Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop up boxes open in explorer (mozill or internet)


  • This topic is locked This topic is locked
12 replies to this topic

#1 shitalpatil

shitalpatil

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 19 June 2015 - 12:22 PM

 

hello friends,

 

pls help me regarding above issue. my operating system is Windows XP 64 bit and i am using internet exploerer or mozill firefox for internet web site. when i open any explorer, a pop up boxes open showing any advertisement with web site and i cant see any area unless i closes all pop up boxes. i think it is adwares or malwares. pls help me on yhis issue. thanx in advance

 
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 shitalpatil

shitalpatil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 23 June 2015 - 10:16 AM

 

hi again,

 

i am posting frst. txt here. pls help me to sort out this problem

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Administrator (administrator) on HOME-N246PHYZHZ on 19-06-2015 22:08:09
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Guest)
Platform: Microsoft Windows XP Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
Failed to access process -> BlueSoleilCS.exe
Failed to access process -> BsMobileCS.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> HWDeviceService64.exe
Failed to access process -> ouc.exe
Failed to access process -> explorer.exe
Failed to access process -> NitroPDFDriverService8x64.exe
Failed to access process -> NLSSRV32.EXE
Failed to access process -> svchost.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> egui.exe
Failed to access process -> ctfmon.exe
Failed to access process -> msmsgs.exe
Failed to access process -> IDMan.exe
Failed to access process -> ctfmon.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> SUPERANTISPYWARE.EXE
Failed to access process -> BandwidthMeterPro.exe
Failed to access process -> WZQKPICK32.EXE
Failed to access process -> winampa.exe
Failed to access process -> BtTray.exe
Failed to access process -> PWRISOVM.EXE
Failed to access process -> jusched.exe
Failed to access process -> BsHelpCS.exe
Failed to access process -> wscntfy.exe
Failed to access process -> alg.exe
Failed to access process -> Mobile Partner.exe
Failed to access process -> waterfox.exe
Failed to access process -> plugin-container.exe
Failed to access process -> FRST64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS1\RTHDCPL.EXE [15961088 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS1\SOUNDMAN.EXE [86016 2006-01-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS1\ALCWZRD.EXE [2809856 2006-01-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS1\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4030008 2011-08-09] (ESET)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => E:\Winamp\winampa.exe [37376 2008-01-16] ()
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [226816 2008-08-04] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS1\system32\userinit.exe,
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
HKLM-x32\...\Winlogon: [Shell] Explorer.exe [ ] ()
Winlogon\Notify\crypt32chain: C:\WINDOWS1\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS1\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS1\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS1\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS1\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS1\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS1\SysWOW64\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS1\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS1\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS1\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS1\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS1\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [ctfmon.exe] => C:\WINDOWS1\system32\ctfmon.exe [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1681920 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3417496 2011-08-09] (Tonec Inc.)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [BandwidthMeterPro] => C:\Program Files (x86)\BandwidthMeterPro\BandwidthMeterPro.exe [585728 2010-09-02] (BANDWIDTH-METER.NET)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {0c5f949a-df63-11e3-8e09-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {0c5f94a0-df63-11e3-8e09-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {856e6656-e35f-11e3-bfee-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {ad52aad4-e8dd-11e4-9d70-0015833d0a57} - I:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {b2f113d7-a24e-11e4-aea9-0015833d0a57} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {cf53ea7e-e35d-11e3-9e47-00167699b84a} - I:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS1\system32\logon.scr [704512 2007-02-17] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS1\system32\logon.scr [704512 2007-02-17] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-05-21]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-05-21]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS1\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll No File
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll No File
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS1\SysWOW64\stobject.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2011-05-30] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => %SystemRoot%\System32\cscui.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> {1F34A59B-D694-4F75-A4A1-469488BFF68D} URL = https://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2011-08-01] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2011-08-01] (Internet Download Manager, Tonec Inc.)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2008-04-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2008-04-14] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\SysWOW64\inetcomm.dll No File
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS1\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS1\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS1\SysWOW64\winrnr.dll [17408 2014-05-19] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 218.248.241.4 218.248.241.3

