RealNetworks, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer Subscription.lnk -> C:\Program Files\Real\RealPlayer\subs.url ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Read Me.lnk -> C:\Program Files\QuickTime\QuickTime Read Me.htm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Updater.lnk -> C:\Program Files\QuickTime\QuickTimeUpdater.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\WINDOWS\unvise32qt.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\Help and Support.lnk -> C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\LiveUpdate.lnk -> C:\Program Files\Symantec\LiveUpdate\LUALL.EXE (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\More Symantec Solutions.lnk -> C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\Norton AntiVirus.lnk -> C:\Program Files\Common Files\Symantec Shared\NMain.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\Quarantine and Restore.lnk -> C:\Program Files\Norton AntiVirus\qconsole.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\ReadMe.lnk -> C:\Program Files\Norton AntiVirus\README.TXT (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero StartSmart.lnk -> C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\User's Guides\Nero Cover Designer [English Manual].lnk -> C:\Program Files\Ahead\CoverDesigner\NeroCoverDesigner_eng.pdf (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\User's Guides\Nero Express [English Manual].lnk -> C:\Program Files\Ahead\Nero\NeroExpress_eng.pdf (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\User's Guides\Nero ShowTime [English Manual].lnk -> C:\Program Files\Ahead\Nero ShowTime\NeroShowTime_eng.pdf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\User's Guides\NeroVision Express [English Manual].lnk -> C:\Program Files\Ahead\NeroVision\NeroVisionExpress_ENG.pdf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\NeroVision Express 2 SE\Nero Cover Designer.lnk -> C:\Program Files\Ahead\CoverDesigner\CoverDes.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\NeroVision Express 2 SE\Nero ShowTime.lnk -> C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe (Ahead software AG)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\NeroVision Express 2 SE\NeroVision Express SE.lnk -> C:\Program Files\Ahead\NeroVision\NeroVision.exe (Ahead Software AG)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk -> C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero Toolkit\Nero DriveSpeed.lnk -> C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero Toolkit\Nero InfoTool.lnk -> C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero OEM\Nero Cover Designer.lnk -> C:\Program Files\Ahead\CoverDesigner\CoverDes.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero OEM\Nero Express.lnk -> C:\Program Files\Ahead\Nero\nero.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero Media Player\Nero Media Player.lnk -> C:\Program Files\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe (Ahead software)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MUSICMATCH\MUSICMATCH Jukebox.lnk -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Encarta\Encarta Encyclopedia 2000.lnk -> C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\Enc2000.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\Resource Center.lnk -> C:\Program Files\Logitech\Resource Center\ResCentr.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\MouseWare\MouseWare Help.lnk -> C:\Program Files\Logitech\MouseWare\help\MouseWare.chm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\MouseWare\MouseWare Readme.lnk -> C:\Program Files\Logitech\MouseWare\Readme.txt (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\iTouch\iTouch Configuration.lnk -> C:\Program Files\Logitech\iTouch\iTouchcf.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\iTouch\iTouch Help.lnk -> C:\Program Files\Logitech\iTouch\iTouch.chm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\iTouch\iTouch Readme.lnk -> C:\Program Files\Logitech\iTouch\Readme.txt (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk -> C:\WINDOWS\system32\freecell.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk -> C:\WINDOWS\system32\mshearts.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk -> C:\WINDOWS\system32\winmine.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk -> C:\Program Files\Windows NT\Pinball\pinball.exe (Cinematronics)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk -> C:\WINDOWS\system32\sol.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\WINDOWS\system32\spider.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Pro\Disc Wizard.lnk -> C:\Program Files\CyberLink\PowerDirector\DiscWizard.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Pro\Online Registration.lnk -> C:\Program Files\CyberLink\PowerDirector\OLREG.url (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Pro\Order & Upgrade.lnk -> C:\Program Files\CyberLink\PowerDirector\Order.htm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Pro\PowerDirector Pro Online Help.lnk -> C:\Program Files\CyberLink\PowerDirector\PowerDirector.chm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Pro\PowerDirector Pro.lnk -> C:\Program Files\CyberLink\PowerDirector\PowerDirector.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Pro\Readme.lnk -> C:\Program Files\CyberLink\PowerDirector\Readme.htm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Medi@Show\Medi@Show Help.lnk -> C:\Program Files\CyberLink\MediaShow\MDShow.hlp (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Medi@Show\Medi@Show Player.lnk -> C:\Program Files\CyberLink\MediaShow\Pack\Player.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Medi@Show\Medi@Show.lnk -> C:\Program Files\CyberLink\MediaShow\MediaShow.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Medi@Show\Order & Upgrade.lnk -> C:\Program Files\CyberLink\MediaShow\Order.htm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUSTek ASUSDVD\ASUSDVD Help.lnk -> C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.CHM ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUSTek ASUSDVD\ASUSDVD.lnk -> C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe (CyberLink Corp.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUSTek ASUSDVD\Readme.lnk -> C:\Program Files\ASUSTek\ASUSDVD\Readme.htm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUSTek ASUSDVD\System Diagnostic.lnk -> C:\Program Files\ASUSTek\ASUSDVD\cldma.exe (CyberLink Corp.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUS Utility\Probe V2.20.08.lnk -> C:\Program Files\ASUS\Probe\AsusProb.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUS\ASUSUpdate\ASUSUpdate.lnk -> C:\Program Files\ASUS\AsusUpdate\Update.exe (ASUSTek Computer Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUS\ASUS GameFace\ASUS GameFace.lnk -> C:\Program Files\ASUS\ASUS GameFace\GameFace.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUS\ASUS GameFace\Readme Chinese.lnk -> C:\Program Files\ASUS\ASUS GameFace\readme_c.htm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ASUS\ASUS GameFace\Readme English.lnk -> C:\Program Files\ASUS\ASUS GameFace\readme_e.htm (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AOL Computer Check-Up\Check My Computer Now.lnk -> C:\Program Files\AOL Computer Check-Up\ACCBrws.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AOL Computer Check-Up\Check-Up Help.lnk -> C:\Program Files\AOL Computer Check-Up\ACCBrws.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AOL Computer Check-Up\Check-Up Settings.lnk -> C:\Program Files\AOL Computer Check-Up\ACCBrws.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AOL Computer Check-Up\Enable Check-Up.lnk -> C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\America Online 9.0.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\AOL Broadband.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\AOL Search.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\AOL Spyware  Protection.lnk -> C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\My AOL.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\Radio @ AOL.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\Read Mail.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\Safety and Security.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\Send Instant Message.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\America Online\Sign on to AOL Now.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Download Manager\Adobe Download Manager.lnk -> C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe (Adobe Systems)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\system32\calc.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Security Center.lnk -> C:\WINDOWS\system32\wscui.cpl (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk -> C:\WINDOWS\system32\sndrec32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk -> C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk -> C:\Program Files\Windows NT\hypertrm.exe (Hilgraeve, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk -> C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Desktop\America Online.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk -> C:\Program Files\Common Files\Symantec Shared\NMain.exe (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk -> C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN Explorer.lnk -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster\SpywareBlaster Help.lnk -> C:\Program Files\SpywareBlaster\sbhelp.chm ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster\SpywareBlaster.lnk -> C:\Program Files\SpywareBlaster\spywareblaster.exe ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\ASUSDVD Help.lnk -> C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.CHM ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\ASUSDVD.lnk -> C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe (CyberLink Corp.)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\DLS Loader.lnk -> C:\Program Files\Analog Devices\SoundMAX\DLSLoader.exe (Analog Devices, Inc.)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\Readme.lnk -> C:\Program Files\ASUSTek\ASUSDVD\Readme.htm ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\SoundMAX FAQs.lnk -> C:\Program Files\Analog Devices\SoundMAX\SMaxFAQ.htm ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\System Diagnostic.lnk -> C:\Program Files\ASUSTek\ASUSDVD\cldma.exe (CyberLink Corp.)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games\Pinball.lnk -> C:\Program Files\Windows NT\Pinball\pinball.exe (Cinematronics)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET\ESET Smart Security\Documentation.lnk -> C:\Program Files\ESET\ESET Smart Security\eset.chm ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk -> C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk -> C:\Program Files\ESET\ESET Smart Security\SysInspector.exe (ESET)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET\ESET Smart Security\ESET SysRescue.lnk -> C:\Program Files\ESET\ESET Smart Security\SysRescue.exe (ESET)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET\ESET Smart Security\License agreement.lnk -> C:\Program Files\ESET\ESET Smart Security\eula.rtf ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo\IceDragon\Comodo IceDragon.lnk -> C:\Program Files\Comodo\IceDragon\icedragon.exe (COMODO Security Solutions)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Comodo\IceDragon\Uninstall Comodo IceDragon.lnk -> C:\Program Files\Comodo\IceDragon\uninstall.exe (COMODO)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ASUS Utility\Probe V2.20.08.lnk -> C:\Program Files\ASUS\Probe\AsusProb.exe ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO\Advanced Uninstaller PRO 11.lnk -> C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced Uninstaller PRO\Uninstall.lnk -> C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\WordPad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk -> C:\WINDOWS\system32\sndrec32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk -> C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk -> C:\Program Files\Windows NT\hypertrm.exe (Hilgraeve, Inc.)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk -> C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Desktop\ASUSDVD.lnk -> C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe (CyberLink Corp.)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Desktop\Comodo IceDragon.lnk -> C:\Program Files\Comodo\IceDragon\icedragon.exe (COMODO Security Solutions)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Desktop\SpywareBlaster.lnk -> C:\Program Files\SpywareBlaster\spywareblaster.exe ()