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS1\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-06-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS1\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-06-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-11-14] (Nitro PDF)
FF Extension: bestadblocker - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\HUHrm@KNDn.org [2015-05-01]
FF Extension: SaLEPluSS - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\R1uu@Jpoc.edu [2015-05-01]
FF Extension: BitComet Video Downloader - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-05-29]
FF Extension: WhatsApp Panel - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\whatsapppanel@alejandrobrizuela.com.ar.xpi [2015-04-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-19]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-06-08]
FF HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\Windows\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS1\system32\qmgr.dll [706560 2007-02-17] (Microsoft Corporation)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [775168 2008-10-18] () [File not signed]
S2 Browser; C:\Windows\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [141824 2008-08-01] () [File not signed]
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2008-08-01] () [File not signed]
S4 CiSvc; C:\Windows\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 clr_optimization_v2.0.50727_32; c:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [70144 2007-10-24] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_64; c:\WINDOWS1\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [93696 2007-10-23] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\Windows\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [45568 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-08-09] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS1\system32\es.dll [377856 2008-04-30] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS1\SysWOW64\es.dll [247296 2008-04-30] (Microsoft Corporation)
S3 FontCache3.0.0.0; c:\WINDOWS1\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [36864 2007-10-09] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HWDeviceService64.exe; C:\Documents and Settings\All Users.WINDOWS1\Application Data\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 idsvc; c:\WINDOWS1\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [921600 2007-10-10] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS1\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 lanmanserver; C:\Windows\System32\srvsvc.dll [96768 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\Windows\System32\wkssvc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\Windows\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS1\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
S3 MSDTC; C:\WINDOWS1\system32\msdtc.exe [6656 2008-07-24] (Microsoft Corporation)
S3 MSIServer; C:\Windows\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS1\SysWOW64\msiexec.exe [95744 2008-05-21] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; c:\WINDOWS1\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2013-11-14] (Nitro PDF Software)
R3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 nlsX86cc; C:\WINDOWS1\SysWOW64\NLSSRV32.EXE [69640 2013-11-14] (Nalpeiron Ltd.)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\services.exe [108544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasAuto; C:\Windows\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS1\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\Windows\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\Windows\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\Windows\system32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\system32\spoolsv.exe [57856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS1\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [138752 2008-04-14] (Microsoft Corporation) [File not signed]
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\WINDOWS1\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\Windows\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UMWdf; C:\WINDOWS1\system32\wdfmgr.exe [62976 2005-03-25] (Microsoft Corporation)
S3 UMWdf; C:\WINDOWS1\SysWOW64\wdfmgr.exe [39424 2005-03-25] (Microsoft Corporation)
R2 upnphost; C:\Windows\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS1\system32\w32time.dll [407552 2007-02-17] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS1\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
R2 WebClient; C:\Windows\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS1\system32\mspmsnsv.dll [36352 2007-02-17] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS1\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [617472 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS1\system32\wbem\wmiapsrv.exe [223232 2007-02-17] (Microsoft Corporation)
R2 wscsvc; C:\Windows\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS1\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AeLookupSvc; %SystemRoot%\System32\aelupsvc.dll [X]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [X]
S3 COMSysApp; C:\WINDOWS1\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R2 Eventlog;  [X]
R2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
S3 IASJet; %SystemRoot%\SysWOW64\iasrecst.dll [X]
R2 Schedule; %SystemRoot%\system32\schedsvc.dll [X]
R3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
R2 winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; No ImagePath
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\System32\drivers\afd.sys [138112 2008-04-14] (Microsoft Corporation) [File not signed]
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 AmdIde; No ImagePath
S4 arc; No ImagePath
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Atdisk; No ImagePath
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\Windows\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) [File not signed]
S4 dpti2o; No ImagePath
S1 Fdc; C:\Windows\System32\Drivers\Fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\Windows\System32\Drivers\Flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HTTP; C:\Windows\System32\Drivers\HTTP.sys [264832 2008-04-14] (Microsoft Corporation) [File not signed]
S1 i2omgmt; No ImagePath
R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
S4 iirsp; No ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
S4 IntelIde; No ImagePath
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\Windows\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Modem; C:\Windows\System32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
S4 mraid35x; No ImagePath
R3 MRxDAV; C:\Windows\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [456576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [10112 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCI; C:\Windows\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\Windows\System32\DRIVERS\pciide.sys [3328 2008-04-14] (Microsoft Corporation) [File not signed]
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDPWD; No ImagePath
R3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [5888 2008-04-14] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\Windows\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Simbad; No ImagePath
R3 Srv; C:\Windows\System32\DRIVERS\srv.sys [334848 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\Windows\System32\DRIVERS\tcpip.sys [361344 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDPIPE; No ImagePath
S3 TDTCP; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [30208 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [17152 2008-04-14] (Microsoft Corporation) [File not signed]
S1 VgaSave; C:\Windows\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ViaIde; No ImagePath
R0 VolSnap; C:\Windows\System32\DRIVERS\volsnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; system32\DRIVERS\audstub.sys [X]
R3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
R0 BtHidBus; System32\Drivers\BtHidBus.sys [X]
R2 CdaC15BA; system32\DRIVERS\CdaC15BA.sys [X]
R2 CdaD10BA; system32\DRIVERS\CdaD10BA.sys [X]
R0 crcdisk; system32\DRIVERS\crcdisk.sys [X]
R2 eamon; system32\DRIVERS\eamon.sys [X]
R1 ehdrv; system32\DRIVERS\ehdrv.sys [X]
R2 epfw; system32\DRIVERS\epfw.sys [X]
R3 Epfwndis; system32\DRIVERS\Epfwndis.sys [X]
R1 epfwtdi; system32\DRIVERS\epfwtdi.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
R3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
R0 FltMgr; system32\drivers\fltmgr.sys [X]
R3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
R3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
R3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
R3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
R1 IDMTDI; system32\DRIVERS\idmtdi.sys [X]
R3 IntcAzAudAddService; system32\drivers\RTKHDA64.SYS [X]
S3 IRENUM; system32\DRIVERS\irenum.sys [X]
R3 IvtBtBUs; System32\Drivers\IvtBtBus.sys [X]
R3 ksthunk; system32\drivers\ksthunk.sys [X]
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]
S3 MSPQM; system32\drivers\MSPQM.sys [X]
R3 rdpdr; system32\DRIVERS\rdpdr.sys [X]
R1 redbook; system32\DRIVERS\redbook.sys [X]
R3 rtl8139; system32\DRIVERS\RTL39A64.SYS [X]
S3 SASENUM; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SuperAntiSpyware\SASENUM.SYS [X]
S3 splitter; system32\drivers\splitter.sys [X]
R0 sr; system32\DRIVERS\sr.sys [X]
R1 TermDD; system32\DRIVERS\termdd.sys [X]
R3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
R3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
R3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
R3 vga; system32\DRIVERS\vgapnp.sys [X]
R3 Wdf01000; System32\Drivers\wdf01000.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll ==> No File
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll ==> No File
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS1\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll ==> No File
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll ==> No File
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll ==> No File
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll ==> No File
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 22:07 - 2015-06-19 22:08 - 00000000 ____D C:\FRST
2015-06-16 18:41 - 2015-06-16 18:41 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\BWMeterPro
2015-06-16 18:41 - 2015-06-16 18:41 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BWMonitor
2015-06-16 18:40 - 2015-06-16 18:40 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Bandwidth Meter Pro
2015-06-16 18:40 - 2015-06-16 18:40 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Bandwidth Meter Pro
2015-06-15 16:23 - 2015-06-16 18:41 - 00000000 ____D C:\Program Files (x86)\BandwidthMeterPro
2015-06-15 16:10 - 2015-06-15 16:10 - 00013762 _____ C:\Documents and Settings\Administrator\Desktop\part rate s no 257.xlsx
2015-06-11 00:13 - 2015-06-11 00:13 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2015-06-10 23:40 - 2015-06-10 23:40 - 00000000 __SHD C:\Documents and Settings\Default User.WINDOWS1\IETldCache
2015-06-10 23:37 - 2015-06-10 23:37 - 00000839 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2015-06-10 23:36 - 2015-06-10 23:36 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2015-06-10 23:22 - 2015-06-10 23:32 - 00000000 ____D C:\WINDOWS1\system32\MRT
2015-06-10 23:21 - 2015-06-10 23:21 - 00120668 _____ C:\WINDOWS1\KB2930275.log
2015-06-10 23:21 - 2015-06-10 23:21 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2930275$
2015-06-10 23:21 - 2015-05-27 00:04 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS1\system32\MRT.exe
2015-06-10 23:20 - 2015-06-10 23:20 - 00124516 _____ C:\WINDOWS1\KB2909921.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00119860 _____ C:\WINDOWS1\KB2929961.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00119587 _____ C:\WINDOWS1\KB2909213.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00119207 _____ C:\WINDOWS1\KB2916036.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2929961$
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2916036$
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2909921$
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2909213$