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\NetworkService.NT AUTHORITY\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\tiersa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Connection Manager.lnk -> C:\Program Files\BellSouth\Connection Manager\CManager.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Outlook Express (2).lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\V3785 User's Manual\CameraManual.lnk -> C:\Program Files\V3785 Camera Manual\CameraManual.pdf (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\OpenOffice.org 1.1.2\Drawing.lnk -> C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\OpenOffice.org 1.1.2\From Template.lnk -> C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\OpenOffice.org 1.1.2\HTML Document.lnk -> C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\OpenOffice.org 1.1.2\Open Document.lnk -> C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\OpenOffice.org 1.1.2\Presentation.lnk -> C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\OpenOffice.org 1.1.2\Spreadsheet.lnk -> C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\OpenOffice.org 1.1.2\Text Document.lnk -> C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\America Online\AOL System Information.lnk -> C:\Program Files\Common Files\AOL\System Information\sinf.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\SendTo\MUSICMATCH Burner Plus.lnk -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMFWLaunch.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\Adobe Photoshop Album 2.0 Starter Edition.lnk -> C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe (Adobe Systems Incorporated)
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\NAV061200.exe.lnk -> C:\NAV061200.exe ()
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Pictures\art work.lnk -> C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\My Pictures ()
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Games\Battlefield 1942 Singleplayer Demo.lnk -> C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Games\Call of Duty Single Player Demo.lnk -> C:\Program Files\Call of Duty Single Player Demo\CoDSP.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Games\Deer Hunter 5.lnk -> C:\Program Files\Deer Hunter 5\Home\Deer Hunter 5.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Games\Delta Force Black Hawk Down Demo.lnk -> C:\Program Files\NovaLogic\Delta Force Black Hawk Down Demo\dfbhdd.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Games\Medal of Honor Allied Assault Demo.lnk -> C:\Program Files\EA GAMES\MOHAADemo\MOHAADemo.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\My Documents\My Games\Play Star Wars JK II Jedi Outcast Demo.lnk -> C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast Demo\JediOutcast.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\Unused Desktop Shortcuts\Adobe Reader 7.0.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\Unused Desktop Shortcuts\AOL Spyware  Protection.lnk -> C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\Unused Desktop Shortcuts\Connection Manager.lnk -> C:\Program Files\BellSouth\Connection Manager\CManager.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\Unused Desktop Shortcuts\Nero StartSmart.lnk -> C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\Unused Desktop Shortcuts\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Ad-Aware SE Personal.lnk -> C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\AOL Computer Check-Up.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\AOL Spyware  Protection.lnk -> C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\ASUS GameFace.lnk -> C:\Program Files\ASUS\ASUS GameFace\GameFace.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\ASUSDVD.lnk -> C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe (CyberLink Corp.)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\CameraManual.lnk -> C:\Program Files\V3785 Camera Manual\CameraManual.pdf (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\FastAccess DSL Help Center.lnk -> C:\Program Files\Support.com\BellSouth\hcenter.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\FREE AOL Extras!.lnk -> C:\aolextras\Desktop (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\FREE! Instant Messenger.lnk -> C:\AOL Instant Messenger\AIM.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Games.lnk -> C:\aolextras\sm\sm3.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Logitech Resource Center.lnk -> C:\Program Files\Logitech\Resource Center\ResCentr.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Medi@Show.lnk -> C:\Program Files\CyberLink\MediaShow\MediaShow.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\musicmatch JUKEBOX.lnk -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\OLD_DATA.lnk -> C:\OLD_DATA ()
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Play Games.lnk -> C:\aolextras\sm\sm3.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\PowerDirector Pro.lnk -> C:\Program Files\CyberLink\PowerDirector\PowerDirector.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Roxio PhotoSuite 5.lnk -> C:\Program Files\Roxio\PhotoSuite\RoxioPhotoSuite.EXE (Roxio Inc.)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Webshots Desktop.lnk -> C:\Program Files\Webshots\Launcher.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\WinZip.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, Inc.)
Shortcut: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\New Folder\Pictures Downloaded from AOL\Sample Pictures.lnk -> C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\Walter Pico\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk -> C:\Program Files\America Online 9.0\aol.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Walter Pico\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk -> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk -> C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe (No File)
Shortcut: C:\Documents and Settings\Walter Pico\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk -> C:\Program Files\QuickTime\QuickTimePlayer.exe (No File)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\AI - Series.lnk -> C:\Program Files\AI - Series\AI - Series.scr (No File)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Local Settings\Application Data\Innovative Solutions\Advanced Uninstaller PRO\AU PRO.lnk -> C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe (No File)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to AdwCleaner.exe.lnk -> F:\AdwCleaner.exe (No File)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to copy run this.lnk -> G:\copy run this ()
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to Downloads.lnk -> C:\Documents and Settings\walter pico.WALTERPICO179\My Documents\Downloads ()
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Shortcut to FRST.exe.lnk -> F:\FRST.exe (No File)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Program Files\MSN\MSN Explorer.lnk -> C:\Program Files\MSN\MSNCoreFiles\msn6.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller PRO 11.lnk -> C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe (No File)
Shortcut: C:\Documents and Settings\walter pico.WALTERPICO179\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
 
 
 
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\WINDOWS\system32\muweb.dll,LaunchMUSite
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\Uninstall WinZip.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, Inc.) -> /uninstall
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX\SoundMAX Control Panel.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL "C:\Program Files\Analog Devices\SoundMAX\smax3cp.cpl"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Real\RealPlayer\RealPlayer Uninstaller.lnk -> C:\Program Files\Common Files\Real\Update\rnuninst.exe (RealNetworks, Inc.) -> RealNetworks
RealPlayer
6.0
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\MouseWare\Mouse Properties.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> Mouse
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Deer Hunter 5\Uninstall Deer Hunter 5.lnk -> C:\WINDOWS\IsUninst.exe (InstallShield Software Corporation) -> -f"C:\Program Files\Deer Hunter 5\Uninst.isu"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector Pro\Uninstall PowerDirector Pro.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe"  -uninstall
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Medi@Show\Uninstall  Medi@Show.lnk -> C:\WINDOWS\IsUninst.exe (InstallShield Software Corporation) -> -f"C:\Program Files\CyberLink\MediaShow\Uninst.isu"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\ASUSTek ASUSDVD\Uninstall ASUSDVD.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\ASUS\ASUSUpdate\Uninstall ASUSUpdate.lnk -> C:\WINDOWS\IsUninst.exe (InstallShield Software Corporation) -> -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk -> C:\WINDOWS\system32\wiaacmgr.exe (Microsoft Corporation) -> -SelectDevice
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Activate Windows.lnk -> C:\WINDOWS\system32\oobe\msoobe.exe (Microsoft Corporation) -> /A
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Microsoft Update.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\WINDOWS\System32\muweb.dll,LaunchMUSite
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\SoundMAX Control Panel.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL "C:\Program Files\Analog Devices\SoundMAX\smax3cp.cpl"
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SoundMAX\Uninstall ASUSDVD.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ESET\ESET Smart Security\Uninstall.lnk -> C:\Program Files\ESET\ESET Smart Security\callmsi.exe (ESET) -> /i {D66C9F03-5F7C-4A4F-A4D0-7D04FCD426AE}
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools\Activate Windows.lnk -> C:\WINDOWS\system32\oobe\msoobe.exe (Microsoft Corporation) -> /A
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\LocalService\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\tiersa\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\tiersa\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\tiersa\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\tiersa\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\tiersa\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Walter Pico\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\Walter Pico\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Walter Pico\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\walter pico.WALTERPICO179\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\walter pico.WALTERPICO179\Desktop\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
 