2015-06-10 23:19 - 2015-06-10 23:20 - 00116065 _____ C:\WINDOWS1\KB2914368.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00116876 _____ C:\WINDOWS1\KB2893294.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00116176 _____ C:\WINDOWS1\KB2898715.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00115884 _____ C:\WINDOWS1\KB2904266.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00115099 _____ C:\WINDOWS1\KB2892076.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00115005 _____ C:\WINDOWS1\KB2875783.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00006686 _____ C:\WINDOWS1\system32\TZLog.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2914368$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2904266$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2898715$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2893294$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2892076$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2875783$
2015-06-10 23:18 - 2015-06-10 23:19 - 00116556 _____ C:\WINDOWS1\KB2862152.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00116215 _____ C:\WINDOWS1\KB2868626.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00115973 _____ C:\WINDOWS1\KB2876331.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00113474 _____ C:\WINDOWS1\KB2900986.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2900986$
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2876331$
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2868626$
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2862152$
2015-06-10 23:17 - 2015-06-10 23:18 - 00115326 _____ C:\WINDOWS1\KB2862335.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00116573 _____ C:\WINDOWS1\KB2862330.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00114887 _____ C:\WINDOWS1\KB2864058.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00113001 _____ C:\WINDOWS1\KB2847311.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2864058$
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2862335$
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2862330$
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2847311$
2015-06-10 23:16 - 2015-06-10 23:17 - 00112618 _____ C:\WINDOWS1\KB2864063.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00114021 _____ C:\WINDOWS1\KB2876217.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00112074 _____ C:\WINDOWS1\KB2850869.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00111692 _____ C:\WINDOWS1\KB2803821-v2.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00111223 _____ C:\WINDOWS1\KB2834886.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2876217$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2864063$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2850869$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2834886$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2803821-v2$
2015-06-10 23:15 - 2015-06-10 23:16 - 00115379 _____ C:\WINDOWS1\KB2813170.log
2015-06-10 23:15 - 2015-06-10 23:15 - 00116456 _____ C:\WINDOWS1\KB2807986.log
2015-06-10 23:15 - 2015-06-10 23:15 - 00115299 _____ C:\WINDOWS1\KB2820917.log
2015-06-10 23:15 - 2015-06-10 23:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2820917$
2015-06-10 23:15 - 2015-06-10 23:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2813170$
2015-06-10 23:15 - 2015-06-10 23:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2807986$
2015-06-10 23:14 - 2015-06-10 23:14 - 00850076 _____ C:\WINDOWS1\msxml6-KB2758696-enu-amd64.LOG
2015-06-10 23:14 - 2015-06-10 23:14 - 00114957 _____ C:\WINDOWS1\KB2780091.log
2015-06-10 23:14 - 2015-06-10 23:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2780091$
2015-06-10 23:14 - 2015-06-10 23:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2770660$
2015-06-10 23:13 - 2015-06-10 23:14 - 00114559 _____ C:\WINDOWS1\KB2770660.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00115145 _____ C:\WINDOWS1\KB2705219-v2.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00114536 _____ C:\WINDOWS1\KB2748349.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00113750 _____ C:\WINDOWS1\KB2727528.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2749655$
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2748349$
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2727528$
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2705219-v2$
2015-06-10 23:12 - 2015-06-10 23:13 - 00114175 _____ C:\WINDOWS1\KB2749655.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00114218 _____ C:\WINDOWS1\KB2698365.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00114028 _____ C:\WINDOWS1\KB2691442.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00112678 _____ C:\WINDOWS1\KB2712808.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2712808$
2015-06-10 23:12 - 2015-06-10 23:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2698365$
2015-06-10 23:12 - 2015-06-10 23:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2691442$
2015-06-10 23:11 - 2015-06-10 23:12 - 00115643 _____ C:\WINDOWS1\KB2655992.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00112853 _____ C:\WINDOWS1\KB2686509.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00111931 _____ C:\WINDOWS1\KB2685939.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00109838 _____ C:\WINDOWS1\KB2659262.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2686509$
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2685939$
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2659262$
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2655992$
2015-06-10 23:10 - 2015-06-10 23:11 - 00114254 _____ C:\WINDOWS1\KB2676562.log
2015-06-10 23:10 - 2015-06-10 23:10 - 00113024 _____ C:\WINDOWS1\KB2653956.log
2015-06-10 23:10 - 2015-06-10 23:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2676562$
2015-06-10 23:10 - 2015-06-10 23:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2653956$
2015-06-10 23:09 - 2015-06-10 23:33 - 00065536 _____ C:\WINDOWS1\system32\config\Internet Explorer.evt
2015-06-10 23:05 - 2015-06-10 23:10 - 00122613 _____ C:\WINDOWS1\ie8.log
2015-06-10 23:05 - 2015-06-10 23:08 - 00000000 __HDC C:\WINDOWS1\ie8
2015-06-10 23:04 - 2015-06-10 23:10 - 00030695 _____ C:\WINDOWS1\ie8_main.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00047398 _____ C:\WINDOWS1\KB2644615.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00046957 _____ C:\WINDOWS1\KB2598479.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00044783 _____ C:\WINDOWS1\KB2603381.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00042488 _____ C:\WINDOWS1\KB2638806.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2644615$
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2638806$
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2603381$
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2598479$
2015-06-10 23:02 - 2015-06-10 23:03 - 00045706 _____ C:\WINDOWS1\KB2631813.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00045716 _____ C:\WINDOWS1\KB2620712.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00045400 _____ C:\WINDOWS1\KB2544893-v2.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00045021 _____ C:\WINDOWS1\KB2584146.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00044820 _____ C:\WINDOWS1\KB2619339.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2631813$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2620712$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2619339$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2584146$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2544893-v2$
2015-06-10 23:01 - 2015-06-10 23:02 - 00041939 _____ C:\WINDOWS1\KB2564958.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041428 _____ C:\WINDOWS1\KB2536276-v2.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041425 _____ C:\WINDOWS1\KB2507938.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041371 _____ C:\WINDOWS1\KB2566454.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041277 _____ C:\WINDOWS1\KB2570947.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2570947$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2566454$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2564958$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2536276-v2$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2507938$
2015-06-10 23:00 - 2015-06-10 23:01 - 00040729 _____ C:\WINDOWS1\KB2476490.log
2015-06-10 23:00 - 2015-06-10 23:00 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2476490$
2015-06-10 22:44 - 2015-06-10 22:44 - 00041080 _____ C:\WINDOWS1\KB2509553.log
2015-06-10 22:44 - 2015-06-10 22:44 - 00038693 _____ C:\WINDOWS1\KB2535512.log
2015-06-10 22:44 - 2015-06-10 22:44 - 00037148 _____ C:\WINDOWS1\KB2510587.log
2015-06-10 22:44 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2535512$
2015-06-10 22:44 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2510587$
2015-06-10 22:44 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2509553$
2015-06-10 22:43 - 2015-06-10 22:44 - 00034096 _____ C:\WINDOWS1\KB2506212.log
2015-06-10 22:43 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2506212$
2015-06-10 22:43 - 2015-06-10 22:43 - 00035518 _____ C:\WINDOWS1\KB2508429.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00035382 _____ C:\WINDOWS1\KB971029.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00034478 _____ C:\WINDOWS1\KB2479943.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00034393 _____ C:\WINDOWS1\KB2485663.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB971029$
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2508429$
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2485663$
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2479943$
2015-06-10 22:42 - 2015-06-10 22:43 - 00036138 _____ C:\WINDOWS1\KB2393802.log
2015-06-10 22:42 - 2015-06-10 22:42 - 00034792 _____ C:\WINDOWS1\KB2483185.log
2015-06-10 22:42 - 2015-06-10 22:42 - 00034326 _____ C:\WINDOWS1\KB2478960.log
2015-06-10 22:42 - 2015-06-10 22:42 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2483185$
2015-06-10 22:42 - 2015-06-10 22:42 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2478960$
2015-06-10 22:42 - 2015-06-10 22:42 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2393802$
2015-06-10 22:41 - 2015-06-10 22:42 - 00033897 _____ C:\WINDOWS1\KB2478971.log
2015-06-10 22:41 - 2015-06-10 22:41 - 00038064 _____ C:\WINDOWS1\KB2419635.log
2015-06-10 22:41 - 2015-06-10 22:41 - 00032599 _____ C:\WINDOWS1\KB2443105.log
2015-06-10 22:41 - 2015-06-10 22:41 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2478971$
2015-06-10 22:41 - 2015-06-10 22:41 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2443105$
2015-06-10 22:41 - 2015-06-10 22:41 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2419635$
2015-06-10 22:40 - 2015-06-10 22:41 - 00032649 _____ C:\WINDOWS1\KB2423089.log
2015-06-10 22:40 - 2015-06-10 22:40 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2423089$
2015-06-10 22:31 - 2015-06-10 22:31 - 00032366 _____ C:\WINDOWS1\KB982132.log
2015-06-10 22:31 - 2015-06-10 22:31 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB982132$
2015-06-10 22:30 - 2015-06-10 22:30 - 00034552 _____ C:\WINDOWS1\KB979687.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00032481 _____ C:\WINDOWS1\KB2378111.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00031419 _____ C:\WINDOWS1\KB2347290.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00030798 _____ C:\WINDOWS1\KB975558.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00030782 _____ C:\WINDOWS1\KB2387149.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB979687$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975558_WM8$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2387149$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2378111$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2347290$
2015-06-10 22:29 - 2015-06-10 22:30 - 00030592 _____ C:\WINDOWS1\KB981997.log
2015-06-10 22:29 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB981997$
2015-06-10 22:29 - 2015-06-10 22:29 - 00030607 _____ C:\WINDOWS1\KB2229593.log
2015-06-10 22:29 - 2015-06-10 22:29 - 00030530 _____ C:\WINDOWS1\KB2115168.log
2015-06-10 22:29 - 2015-06-10 22:29 - 00030506 _____ C:\WINDOWS1\KB982665.log
2015-06-10 22:29 - 2015-06-10 22:29 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB982665$
2015-06-10 22:29 - 2015-06-10 22:29 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2229593$
2015-06-10 22:29 - 2015-06-10 22:29 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2115168$
2015-06-10 22:20 - 2015-06-10 22:20 - 00032193 _____ C:\WINDOWS1\KB978338.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00031105 _____ C:\WINDOWS1\KB978542.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00030500 _____ C:\WINDOWS1\KB979482.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00030495 _____ C:\WINDOWS1\KB979309.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB979482$