 
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\MouseWare\Register on the Logitech website.url -> hxxp://www.logitech.com/us/registration/index.html
InternetURL: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Documents and Settings\tiersa\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\tiersa\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\tiersa\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks
InternetURL: C:\Documents and Settings\tiersa\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\tiersa\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409
InternetURL: C:\Documents and Settings\tiersa\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
InternetURL: C:\Documents and Settings\tiersa\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\ABC 33-40 Alabama's News Leader.url -> hxxp://www.abc3340.com/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Benefits OnLine - Benefits Information Center.url -> https://login4.benefits.ml.com/PostDefault.asp
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Boy Scouts of America - BSA - National Council.url -> hxxp://www.scouting.org/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Boy Scouts of America – Greater Alabama Council.url -> hxxp://www.1bsa.org/default.asp?ID=25
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\ESPN.com.url -> hxxp://espn.go.com/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\http--www.wagenschenke.ch-.url -> hxxp://webmail.bellsouth.net/cgi-bin/gx.cgi/AppLogic+mobmain?
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Log In Page-Cingular Wireless.url -> https://www.myaccount.cingular.com/jsp/Login.jsp?clear=true
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Love Worth Finding.url -> hxxp://www.lwf.org/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\NASCAR.com.url -> hxxp://www.nascar.com/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\RealPlayer Home Page.url -> hxxp://www.real.com
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Resources Applications, Reports, and other Forms.url -> hxxp://www.scouting.org/forms/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Troop 7 - How to Tie Knots.url -> hxxp://www.troop7.org/Knots/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\weather.com.url -> hxxp://www.weather.com/index.html
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Welcome to the Sharon Heights Baptist Church web site..url -> hxxp://www.sharonheights.org/templates/con26bl/default.asp?id=22394
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Media\Real.com Radio Tuner.url -> hxxp://realguide.real.com/stations/
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Links\RealPlayer.url -> hxxp://www.real.com
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
InternetURL: C:\Documents and Settings\Walter Pico\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows
InternetURL: C:\Documents and Settings\Walter Pico\Desktop\DISH Network -- Home.url -> hxxp://www.dishnetwork.com/
InternetURL: C:\Documents and Settings\Walter Pico\Desktop\Unused Desktop Shortcuts\Log In Page-Cingular Wireless (2).url -> https://www.myaccount.cingular.com/
InternetURL: C:\Documents and Settings\Walter Pico\Desktop\Unused Desktop Shortcuts\SIRIUS Satellite Radio - Over 120 channels of Satellite Radio for Your Home, Car, or Boat.url -> hxxp://www.siriusradio.com/servlet/ContentServer?pagename=Sirius/CachedPage&c=Page&cid=1018209032790
InternetURL: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\AT&T Wireless- cell phones and cellular phone plans that fit your personality and lifestyle, and meet all your wireless phone needs..url -> hxxp://www.attwireless.com/;dsessionid=DEVNQGMRC35ZVB4R0EICFFA
InternetURL: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\eBay.url -> hxxp://iredirect.logitech.com/re.php?B=9999&D=ebay&L=1033&V=E.1.00.0&T=1129181425
InternetURL: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\eHow.com - Clear Instructions on How To Do (just about) Everything.url -> hxxp://www.ehow.com/
InternetURL: C:\Documents and Settings\Walter Pico\Desktop\New Briefcase\Unused Desktop Shortcuts\Retirement Services - Account Summary.url -> https://401k.wachovia.com/NowTrack/servlet/401k?BUSINESS_FUNCTION=AccountSummary
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Am I Infected What do I do How do I get help Who is helping me - Am I infected What do I do.url -> hxxp://www.bleepingcomputer.com/forums/t/182397/am-i-infected-what-do-i-do-how-do-i-get-help-who-is-helping-me/
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Comodo IceDragon 20 review a Firefox-based web browser focused on security - PC Advisor.url -> hxxp://www.pcadvisor.co.uk/reviews/software/3444392/comodo-icedragon-20-review/
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Comodo Rescue Disk for Windows, Download Rescue Disk Software.url -> https://www.comodo.com/business-security/network-protection/rescue-disk.php?prod=browser&key5sk0=2005&key5sk1=8d7fd040be7f1740efb36059cddfae87491bcc23
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Download GSmartControl from SourceForge.net.url -> hxxp://sourceforge.net/projects/gsmartcontrol/files/0.8.7/gsmartcontrol-0.8.7-win32.zip/download
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Dragon Web Browser  Comodo offers Best Free Internet Browser.url -> https://www.comodo.com/home/browsers-toolbars/browser.php
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Everyday Health.url -> hxxp://www.everydayhealth.com/DrugsAZ/Hydrocodone-Ibuprofen.aspx
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Free Antivirus Software - Download Bitdefender Antivirus Free.url -> hxxp://www.bitdefender.com/solutions/free.html
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\http--www.bleepingcomputer.com-forums-t-34773-preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help-.url -> hxxp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\http--www.hendrickson-intl.com-images-home-photo_road_bg.jpg.url -> hxxp://www.hendrickson-intl.com/
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\http--www.macktrucks.com-assets-mack-home_main_image6.jpg.url -> hxxp://www.macktrucks.com/default.aspx?pageid=3
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\http--www.microsoft.com-en-us-download-confirmation.aspxid=24.url -> hxxp://www.microsoft.com/en-us/download/confirmation.aspx?id=24
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\My computer has a virus—what should I do (Preliminary malware troubleshooting) - ESET Knowledgebase.url -> hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2505
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Stand-alone malware removal tools - ESET Knowledgebase.url -> hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2372&viewlocale=en_US
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Torch Media.url -> hxxp://www.torch-media.com/
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Uninstallers (removal tools) for common Windows antivirus software - ESET Knowledgebase.url -> hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN146
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\What is UTSCSI.exe UTSCSI.exe Task Manager Process Information.url -> hxxp://searchtasks.answersthatwork.com/tasklist.php?File=UTSCSI
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\AT&T Drivers.url -> hxxp://www.fastaccess.drivers.bellsouth.net
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\AT&T High Speed Internet New User Website (Residential).url -> hxxp://welcome.bellsouth.net/asp/dsl_welcome.asp
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\AT&T High Speed Internet Support.url -> hxxp://support.att.net/
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\AT&T Internet Home.url -> hxxp://my.att.net
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\AT&T Virtual Agent.url -> hxxp://echat.bellsouth.net/sdcxuser/asp/frameset.asp
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\AT&T Webmail.url -> hxxp://webmail.att.net
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\AT&T Welcome Service.url -> hxxp://move2.bellsouth.net/
InternetURL: C:\Documents and Settings\walter pico.WALTERPICO179\Favorites\AT&T\Manage My Account & AT&T Member Services.url -> hxxp://www.att.net/memberservices
 