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB979309$
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB978542$
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB978338$
2015-06-10 22:19 - 2015-06-10 22:20 - 00030376 _____ C:\WINDOWS1\KB977816.log
2015-06-10 22:19 - 2015-06-10 22:19 - 00032649 _____ C:\WINDOWS1\KB977914.log
2015-06-10 22:19 - 2015-06-10 22:19 - 00030715 _____ C:\WINDOWS1\KB978706.log
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB978706$
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB977914$
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB977816$
2015-06-10 22:18 - 2015-06-10 22:19 - 00031377 _____ C:\WINDOWS1\KB975560.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00030901 _____ C:\WINDOWS1\KB975713.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00030384 _____ C:\WINDOWS1\KB973904.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00030126 _____ C:\WINDOWS1\KB972270.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975713$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975560$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974392$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973904$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB972270$
2015-06-10 22:17 - 2015-06-10 22:18 - 00029213 _____ C:\WINDOWS1\KB974392.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00030572 _____ C:\WINDOWS1\KB968389.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00029163 _____ C:\WINDOWS1\KB974318.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00028963 _____ C:\WINDOWS1\KB975467.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975467$
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974318$
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB969059$
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB968389$
2015-06-10 22:16 - 2015-06-10 22:17 - 00024302 _____ C:\WINDOWS1\KB969059.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00024363 _____ C:\WINDOWS1\KB974571.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00023971 _____ C:\WINDOWS1\KB974112.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00023099 _____ C:\WINDOWS1\KB956844.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00022965 _____ C:\WINDOWS1\KB973869.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00022926 _____ C:\WINDOWS1\KB954155.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00022858 _____ C:\WINDOWS1\KB975025.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975025$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974571$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974112$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973869$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB956844$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB954155$
2015-06-10 22:15 - 2015-06-10 22:15 - 00023107 _____ C:\WINDOWS1\KB973507.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00023051 _____ C:\WINDOWS1\KB971657.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00022882 _____ C:\WINDOWS1\KB960859.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00022809 _____ C:\WINDOWS1\KB973815.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973815$
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973507$
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB971657$
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB960859$
2015-06-10 22:14 - 2015-06-10 22:15 - 00030194 _____ C:\WINDOWS1\KB958469.log
2015-06-10 22:14 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB958469$
2015-06-10 22:14 - 2015-06-10 22:14 - 00026829 _____ C:\WINDOWS1\KB971032.log
2015-06-10 22:14 - 2015-06-10 22:14 - 00022190 _____ C:\WINDOWS1\KB973540.log
2015-06-10 22:14 - 2015-06-10 22:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973540$
2015-06-10 22:14 - 2015-06-10 22:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB971032$
2015-06-10 22:13 - 2015-06-10 22:14 - 00022131 _____ C:\WINDOWS1\KB959426.log
2015-06-10 22:13 - 2015-06-10 22:13 - 00023203 _____ C:\WINDOWS1\KB952004.log
2015-06-10 22:13 - 2015-06-10 22:13 - 00018207 _____ C:\WINDOWS1\KB960803.log
2015-06-10 22:13 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB960803$
2015-06-10 22:13 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB959426$
2015-06-10 22:13 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB952004$
2015-06-10 22:12 - 2015-06-10 22:13 - 00024156 _____ C:\WINDOWS1\KB956572.log
2015-06-10 22:12 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB956572$
2015-06-10 22:12 - 2015-06-10 22:12 - 00015764 _____ C:\WINDOWS1\KB923561.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00012877 _____ C:\WINDOWS1\KB952954.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00012775 _____ C:\WINDOWS1\KB952069.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00011795 _____ C:\WINDOWS1\KB950974.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00010630 _____ C:\WINDOWS1\KB951376.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00010626 _____ C:\WINDOWS1\KB946648.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB952954$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB952069$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB951376$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB950974$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB946648$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB923561$
2015-06-10 22:11 - 2015-06-10 22:11 - 00010699 _____ C:\WINDOWS1\KB936357.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010698 _____ C:\WINDOWS1\KB950762.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010697 _____ C:\WINDOWS1\KB946026.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010633 _____ C:\WINDOWS1\KB944653.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010363 _____ C:\WINDOWS1\KB941569.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB950762$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB946026$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB944653$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB941569$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB936357$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB925398_WMP64$
2015-06-10 22:10 - 2015-06-10 22:11 - 00010856 _____ C:\WINDOWS1\KB925398.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00011032 _____ C:\WINDOWS1\KB932168.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00011023 _____ C:\WINDOWS1\KB929123.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00010161 _____ C:\WINDOWS1\KB925902.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00009797 _____ C:\WINDOWS1\KB931261.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00008095 _____ C:\WINDOWS1\KB924667-v2.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB932168$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB931261$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB929123$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB925902$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB924667-v2$
2015-06-10 21:55 - 2014-02-07 12:27 - 04602368 _____ (Microsoft Corporation) C:\WINDOWS1\system32\win32k.sys
2015-06-10 21:50 - 2013-11-12 17:22 - 00060928 ____N (Microsoft Corporation) C:\WINDOWS1\system32\tzchange.exe
2015-06-10 21:50 - 2013-11-12 17:22 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS1\SysWOW64\tzchange.exe
2015-06-10 21:50 - 2013-11-07 11:25 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS1\system32\rpcrt4.dll
2015-06-10 21:50 - 2013-11-07 11:25 - 00635392 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\rpcrt4.dll
2015-06-10 21:50 - 2013-10-12 21:37 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS1\system32\oakley.dll
2015-06-10 21:50 - 2013-10-09 18:54 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS1\system32\gdi32.dll
2015-06-10 21:50 - 2013-10-09 18:54 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\gdi32.dll
2015-06-10 21:50 - 2013-10-07 16:42 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS1\system32\crypt32.dll
2015-06-10 21:50 - 2013-10-07 16:42 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\crypt32.dll
2015-06-10 21:50 - 2013-08-14 09:00 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS1\system32\themeui.dll
2015-06-10 21:50 - 2013-08-05 19:17 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS1\system32\ole32.dll
2015-06-10 21:50 - 2013-08-05 19:17 - 01270784 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\ole32.dll
2015-06-10 21:50 - 2013-07-10 15:42 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS1\system32\usp10.dll
2015-06-10 21:50 - 2013-07-04 17:09 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\comctl32.dll
2015-06-10 21:50 - 2013-06-04 18:02 - 00453120 _____ (Adobe Systems Incorporated) C:\WINDOWS1\system32\atmfd.dll
2015-06-10 21:49 - 2013-03-08 14:15 - 00513024 _____ (Microsoft Corporation) C:\WINDOWS1\system32\winsrv.dll
2015-06-10 21:46 - 2012-06-08 21:37 - 10510848 _____ (Microsoft Corporation) C:\WINDOWS1\system32\shell32.dll
2015-06-10 21:46 - 2012-06-08 21:37 - 08362496 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\shell32.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS1\system32\schannel.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS1\system32\msv1_0.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\schannel.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\msv1_0.dll
2015-06-10 21:41 - 2011-11-22 22:18 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\ntdll.dll
2015-06-10 21:41 - 2011-10-26 00:54 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS1\system32\csrsrv.dll
2015-06-10 21:41 - 2011-10-15 02:34 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS1\system32\winmm.dll
2015-06-10 21:41 - 2011-10-15 02:34 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\winmm.dll
2015-06-10 21:38 - 2011-03-11 13:32 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\mfc42.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS1\system32\mswsock.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS1\system32\dnsapi.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\mswsock.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\dnsapi.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS1\system32\dnsrslvr.dll
2015-06-10 21:30 - 2010-12-18 02:32 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS1\system32\kerberos.dll
2015-06-10 21:27 - 2010-08-18 01:31 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS1\system32\spoolsv.exe
2015-06-10 21:24 - 2009-10-15 13:35 - 00622080 _____ (Microsoft Corporation) C:\WINDOWS1\system32\shlwapi.dll
2015-06-10 21:24 - 2009-10-15 13:35 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\shlwapi.dll
2015-06-10 21:23 - 2009-10-08 22:06 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS1\system32\rastls.dll
2015-06-10 21:23 - 2009-10-08 22:06 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS1\system32\raschap.dll
2015-06-10 21:22 - 2009-09-09 22:02 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS1\system32\msasn1.dll
2015-06-10 21:22 - 2009-09-09 22:02 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\msasn1.dll
2015-06-10 21:22 - 2009-07-18 11:54 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS1\system32\atl.dll
2015-06-10 21:22 - 2009-07-18 11:54 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\atl.dll
2015-06-10 21:20 - 2009-03-19 19:51 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS1\system32\rpcss.dll
2015-06-10 21:20 - 2009-03-19 19:51 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\advapi32.dll
2015-06-10 21:20 - 2009-03-19 19:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS1\system32\sc.exe
2015-06-10 21:18 - 2008-04-30 04:49 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS1\system32\es.dll
2015-06-10 21:18 - 2008-04-30 04:49 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\es.dll
2015-06-10 21:06 - 2007-03-21 08:18 - 00454144 _____ (Microsoft Corporation) C:\WINDOWS1\system32\w03a2409.dll
2015-06-10 21:06 - 2007-03-02 01:54 - 01086464 _____ (Microsoft Corporation) C:\WINDOWS1\system32\user32.dll
2015-06-10 21:06 - 2007-03-02 01:54 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\user32.dll
2015-06-10 21:06 - 2007-02-08 08:51 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS1\system32\upnphost.dll
2015-05-28 19:30 - 2015-05-28 19:30 - 00000000 ____D C:\Program Files (x86)\ESET