==================== End of log =============================
 
 
 
Here is Addition.txt results...
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015
Ran by walter pico at 2015-06-28 15:50:31
Running from C:\Documents and Settings\walter pico.WALTERPICO179\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1275210071-1060284298-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1275210071-1060284298-839522115-1010 - Limited - Enabled)
Guest (S-1-5-21-1275210071-1060284298-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1275210071-1060284298-839522115-1000 - Limited - Disabled)
Mara (S-1-5-21-1275210071-1060284298-839522115-1011 - Administrator - Enabled)
SUPPORT_388945a0 (S-1-5-21-1275210071-1060284298-839522115-1002 - Limited - Disabled)
walter pico (S-1-5-21-1275210071-1060284298-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\walter pico.WALTERPICO179
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 8.0 (Enabled - Out of date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM\...\AU11_is1) (Version: 11.65.0.324 - Innovative Solutions)
AOpen FM56-PV Controllerless PCI Modem (HKLM\...\CXT10B6) (Version:  - )
ASUS Enhanced Display Driver (HKLM\...\InstallShield_{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}) (Version: 6.14.10.101 - ASUSTeK COMPUTER INC.)
ASUS Enhanced Display Driver (Version: 6.14.10.101 - ASUSTeK COMPUTER INC.) Hidden
ASUS Probe V2.20.08 (HKLM\...\ASUS Probe V2.20.08) (Version:  - )
ASUSDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1005 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5029 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 7.93.7-030829m-010959C-Asus - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Comodo IceDragon (HKLM\...\Comodo IceDragon) (Version: 26.0.0.2 - COMODO)
ESET Smart Security (HKLM\...\{D66C9F03-5F7C-4A4F-A4D0-7D04FCD426AE}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3663 - Analog Devices)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
19-05-2015 01:08:18 System Checkpoint
19-05-2015 04:40:52 D7 Automatic Restore Point
19-05-2015 04:41:11 D7 Automatic Restore Point
19-05-2015 04:42:03 D7 Automatic Restore Point
19-05-2015 04:43:22 ESET error kernel
19-05-2015 05:24:06 Revo Uninstaller Pro's restore point - att
19-05-2015 09:12:38 Removed ESET Smart Security
19-05-2015 13:52:31 Installed Windows Media Player 11
19-05-2015 14:27:25 Installed Windows XP Service Pack 3.
20-05-2015 04:30:23 Configured ASUS GameFace
20-05-2015 05:36:54 B4RestartDelServs&Drivers
06-06-2015 16:49:15 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2003-03-31 07:00 - 2015-05-21 16:10 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\UninstallMonitor.job => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{9865CAE9-0C4E-43B6-B069-E48D04522FE6}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2003-03-31 07:00 - 2003-03-31 07:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
 
There are 6091 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1275210071-1060284298-839522115-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HelpCenter4.1 => C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
MSCONFIG\startupreg: NeroCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2015 01:43:06 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800700E6 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (06/06/2015 00:51:56 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (06/06/2015 00:51:55 PM) (Source: crypt32) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The server name or address could not be resolved
 
Error: (06/06/2015 00:51:55 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (06/06/2015 00:51:54 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (592) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/04/2015 10:55:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800700E6 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (06/04/2015 09:01:41 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (06/04/2015 09:01:40 PM) (Source: crypt32) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt> with error: The server name or address could not be resolved
 
Error: (06/04/2015 09:01:40 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (06/04/2015 07:00:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
 
System errors:
=============
Error: (06/28/2015 03:38:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO IceDragon Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless Zero Configuration service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CryptSvc service failed to start due to the following error: 
%%230
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COM+ Event System service failed to start due to the following error: 
%%230
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%230
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Telephony service failed to start due to the following error: 
%%230
 
Error: (06/28/2015 01:43:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%230
 
 
Microsoft Office:
=========================
Error: (06/28/2015 01:43:06 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800700E6
 
Error: (06/06/2015 00:51:56 PM) (Source: crypt32) (EventID: 8) (User: )
 
Error: (06/06/2015 00:51:55 PM) (Source: crypt32) (EventID: 5) (User: )
 
Error: (06/06/2015 00:51:55 PM) (Source: crypt32) (EventID: 8) (User: )
 
Error: (06/06/2015 00:51:54 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost592C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (06/04/2015 10:55:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800700E6
 
Error: (06/04/2015 09:01:41 PM) (Source: crypt32) (EventID: 8) (User: )
 
Error: (06/04/2015 09:01:40 PM) (Source: crypt32) (EventID: 5) (User: )
 
Error: (06/04/2015 09:01:40 PM) (Source: crypt32) (EventID: 8) (User: )
 
Error: (06/04/2015 07:00:35 PM) (Source: crypt32) (EventID: 8) (User: )
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ Proswssor
Percentage of memory in use: 64%
Total physical RAM: 511.49 MB
Available physical RAM: 180.86 MB
Total Pagefile: 1249.64 MB
Available Pagefile: 994.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:37.24 GB) (Free:26.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (USB20FD) (Removable) (Total:7.61 GB) (Free:5.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 0000675F)
Partition 1: (Active) - (Size=37.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
 
 
 


#13 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 PM

Posted 01 July 2015 - 03:39 PM

Hi there,

 

My apologies for replying this late. I've been very busy.

Anyway, I want to look a bit deeper into your system. Can you also please describe any present PC problems one by one again?

 

Download ComboFix to your Desktop.

WARNING: ComboFix is a very powerful tool that can damage your system when not used properly. ONLY use this tool under supervision of a trained Malware Analyst. Never use it on your own!!!

NOTE: Don't use your computer for other purposes while running ComboFix. It may cause it to stall!

  • Temporary disable your own anti-virus and other anti-malware programs. For instructions, take a look here.
  • Close all open windows.
  • Right-click ComboFix.exe and select Run as Administrator.
  • Accept the Disclaimer.
  • If you're asked to install the Recovery Console, allow the program to do so.
  • The scan may take some time to finish. Wait for it, please.
  • If ComboFix asks to restart the system, please allow so immediately.
  • When finished, ComboFix will show you a logfile. Please copy/paste the contents of this logfile in your next reply.