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 22:08 - 2014-05-19 00:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-06-19 22:07 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\Temp
2015-06-19 22:06 - 2014-07-01 09:33 - 00000716 _____ C:\WINDOWS1\system32\d3d9caps.dat
2015-06-19 21:38 - 2014-05-19 00:08 - 01104897 _____ C:\WINDOWS1\WindowsUpdate.log
2015-06-19 21:36 - 2014-05-20 05:14 - 00005142 ____C C:\WINDOWS1\system32\PerfStringBackup.INI
2015-06-19 21:33 - 2014-05-20 21:26 - 00000664 _____ C:\WINDOWS1\SysWOW64\d3d9caps.dat
2015-06-19 21:29 - 2015-05-15 20:54 - 00000374 _____ C:\WINDOWS1\system32\Drivers\etc\hosts.ics
2015-06-19 21:28 - 2014-05-19 23:22 - 00000000 ____D C:\WINDOWS1\SysWOW64\Lang
2015-06-19 21:28 - 2014-05-19 00:22 - 00000159 _____ C:\Documents and Settings\LocalService\wiadebug.log
2015-06-19 21:28 - 2014-05-19 00:22 - 00000006 ____H C:\WINDOWS1\Tasks\SA.DAT
2015-06-19 21:28 - 2014-05-19 00:22 - 00000000 _____ C:\WINDOWS1\0.log
2015-06-19 21:28 - 2008-08-04 18:04 - 00000982 _____ C:\WINDOWS1\SysWOW64\bscs.ini
2015-06-19 21:27 - 2014-05-19 00:22 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-19 18:30 - 2015-04-18 14:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-19 10:29 - 2014-05-19 00:22 - 00032566 _____ C:\WINDOWS1\Tasks\SchedLgU.Txt
2015-06-18 22:08 - 2005-03-25 17:30 - 00002206 _____ C:\WINDOWS1\system32\wpa.dbl
2015-06-17 22:05 - 2014-05-19 00:22 - 00011848 _____ C:\WINDOWS1\PFRO.log
2015-06-17 16:29 - 2014-05-19 22:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2015-06-17 14:46 - 2015-05-12 22:30 - 00000526 _____ C:\WINDOWS1\Tasks\SUPERAntiSpyware Scheduled Task 78220cb0-5bdc-4168-9f98-43f96b15e38d.job
2015-06-15 16:25 - 2014-06-08 23:13 - 00034308 _____ C:\WINDOWS1\SysWOW64\BASSMOD.dll
2015-06-15 16:18 - 2014-05-29 20:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitComet
2015-06-15 10:57 - 2014-05-20 05:13 - 00822591 _____ C:\WINDOWS1\setupapi.log
2015-06-11 14:58 - 2014-06-08 22:00 - 00778416 ____C (Adobe Systems Incorporated) C:\WINDOWS1\SysWOW64\FlashPlayerApp.exe
2015-06-11 14:58 - 2014-06-08 22:00 - 00142512 ____C (Adobe Systems Incorporated) C:\WINDOWS1\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 00:13 - 2014-05-19 00:22 - 00000000 ____D C:\Documents and Settings\Administrator
2015-06-10 23:51 - 2015-03-06 12:48 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\Oracle
2015-06-10 23:51 - 2015-03-06 12:48 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\Oracle
2015-06-10 23:51 - 2014-11-11 19:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-10 23:49 - 2015-04-12 11:50 - 00097888 _____ (Oracle Corporation) C:\WINDOWS1\SysWOW64\WindowsAccessBridge-32.dll
2015-06-10 23:48 - 2014-05-20 20:43 - 00146432 _____ (Oracle Corporation) C:\WINDOWS1\SysWOW64\javacpl.cpl
2015-06-10 23:37 - 2014-05-19 00:22 - 00000809 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-10 23:37 - 2014-05-19 00:22 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-06-10 23:36 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1
2015-06-10 23:36 - 2014-05-19 22:13 - 00031527 _____ C:\WINDOWS1\spupdsvc.log
2015-06-10 23:35 - 2014-05-20 05:13 - 00354568 _____ C:\WINDOWS1\system32\FNTCACHE.DAT
2015-06-10 23:35 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\Help
2015-06-10 23:34 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\msagent64
2015-06-10 23:21 - 2014-05-20 05:14 - 00574549 _____ C:\WINDOWS1\FaxSetup.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00339998 _____ C:\WINDOWS1\msmqinst.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00249672 _____ C:\WINDOWS1\tsoc.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00232290 _____ C:\WINDOWS1\comsetup.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00224042 _____ C:\WINDOWS1\iis6.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00195913 _____ C:\WINDOWS1\ocgen.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00147937 _____ C:\WINDOWS1\ntdtcsetup.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00038590 _____ C:\WINDOWS1\ocmsn.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00034611 _____ C:\WINDOWS1\msgsocm.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00000970 _____ C:\WINDOWS1\imsins.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00000970 _____ C:\WINDOWS1\imsins.BAK
2015-06-10 23:21 - 2014-05-19 21:47 - 00155203 _____ C:\WINDOWS1\updspapi.log
2015-06-10 23:15 - 2015-01-14 09:40 - 00000000 ___HD C:\WINDOWS1\$hf_mig$
2015-06-10 23:08 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\Media
2015-06-10 22:51 - 2014-05-21 23:29 - 00005124 _____ C:\WINDOWS1\SysWOW64\PerfStringBackup.INI
2015-06-10 22:40 - 2014-05-19 00:06 - 00000000 ____D C:\Program Files\Outlook Express
2015-06-10 22:40 - 2014-05-19 00:06 - 00000000 ____D C:\Program Files (x86)\Outlook Express
2015-06-10 22:30 - 2014-05-19 00:22 - 00000828 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-06-10 22:30 - 2014-05-19 00:07 - 00000000 ____D C:\Program Files (x86)\Movie Maker
2015-06-10 22:30 - 2014-05-19 00:04 - 00025032 _____ C:\WINDOWS1\wmsetup.log
2015-06-10 22:13 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\system32\Setup
2015-06-10 22:12 - 2014-05-19 00:02 - 00000000 ____D C:\Program Files\Messenger
2015-06-10 22:10 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\msagent
2015-06-10 22:10 - 2014-05-19 00:05 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-10 22:09 - 2014-05-19 21:46 - 00000000 ____D C:\WINDOWS1\system32\ReinstallBackups
2015-06-08 21:16 - 2014-06-06 20:59 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Nitro PDF
2015-05-28 21:35 - 2015-04-30 23:07 - 00000000 ____D C:\Program Files (x86)\SalePlus
2015-05-28 21:35 - 2015-04-30 23:06 - 00000000 ____D C:\Program Files (x86)\SaLEPluSS
2015-05-28 21:33 - 2015-04-30 23:08 - 00000000 ____D C:\Program Files (x86)\Bookolio
2015-05-28 21:33 - 2015-04-30 23:08 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-05-28 19:25 - 2014-06-08 23:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\DMCache
2015-05-26 21:31 - 2014-05-19 00:30 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Microsoft Office
2015-05-26 21:31 - 2014-05-19 00:30 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Microsoft Office
2015-05-26 21:31 - 2014-05-19 00:26 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\Microsoft Help
2015-05-26 21:31 - 2014-05-19 00:26 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\Microsoft Help
2015-05-24 22:57 - 2015-04-30 23:04 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\{acc55444-6d5a-4376-acc5-554446d55111}
2015-05-24 22:57 - 2015-04-30 23:04 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\{acc55444-6d5a-4376-acc5-554446d55111}

==================== Files in the root of some directories =======

2015-02-05 20:06 - 2015-02-05 20:06 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2015-06-04 13:14 - 2015-06-04 13:15 - 0004608 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\Guest\Firefox Setup Stub 29.0.1.exe


Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-8u45-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 1033728 ____A (Microsoft Corporation) 12896823FB95BFB3DC9B46BCAEDC9923

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2008-04-14 17:30] - [2008-04-14 17:30] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 0026112 ____A (Microsoft Corporation) A93AEE1928A9D7CE3E16D24EC7380F89

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 17:30] - [2008-04-14 17:30] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End of log ============================



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 AM

Posted 24 June 2015 - 09:31 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 shitalpatil

shitalpatil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 24 June 2015 - 01:02 PM

 

hi Gary,

 

thanx for assistance. i will follow your instruction without any doubt.you can call me bleepal

 

as per your instruction, i download the combofix and when i started to run, it gives me message that it will run on Wndows Xp 32 bit. My operating system is Windows XP 64 bit.

 

so please give me next instruction, i am waiting for that. thank you.

 
 
 


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 AM

Posted 24 June 2015 - 01:09 PM

OK, thanks.

Because of the spelling of your name the site won't actually let me "call" you by your name. It exchanges some of the letters with "bleep". :)

Let's do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
HKLM-x32\...\Winlogon: [Shell] Explorer.exe [ ] ()
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {0c5f949a-df63-11e3-8e09-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {0c5f94a0-df63-11e3-8e09-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {856e6656-e35f-11e3-bfee-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {ad52aad4-e8dd-11e4-9d70-0015833d0a57} - I:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {b2f113d7-a24e-11e4-aea9-0015833d0a57} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {cf53ea7e-e35d-11e3-9e47-00167699b84a} - I:\AutoRun.exe
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll No File
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll No File
ShellIconOverlayIdentifiers-x32: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => %SystemRoot%\System32\cscui.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
R2 Eventlog;  [X]
R2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
S3 IASJet; %SystemRoot%\SysWOW64\iasrecst.dll [X]
R2 Schedule; %SystemRoot%\system32\schedsvc.dll [X]
R3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
R2 winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]
2015-02-05 20:06 - 2015-02-05 20:06 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2015-06-04 13:14 - 2015-06-04 13:15 - 0004608 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Guest\Firefox Setup Stub 29.0.1.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-8u45-windows-au.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 shitalpatil

shitalpatil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 25 June 2015 - 01:34 PM

hi  gary,

i run the code as per your instruction and reboot the machine but i found that my machine is not booting giving me message that issac (or something like that) file is missing and again restart machine.

so i press F8 kay before boot and choose last good known configuration then my machine get start.

after running code, i found that machine is bit fast than before and when i visited web site, i found that pop up opens but it acqure lesser area than before ( before it acquires almost 2/3 rd of viewing area ).

i am posting log after running code. here it is

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Administrator at 2015-06-25 18:41:27 Run:1
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
HKLM-x32\...\Winlogon: [Shell] Explorer.exe [ ] ()
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {0c5f949a-df63-11e3-8e09-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {0c5f94a0-df63-11e3-8e09-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {856e6656-e35f-11e3-bfee-00167699b84a} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {ad52aad4-e8dd-11e4-9d70-0015833d0a57} - I:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {b2f113d7-a24e-11e4-aea9-0015833d0a57} - H:\AutoRun.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\MountPoints2: {cf53ea7e-e35d-11e3-9e47-00167699b84a} - I:\AutoRun.exe
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll No File
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll No File
ShellIconOverlayIdentifiers-x32: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => %SystemRoot%\System32\cscui.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
R2 Eventlog;  [X]
R2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
S3 IASJet; %SystemRoot%\SysWOW64\iasrecst.dll [X]
R2 Schedule; %SystemRoot%\system32\schedsvc.dll [X]
R3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
R2 winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]
2015-02-05 20:06 - 2015-02-05 20:06 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2015-06-04 13:14 - 2015-06-04 13:15 - 0004608 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Guest\Firefox Setup Stub 29.0.1.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-8u45-windows-au.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon" => key removed successfully
HKLM\Software\Microsoft\Command Processor\\AutoRun => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Command Processor\\AutoRun => value removed successfully
"HKU\S-1-5-21-4196316794-2275671525-1384915817-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5f949a-df63-11e3-8e09-00167699b84a}" => key removed successfully
HKCR\CLSID\{0c5f949a-df63-11e3-8e09-00167699b84a} => key not found.
"HKU\S-1-5-21-4196316794-2275671525-1384915817-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5f94a0-df63-11e3-8e09-00167699b84a}" => key removed successfully
HKCR\CLSID\{0c5f94a0-df63-11e3-8e09-00167699b84a} => key not found.
"HKU\S-1-5-21-4196316794-2275671525-1384915817-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{856e6656-e35f-11e3-bfee-00167699b84a}" => key removed successfully
HKCR\CLSID\{856e6656-e35f-11e3-bfee-00167699b84a} => key not found.
"HKU\S-1-5-21-4196316794-2275671525-1384915817-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad52aad4-e8dd-11e4-9d70-0015833d0a57}" => key removed successfully
HKCR\CLSID\{ad52aad4-e8dd-11e4-9d70-0015833d0a57} => key not found.
"HKU\S-1-5-21-4196316794-2275671525-1384915817-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2f113d7-a24e-11e4-aea9-0015833d0a57}" => key removed successfully
HKCR\CLSID\{b2f113d7-a24e-11e4-aea9-0015833d0a57} => key not found.
"HKU\S-1-5-21-4196316794-2275671525-1384915817-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf53ea7e-e35d-11e3-9e47-00167699b84a}" => key removed successfully
HKCR\CLSID\{cf53ea7e-e35d-11e3-9e47-00167699b84a} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder => value removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn => value removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files" => key removed successfully
"HKCR\Wow6432Node\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Winsock: Catalog5-x64 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Eventlog => Unable to stop service.
Eventlog => Service removed successfully
helpsvc => Service stopped successfully.
helpsvc => Service removed successfully
HidServ => Service removed successfully
IASJet => Service removed successfully
Schedule => Service stopped successfully.
Schedule => Service removed successfully
TermService => Unable to stop service.
TermService => Service removed successfully
vds => Service removed successfully
WinHttpAutoProxySvc => Service stopped successfully.
WinHttpAutoProxySvc => Service removed successfully
winmgmt => Service restored successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp => moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Documents and Settings\Guest\Firefox Setup Stub 29.0.1.exe => moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-8u45-windows-au.exe => moved successfully.