If somehow the logfile didn't open or if you can't find it anymore, it's saved as C:\ComboFix.txt.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#14 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:51 PM

Posted 10 July 2015 - 04:23 PM

This is the only Combofix result that I have in the computer. I tried to run a fresh copy since I can get online once again. I also re-installed Sp3 successfully and have corrected the System Restore problem. I ran a fresh download of Combofix earlier and it ran for over 6 hours with just scanning...could it take that long or even longer to finish?

 

 

Here is what I have left from the 4th of July.

 

ComboFix 15-06-30.01 - user 07/04/2015  18:47:56.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4086.2950 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-04 to 2015-07-04  )))))))))))))))))))))))))))))))
.
.
2015-07-04 23:56 . 2015-07-04 23:56    --------    d-----w-    c:\users\techtoolclient\AppData\Local\temp
2015-07-04 23:56 . 2015-07-04 23:56    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-07-04 23:56 . 2015-07-04 23:56    --------    d-----w-    c:\users\MARA\AppData\Local\temp
2015-07-04 23:56 . 2015-07-04 23:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-07-04 20:02 . 2015-07-04 20:02    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D5F9904-4220-4559-874B-E3BDFF366462}\offreg.760.dll
2015-07-04 01:50 . 2015-07-01 19:00    1190000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F3E71F7-C046-481F-B68F-81309A3FC836}\gapaengine.dll
2015-07-04 01:49 . 2015-06-12 07:50    12221144    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D5F9904-4220-4559-874B-E3BDFF366462}\mpengine.dll
2015-07-02 22:14 . 2015-06-12 07:50    12221144    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-29 19:53 . 2015-06-29 19:53    --------    d-----w-    c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2015-06-29 19:52 . 2015-06-29 19:53    --------    d-----w-    c:\program files\SUPERAntiSpyware
2015-06-29 19:52 . 2015-06-29 19:52    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2015-06-24 07:09 . 2015-06-29 03:47    --------    d-----w-    c:\program files (x86)\VS Revo Group
2015-06-23 20:34 . 2009-12-30 16:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2015-06-23 20:34 . 2015-06-23 20:34    --------    d-----w-    c:\program files\VS Revo Group
2015-06-22 16:04 . 2015-06-22 16:05    --------    d-----w-    c:\users\user\.android
2015-06-20 04:38 . 2015-06-27 09:42    --------    d-----w-    c:\users\user\AppData\Local\Windows Live Writer
2015-06-20 04:38 . 2015-06-20 04:38    --------    d-----w-    c:\users\user\AppData\Roaming\Windows Live Writer
2015-06-17 18:50 . 2015-06-17 18:50    --------    d-----w-    c:\program files\COMODO
2015-06-17 18:49 . 2015-06-17 18:49    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2015-06-16 04:02 . 2015-06-16 04:02    --------    d-----w-    c:\windows\en
2015-06-16 03:55 . 2015-06-16 03:55    6081224    -c--a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\39bc883e1d0a7e801\onedrivesetup.exe
2015-06-05 07:30 . 2015-06-17 18:46    --------    d-----r-    c:\users\user\iCloudDrive
2015-06-05 07:30 . 2015-06-05 07:30    --------    d-----w-    c:\users\user\AppData\Local\Apple Inc
2015-06-05 05:52 . 2015-06-11 00:48    --------    d-----w-    c:\program files\Recuva
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-01 19:00 . 2014-03-08 14:24    1190000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-25 21:49 . 2014-03-07 21:30    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-25 21:49 . 2014-03-07 21:30    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-06 14:20 . 2015-05-06 14:20    45056    ----a-w-    c:\windows\SysWow64\UTSCSI.EXE
2015-04-16 02:11 . 2014-10-27 17:37    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-11 03:07 . 2015-04-11 03:07    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2015-04-11 03:07 . 2015-04-11 03:06    235008    ----a-w-    c:\windows\system32\elshyph.dll
2015-04-11 03:06 . 2015-04-11 03:06    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-04-11 03:06 . 2015-04-11 03:06    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2015-04-11 03:06 . 2015-04-11 03:06    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2015-04-11 03:06 . 2015-04-11 03:06    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2015-04-11 03:06 . 2015-04-11 03:06    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2015-04-11 03:06 . 2015-04-11 03:06    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2015-04-11 03:06 . 2015-04-11 03:06    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2015-04-11 03:06 . 2015-04-11 03:06    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2015-04-11 03:06 . 2015-04-11 03:06    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2015-04-11 03:06 . 2015-04-11 03:06    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2015-04-11 03:06 . 2015-04-11 03:06    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2015-04-11 03:06 . 2015-04-11 03:06    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2015-04-11 03:06 . 2015-04-11 03:06    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2015-04-11 03:06 . 2015-04-11 03:06    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2015-04-11 03:06 . 2015-04-11 03:06    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2015-04-11 03:06 . 2015-04-11 03:06    247808    ----a-w-    c:\windows\system32\msls31.dll
2015-04-11 03:06 . 2015-04-11 03:06    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2015-04-11 03:06 . 2015-04-11 03:06    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2015-04-11 03:06 . 2015-04-11 03:06    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2015-04-11 03:06 . 2015-04-11 03:06    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2015-04-11 03:06 . 2015-04-11 03:06    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2015-04-11 03:06 . 2015-04-11 03:06    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2015-04-11 03:06 . 2015-04-11 03:06    81408    ----a-w-    c:\windows\system32\icardie.dll
2015-04-11 03:06 . 2015-04-11 03:06    77312    ----a-w-    c:\windows\system32\tdc.ocx
2015-04-11 03:06 . 2015-04-11 03:06    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2015-04-11 03:06 . 2015-04-11 03:06    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2015-04-11 03:06 . 2015-04-11 03:06    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2015-04-11 03:06 . 2015-04-11 03:06    243200    ----a-w-    c:\windows\system32\webcheck.dll
2015-04-11 03:06 . 2015-04-11 03:06    235520    ----a-w-    c:\windows\system32\url.dll
2015-04-11 03:06 . 2015-04-11 03:06    167424    ----a-w-    c:\windows\system32\iexpress.exe
2015-04-11 03:06 . 2015-04-11 03:06    147968    ----a-w-    c:\windows\system32\occache.dll
2015-04-11 03:06 . 2015-04-11 03:06    143872    ----a-w-    c:\windows\system32\wextract.exe
2015-04-11 03:06 . 2015-04-11 03:06    13824    ----a-w-    c:\windows\system32\mshta.exe
2015-04-11 03:06 . 2015-04-11 03:06    101376    ----a-w-    c:\windows\system32\inseng.dll
2015-04-11 03:06 . 2015-04-11 03:06    48128    ----a-w-    c:\windows\system32\imgutil.dll
2015-04-11 03:06 . 2015-04-11 03:06    135680    ----a-w-    c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-16 03:55    223432    ----a-w-    c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-16 03:55    223432    ----a-w-    c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-16 03:55    223432    ----a-w-    c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-15 7799576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CSUService;COMODO System Utilities Service;c:\program files\COMODO\COMODO System Utilities\CSUService.exe;c:\program files\COMODO\COMODO System Utilities\CSUService.exe [x]
R2 Pico;Pico;c:\windows\System32\Drivers\Pico.sys;c:\windows\SYSNATIVE\Drivers\Pico.sys [x]
R3 AM10;Cisco AM10 Driver;c:\windows\system32\DRIVERS\am10w7.sys;c:\windows\SYSNATIVE\DRIVERS\am10w7.sys [x]
R3 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R3 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe [x]
R3 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
R3 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
R3 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x]
R3 esihdrv;esihdrv;c:\users\user\AppData\Local\Temp\esihdrv.sys;c:\users\user\AppData\Local\Temp\esihdrv.sys [x]
R3 HS4Dl;Handyscope HS4 DIFF driver (before renumeration);c:\windows\system32\DRIVERS\HS4Dla6.sys;c:\windows\SYSNATIVE\DRIVERS\HS4Dla6.sys [x]
R3 HS4Dr;Handyscope HS4 DIFF driver;c:\windows\system32\DRIVERS\HS4Dra6.sys;c:\windows\SYSNATIVE\DRIVERS\HS4Dra6.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NcBulk;NcBulk;c:\windows\system32\DRIVERS\NcBulk.sys;c:\windows\SYSNATIVE\DRIVERS\NcBulk.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AT&T Troubleshoot & Resolve;AT&T Troubleshoot & Resolve;c:\program files (x86)\ATT\8.5.0.48\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.5.0.48\ma\bin\MAHostService.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2014/02/06 01:34];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 MSSQL$WAF;SQL Server (WAF);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 NewMisc;Panasonic Misc Driver;c:\windows\system32\DRIVERS\nmisc64.sys;c:\windows\SYSNATIVE\DRIVERS\nmisc64.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-23 15:57    990024    ----a-w-    c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-29 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe [2015-06-25 05:46]
.
2015-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-07 21:49]
.
2015-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12 18:47]
.
2015-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12 18:47]
.
2015-06-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5881dc03-d2e3-40cf-b949-f0410da4cd4a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-07-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e316eae2-7aae-45bd-802f-4f7717248b34.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-16 03:55    262344    ----a-w-    c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-16 03:55    262344    ----a-w-    c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-16 03:55    262344    ----a-w-    c:\users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} - hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1129374407
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ry1gi2dt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=U313DF&PC=U313&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2029797163-3533435028-1408389357-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-04  18:59:58
ComboFix-quarantined-files.txt  2015-07-04 23:59
.
Pre-Run: 102,839,750,656 bytes free
Post-Run: 102,764,601,344 bytes free
.
- - End Of File - - 56341C651F49476F8298CD089BFAF412
A36C5E4F47E84449FF07ED3517B43A31
 



#15 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 PM

Posted 10 July 2015 - 06:54 PM

Hi,

 

Can you tell me which problems you're still facing? :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users