The system needed a reboot..

==== End of Fixlog 18:41:46 ====

 
 
 
 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 AM

Posted 25 June 2015 - 01:54 PM

Very good, nice work.

Please run FRST again making sure Addition.txt is checked. Copy and paste both logs in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 shitalpatil

shitalpatil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 26 June 2015 - 11:47 PM

 

hi gary

 

i am posting log here.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Administrator (administrator) on HOME-N246PHYZHZ on 27-06-2015 10:06:22
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Guest)
Platform: Microsoft Windows XP Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
Failed to access process -> BlueSoleilCS.exe
Failed to access process -> BsMobileCS.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> HWDeviceService64.exe
Failed to access process -> explorer.exe
Failed to access process -> ouc.exe
Failed to access process -> NitroPDFDriverService8x64.exe
Failed to access process -> NLSSRV32.EXE
Failed to access process -> svchost.exe
Failed to access process -> Mobile Partner.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> wmiprvse.exe
Failed to access process -> egui.exe
Failed to access process -> ctfmon.exe
Failed to access process -> msmsgs.exe
Failed to access process -> IDMan.exe
Failed to access process -> ctfmon.exe
Failed to access process -> SUPERANTISPYWARE.EXE
Failed to access process -> BandwidthMeterPro.exe
Failed to access process -> WZQKPICK32.EXE
Failed to access process -> winampa.exe
Failed to access process -> BtTray.exe
Failed to access process -> PWRISOVM.EXE
Failed to access process -> jusched.exe
Failed to access process -> BsHelpCS.exe
Failed to access process -> wscntfy.exe
Failed to access process -> alg.exe
Failed to access process -> FRST64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS1\RTHDCPL.EXE [15961088 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS1\SOUNDMAN.EXE [86016 2006-01-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS1\ALCWZRD.EXE [2809856 2006-01-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS1\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4030008 2011-08-09] (ESET)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => E:\Winamp\winampa.exe [37376 2008-01-16] ()
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [226816 2008-08-04] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [217088 2008-01-20] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS1\system32\userinit.exe,
HKLM-x32\...\Winlogon: [Userinit] userinit.exe [X]
HKLM-x32\...\Winlogon: [Shell] Explorer.exe [ ] ()
Winlogon\Notify\crypt32chain: C:\WINDOWS1\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS1\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS1\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS1\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS1\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS1\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS1\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS1\SysWOW64\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS1\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS1\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS1\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS1\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS1\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [ctfmon.exe] => C:\WINDOWS1\system32\ctfmon.exe [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1681920 2007-02-18] (Microsoft Corporation)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3417496 2011-08-09] (Tonec Inc.)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Run: [BandwidthMeterPro] => C:\Program Files (x86)\BandwidthMeterPro\BandwidthMeterPro.exe [585728 2010-09-02] (BANDWIDTH-METER.NET)
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS1\system32\logon.scr [704512 2007-02-17] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS1\system32\logon.scr [704512 2007-02-17] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-05-21]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-05-21]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS1\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS1\SysWOW64\stobject.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2011-05-30] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> {1F34A59B-D694-4F75-A4A1-469488BFF68D} URL = https://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2011-08-01] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2011-08-01] (Internet Download Manager, Tonec Inc.)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2008-04-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4196316794-2275671525-1384915817-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2008-04-14] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\SysWOW64\inetcomm.dll No File
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS1\SysWOW64\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS1\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS1\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS1\SysWOW64\winrnr.dll [17408 2014-05-19] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog9 01 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS1\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-06-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS1\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-06-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-11-14] (Nitro PDF)
FF Extension: bestadblocker - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\HUHrm@KNDn.org [2015-05-01]
FF Extension: SaLEPluSS - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\R1uu@Jpoc.edu [2015-05-01]
FF Extension: BitComet Video Downloader - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-05-29]
FF Extension: WhatsApp Panel - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yh8pfa48.default\Extensions\whatsapppanel@alejandrobrizuela.com.ar.xpi [2015-04-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-19]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-06-08]
FF HKU\S-1-5-21-4196316794-2275671525-1384915817-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\Windows\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS1\system32\qmgr.dll [706560 2007-02-17] (Microsoft Corporation)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [775168 2008-10-18] () [File not signed]
S2 Browser; C:\Windows\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [141824 2008-08-01] () [File not signed]
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2008-08-01] () [File not signed]
S4 CiSvc; C:\Windows\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 clr_optimization_v2.0.50727_32; c:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [70144 2007-10-24] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_64; c:\WINDOWS1\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [93696 2007-10-23] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\Windows\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [45568 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-08-09] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS1\system32\es.dll [377856 2008-04-30] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS1\SysWOW64\es.dll [247296 2008-04-30] (Microsoft Corporation)
S3 FontCache3.0.0.0; c:\WINDOWS1\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [36864 2007-10-09] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HWDeviceService64.exe; C:\Documents and Settings\All Users.WINDOWS1\Application Data\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 idsvc; c:\WINDOWS1\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [921600 2007-10-10] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS1\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 lanmanserver; C:\Windows\System32\srvsvc.dll [96768 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\Windows\System32\wkssvc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\Windows\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS1\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
S3 MSDTC; C:\WINDOWS1\system32\msdtc.exe [6656 2008-07-24] (Microsoft Corporation)
S3 MSIServer; C:\Windows\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS1\SysWOW64\msiexec.exe [95744 2008-05-21] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; c:\WINDOWS1\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2013-11-14] (Nitro PDF Software)
R3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 nlsX86cc; C:\WINDOWS1\SysWOW64\NLSSRV32.EXE [69640 2013-11-14] (Nalpeiron Ltd.)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\services.exe [108544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasAuto; C:\Windows\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS1\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\Windows\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\Windows\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\Windows\system32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\system32\spoolsv.exe [57856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS1\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [138752 2008-04-14] (Microsoft Corporation) [File not signed]
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\WINDOWS1\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\Windows\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UMWdf; C:\WINDOWS1\system32\wdfmgr.exe [62976 2005-03-25] (Microsoft Corporation)
S3 UMWdf; C:\WINDOWS1\SysWOW64\wdfmgr.exe [39424 2005-03-25] (Microsoft Corporation)
R2 upnphost; C:\Windows\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS1\system32\w32time.dll [407552 2007-02-17] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS1\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
R2 WebClient; C:\Windows\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS1\system32\mspmsnsv.dll [36352 2007-02-17] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS1\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [617472 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS1\system32\wbem\wmiapsrv.exe [223232 2007-02-17] (Microsoft Corporation)
R2 wscsvc; C:\Windows\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS1\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AeLookupSvc; %SystemRoot%\System32\aelupsvc.dll [X]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [X]
S3 COMSysApp; C:\WINDOWS1\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R2 Eventlog;  [X]
R2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
S3 IASJet; %SystemRoot%\SysWOW64\iasrecst.dll [X]
R2 Schedule; %SystemRoot%\system32\schedsvc.dll [X]
R3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
R2 winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; No ImagePath
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\System32\drivers\afd.sys [138112 2008-04-14] (Microsoft Corporation) [File not signed]
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 AmdIde; No ImagePath
S4 arc; No ImagePath
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Atdisk; No ImagePath
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\Windows\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) [File not signed]
S4 dpti2o; No ImagePath
S1 Fdc; C:\Windows\System32\Drivers\Fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\Windows\System32\Drivers\Flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HTTP; C:\Windows\System32\Drivers\HTTP.sys [264832 2008-04-14] (Microsoft Corporation) [File not signed]
S1 i2omgmt; No ImagePath
R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
S4 iirsp; No ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
S4 IntelIde; No ImagePath
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\Windows\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Modem; C:\Windows\System32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
S4 mraid35x; No ImagePath
R3 MRxDAV; C:\Windows\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [456576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [10112 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCI; C:\Windows\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\Windows\System32\DRIVERS\pciide.sys [3328 2008-04-14] (Microsoft Corporation) [File not signed]
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDPWD; No ImagePath
R3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [5888 2008-04-14] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\Windows\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Simbad; No ImagePath
R3 Srv; C:\Windows\System32\DRIVERS\srv.sys [334848 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\Windows\System32\DRIVERS\tcpip.sys [361344 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDPIPE; No ImagePath
S3 TDTCP; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [30208 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [17152 2008-04-14] (Microsoft Corporation) [File not signed]
S1 VgaSave; C:\Windows\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ViaIde; No ImagePath
R0 VolSnap; C:\Windows\System32\DRIVERS\volsnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; system32\DRIVERS\audstub.sys [X]
R3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
R0 BtHidBus; System32\Drivers\BtHidBus.sys [X]
R2 CdaC15BA; system32\DRIVERS\CdaC15BA.sys [X]
R2 CdaD10BA; system32\DRIVERS\CdaD10BA.sys [X]
R0 crcdisk; system32\DRIVERS\crcdisk.sys [X]
R2 eamon; system32\DRIVERS\eamon.sys [X]
R1 ehdrv; system32\DRIVERS\ehdrv.sys [X]
R2 epfw; system32\DRIVERS\epfw.sys [X]
R3 Epfwndis; system32\DRIVERS\Epfwndis.sys [X]
R1 epfwtdi; system32\DRIVERS\epfwtdi.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
R0 FltMgr; system32\drivers\fltmgr.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
R3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
R1 IDMTDI; system32\DRIVERS\idmtdi.sys [X]
R3 IntcAzAudAddService; system32\drivers\RTKHDA64.SYS [X]
S3 IRENUM; system32\DRIVERS\irenum.sys [X]
R3 IvtBtBUs; System32\Drivers\IvtBtBus.sys [X]
R3 ksthunk; system32\drivers\ksthunk.sys [X]
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]
S3 MSPQM; system32\drivers\MSPQM.sys [X]
R3 rdpdr; system32\DRIVERS\rdpdr.sys [X]
R1 redbook; system32\DRIVERS\redbook.sys [X]
R3 rtl8139; system32\DRIVERS\RTL39A64.SYS [X]
S3 SASENUM; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SuperAntiSpyware\SASENUM.SYS [X]
S3 splitter; system32\drivers\splitter.sys [X]
R0 sr; system32\DRIVERS\sr.sys [X]
R1 TermDD; system32\DRIVERS\termdd.sys [X]
S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
R3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
R3 vga; system32\DRIVERS\vgapnp.sys [X]
R3 Wdf01000; System32\Drivers\wdf01000.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll ==> No File
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll ==> No File
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS1\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll ==> No File
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll ==> No File
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll ==> No File
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll ==> No File
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-25 23:59 - 2015-06-25 23:59 - 00008008 _____ C:\Documents and Settings\Administrator\Desktop\New Text Document.txt
2015-06-19 22:07 - 2015-06-27 10:06 - 00000000 ____D C:\FRST
2015-06-16 18:41 - 2015-06-16 18:41 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\BWMeterPro
2015-06-16 18:41 - 2015-06-16 18:41 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BWMonitor
2015-06-16 18:40 - 2015-06-16 18:40 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Bandwidth Meter Pro
2015-06-16 18:40 - 2015-06-16 18:40 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Bandwidth Meter Pro
2015-06-15 16:23 - 2015-06-16 18:41 - 00000000 ____D C:\Program Files (x86)\BandwidthMeterPro
2015-06-15 16:10 - 2015-06-15 16:10 - 00013762 _____ C:\Documents and Settings\Administrator\Desktop\part rate s no 257.xlsx
2015-06-11 00:13 - 2015-06-11 00:13 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2015-06-10 23:40 - 2015-06-10 23:40 - 00000000 __SHD C:\Documents and Settings\Default User.WINDOWS1\IETldCache
2015-06-10 23:37 - 2015-06-10 23:37 - 00000839 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2015-06-10 23:36 - 2015-06-10 23:36 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2015-06-10 23:22 - 2015-06-10 23:32 - 00000000 ____D C:\WINDOWS1\system32\MRT
2015-06-10 23:21 - 2015-06-10 23:21 - 00120668 _____ C:\WINDOWS1\KB2930275.log
2015-06-10 23:21 - 2015-06-10 23:21 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2930275$
2015-06-10 23:21 - 2015-05-27 00:04 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS1\system32\MRT.exe
2015-06-10 23:20 - 2015-06-10 23:20 - 00124516 _____ C:\WINDOWS1\KB2909921.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00119860 _____ C:\WINDOWS1\KB2929961.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00119587 _____ C:\WINDOWS1\KB2909213.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00119207 _____ C:\WINDOWS1\KB2916036.log
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2929961$
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2916036$
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2909921$
2015-06-10 23:20 - 2015-06-10 23:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2909213$
2015-06-10 23:19 - 2015-06-10 23:20 - 00116065 _____ C:\WINDOWS1\KB2914368.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00116876 _____ C:\WINDOWS1\KB2893294.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00116176 _____ C:\WINDOWS1\KB2898715.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00115884 _____ C:\WINDOWS1\KB2904266.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00115099 _____ C:\WINDOWS1\KB2892076.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00115005 _____ C:\WINDOWS1\KB2875783.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00006686 _____ C:\WINDOWS1\system32\TZLog.log
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2914368$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2904266$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2898715$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2893294$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2892076$
2015-06-10 23:19 - 2015-06-10 23:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2875783$
2015-06-10 23:18 - 2015-06-10 23:19 - 00116556 _____ C:\WINDOWS1\KB2862152.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00116215 _____ C:\WINDOWS1\KB2868626.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00115973 _____ C:\WINDOWS1\KB2876331.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00113474 _____ C:\WINDOWS1\KB2900986.log
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2900986$
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2876331$
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2868626$
2015-06-10 23:18 - 2015-06-10 23:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2862152$
2015-06-10 23:17 - 2015-06-10 23:18 - 00115326 _____ C:\WINDOWS1\KB2862335.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00116573 _____ C:\WINDOWS1\KB2862330.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00114887 _____ C:\WINDOWS1\KB2864058.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00113001 _____ C:\WINDOWS1\KB2847311.log
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2864058$
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2862335$
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2862330$
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2847311$
2015-06-10 23:16 - 2015-06-10 23:17 - 00112618 _____ C:\WINDOWS1\KB2864063.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00114021 _____ C:\WINDOWS1\KB2876217.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00112074 _____ C:\WINDOWS1\KB2850869.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00111692 _____ C:\WINDOWS1\KB2803821-v2.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00111223 _____ C:\WINDOWS1\KB2834886.log
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2876217$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2864063$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2850869$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2834886$
2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2803821-v2$
2015-06-10 23:15 - 2015-06-10 23:16 - 00115379 _____ C:\WINDOWS1\KB2813170.log
2015-06-10 23:15 - 2015-06-10 23:15 - 00116456 _____ C:\WINDOWS1\KB2807986.log
2015-06-10 23:15 - 2015-06-10 23:15 - 00115299 _____ C:\WINDOWS1\KB2820917.log
2015-06-10 23:15 - 2015-06-10 23:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2820917$
2015-06-10 23:15 - 2015-06-10 23:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2813170$
2015-06-10 23:15 - 2015-06-10 23:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2807986$
2015-06-10 23:14 - 2015-06-10 23:14 - 00850076 _____ C:\WINDOWS1\msxml6-KB2758696-enu-amd64.LOG
2015-06-10 23:14 - 2015-06-10 23:14 - 00114957 _____ C:\WINDOWS1\KB2780091.log
2015-06-10 23:14 - 2015-06-10 23:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2780091$
2015-06-10 23:14 - 2015-06-10 23:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2770660$
2015-06-10 23:13 - 2015-06-10 23:14 - 00114559 _____ C:\WINDOWS1\KB2770660.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00115145 _____ C:\WINDOWS1\KB2705219-v2.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00114536 _____ C:\WINDOWS1\KB2748349.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00113750 _____ C:\WINDOWS1\KB2727528.log
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2749655$
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2748349$
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2727528$
2015-06-10 23:13 - 2015-06-10 23:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2705219-v2$
2015-06-10 23:12 - 2015-06-10 23:13 - 00114175 _____ C:\WINDOWS1\KB2749655.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00114218 _____ C:\WINDOWS1\KB2698365.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00114028 _____ C:\WINDOWS1\KB2691442.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00112678 _____ C:\WINDOWS1\KB2712808.log
2015-06-10 23:12 - 2015-06-10 23:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2712808$
2015-06-10 23:12 - 2015-06-10 23:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2698365$
2015-06-10 23:12 - 2015-06-10 23:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2691442$
2015-06-10 23:11 - 2015-06-10 23:12 - 00115643 _____ C:\WINDOWS1\KB2655992.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00112853 _____ C:\WINDOWS1\KB2686509.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00111931 _____ C:\WINDOWS1\KB2685939.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00109838 _____ C:\WINDOWS1\KB2659262.log
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2686509$
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2685939$
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2659262$
2015-06-10 23:11 - 2015-06-10 23:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2655992$
2015-06-10 23:10 - 2015-06-10 23:11 - 00114254 _____ C:\WINDOWS1\KB2676562.log
2015-06-10 23:10 - 2015-06-10 23:10 - 00113024 _____ C:\WINDOWS1\KB2653956.log
2015-06-10 23:10 - 2015-06-10 23:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2676562$
2015-06-10 23:10 - 2015-06-10 23:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2653956$
2015-06-10 23:09 - 2015-06-10 23:33 - 00065536 _____ C:\WINDOWS1\system32\config\Internet Explorer.evt
2015-06-10 23:05 - 2015-06-10 23:10 - 00122613 _____ C:\WINDOWS1\ie8.log
2015-06-10 23:05 - 2015-06-10 23:08 - 00000000 __HDC C:\WINDOWS1\ie8
2015-06-10 23:04 - 2015-06-10 23:10 - 00030695 _____ C:\WINDOWS1\ie8_main.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00047398 _____ C:\WINDOWS1\KB2644615.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00046957 _____ C:\WINDOWS1\KB2598479.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00044783 _____ C:\WINDOWS1\KB2603381.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00042488 _____ C:\WINDOWS1\KB2638806.log
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2644615$
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2638806$
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2603381$
2015-06-10 23:03 - 2015-06-10 23:03 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2598479$
2015-06-10 23:02 - 2015-06-10 23:03 - 00045706 _____ C:\WINDOWS1\KB2631813.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00045716 _____ C:\WINDOWS1\KB2620712.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00045400 _____ C:\WINDOWS1\KB2544893-v2.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00045021 _____ C:\WINDOWS1\KB2584146.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00044820 _____ C:\WINDOWS1\KB2619339.log
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2631813$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2620712$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2619339$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2584146$
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2544893-v2$
2015-06-10 23:01 - 2015-06-10 23:02 - 00041939 _____ C:\WINDOWS1\KB2564958.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041428 _____ C:\WINDOWS1\KB2536276-v2.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041425 _____ C:\WINDOWS1\KB2507938.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041371 _____ C:\WINDOWS1\KB2566454.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00041277 _____ C:\WINDOWS1\KB2570947.log
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2570947$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2566454$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2564958$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2536276-v2$
2015-06-10 23:01 - 2015-06-10 23:01 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2507938$
2015-06-10 23:00 - 2015-06-10 23:01 - 00040729 _____ C:\WINDOWS1\KB2476490.log
2015-06-10 23:00 - 2015-06-10 23:00 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2476490$
2015-06-10 22:44 - 2015-06-10 22:44 - 00041080 _____ C:\WINDOWS1\KB2509553.log
2015-06-10 22:44 - 2015-06-10 22:44 - 00038693 _____ C:\WINDOWS1\KB2535512.log
2015-06-10 22:44 - 2015-06-10 22:44 - 00037148 _____ C:\WINDOWS1\KB2510587.log
2015-06-10 22:44 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2535512$
2015-06-10 22:44 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2510587$
2015-06-10 22:44 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2509553$
2015-06-10 22:43 - 2015-06-10 22:44 - 00034096 _____ C:\WINDOWS1\KB2506212.log
2015-06-10 22:43 - 2015-06-10 22:44 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2506212$
2015-06-10 22:43 - 2015-06-10 22:43 - 00035518 _____ C:\WINDOWS1\KB2508429.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00035382 _____ C:\WINDOWS1\KB971029.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00034478 _____ C:\WINDOWS1\KB2479943.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00034393 _____ C:\WINDOWS1\KB2485663.log
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB971029$
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2508429$
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2485663$
2015-06-10 22:43 - 2015-06-10 22:43 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2479943$
2015-06-10 22:42 - 2015-06-10 22:43 - 00036138 _____ C:\WINDOWS1\KB2393802.log
2015-06-10 22:42 - 2015-06-10 22:42 - 00034792 _____ C:\WINDOWS1\KB2483185.log
2015-06-10 22:42 - 2015-06-10 22:42 - 00034326 _____ C:\WINDOWS1\KB2478960.log
2015-06-10 22:42 - 2015-06-10 22:42 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2483185$
2015-06-10 22:42 - 2015-06-10 22:42 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2478960$
2015-06-10 22:42 - 2015-06-10 22:42 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2393802$
2015-06-10 22:41 - 2015-06-10 22:42 - 00033897 _____ C:\WINDOWS1\KB2478971.log
2015-06-10 22:41 - 2015-06-10 22:41 - 00038064 _____ C:\WINDOWS1\KB2419635.log
2015-06-10 22:41 - 2015-06-10 22:41 - 00032599 _____ C:\WINDOWS1\KB2443105.log
2015-06-10 22:41 - 2015-06-10 22:41 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2478971$
2015-06-10 22:41 - 2015-06-10 22:41 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2443105$
2015-06-10 22:41 - 2015-06-10 22:41 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2419635$
2015-06-10 22:40 - 2015-06-10 22:41 - 00032649 _____ C:\WINDOWS1\KB2423089.log
2015-06-10 22:40 - 2015-06-10 22:40 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2423089$
2015-06-10 22:31 - 2015-06-10 22:31 - 00032366 _____ C:\WINDOWS1\KB982132.log
2015-06-10 22:31 - 2015-06-10 22:31 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB982132$
2015-06-10 22:30 - 2015-06-10 22:30 - 00034552 _____ C:\WINDOWS1\KB979687.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00032481 _____ C:\WINDOWS1\KB2378111.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00031419 _____ C:\WINDOWS1\KB2347290.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00030798 _____ C:\WINDOWS1\KB975558.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00030782 _____ C:\WINDOWS1\KB2387149.log
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB979687$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975558_WM8$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2387149$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2378111$
2015-06-10 22:30 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2347290$
2015-06-10 22:29 - 2015-06-10 22:30 - 00030592 _____ C:\WINDOWS1\KB981997.log
2015-06-10 22:29 - 2015-06-10 22:30 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB981997$
2015-06-10 22:29 - 2015-06-10 22:29 - 00030607 _____ C:\WINDOWS1\KB2229593.log
2015-06-10 22:29 - 2015-06-10 22:29 - 00030530 _____ C:\WINDOWS1\KB2115168.log
2015-06-10 22:29 - 2015-06-10 22:29 - 00030506 _____ C:\WINDOWS1\KB982665.log
2015-06-10 22:29 - 2015-06-10 22:29 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB982665$
2015-06-10 22:29 - 2015-06-10 22:29 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2229593$
2015-06-10 22:29 - 2015-06-10 22:29 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB2115168$
2015-06-10 22:20 - 2015-06-10 22:20 - 00032193 _____ C:\WINDOWS1\KB978338.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00031105 _____ C:\WINDOWS1\KB978542.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00030500 _____ C:\WINDOWS1\KB979482.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00030495 _____ C:\WINDOWS1\KB979309.log
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB979482$
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB979309$
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB978542$
2015-06-10 22:20 - 2015-06-10 22:20 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB978338$
2015-06-10 22:19 - 2015-06-10 22:20 - 00030376 _____ C:\WINDOWS1\KB977816.log
2015-06-10 22:19 - 2015-06-10 22:19 - 00032649 _____ C:\WINDOWS1\KB977914.log
2015-06-10 22:19 - 2015-06-10 22:19 - 00030715 _____ C:\WINDOWS1\KB978706.log
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB978706$
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB977914$
2015-06-10 22:19 - 2015-06-10 22:19 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB977816$
2015-06-10 22:18 - 2015-06-10 22:19 - 00031377 _____ C:\WINDOWS1\KB975560.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00030901 _____ C:\WINDOWS1\KB975713.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00030384 _____ C:\WINDOWS1\KB973904.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00030126 _____ C:\WINDOWS1\KB972270.log
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975713$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975560$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974392$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973904$
2015-06-10 22:18 - 2015-06-10 22:18 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB972270$
2015-06-10 22:17 - 2015-06-10 22:18 - 00029213 _____ C:\WINDOWS1\KB974392.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00030572 _____ C:\WINDOWS1\KB968389.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00029163 _____ C:\WINDOWS1\KB974318.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00028963 _____ C:\WINDOWS1\KB975467.log
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975467$
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974318$
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB969059$
2015-06-10 22:17 - 2015-06-10 22:17 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB968389$
2015-06-10 22:16 - 2015-06-10 22:17 - 00024302 _____ C:\WINDOWS1\KB969059.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00024363 _____ C:\WINDOWS1\KB974571.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00023971 _____ C:\WINDOWS1\KB974112.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00023099 _____ C:\WINDOWS1\KB956844.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00022965 _____ C:\WINDOWS1\KB973869.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00022926 _____ C:\WINDOWS1\KB954155.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00022858 _____ C:\WINDOWS1\KB975025.log
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB975025$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974571$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB974112$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973869$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB956844$
2015-06-10 22:16 - 2015-06-10 22:16 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB954155$
2015-06-10 22:15 - 2015-06-10 22:15 - 00023107 _____ C:\WINDOWS1\KB973507.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00023051 _____ C:\WINDOWS1\KB971657.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00022882 _____ C:\WINDOWS1\KB960859.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00022809 _____ C:\WINDOWS1\KB973815.log
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973815$
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973507$
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB971657$
2015-06-10 22:15 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB960859$
2015-06-10 22:14 - 2015-06-10 22:15 - 00030194 _____ C:\WINDOWS1\KB958469.log
2015-06-10 22:14 - 2015-06-10 22:15 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB958469$
2015-06-10 22:14 - 2015-06-10 22:14 - 00026829 _____ C:\WINDOWS1\KB971032.log
2015-06-10 22:14 - 2015-06-10 22:14 - 00022190 _____ C:\WINDOWS1\KB973540.log
2015-06-10 22:14 - 2015-06-10 22:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB973540$
2015-06-10 22:14 - 2015-06-10 22:14 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB971032$
2015-06-10 22:13 - 2015-06-10 22:14 - 00022131 _____ C:\WINDOWS1\KB959426.log
2015-06-10 22:13 - 2015-06-10 22:13 - 00023203 _____ C:\WINDOWS1\KB952004.log
2015-06-10 22:13 - 2015-06-10 22:13 - 00018207 _____ C:\WINDOWS1\KB960803.log
2015-06-10 22:13 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB960803$
2015-06-10 22:13 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB959426$
2015-06-10 22:13 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB952004$
2015-06-10 22:12 - 2015-06-10 22:13 - 00024156 _____ C:\WINDOWS1\KB956572.log
2015-06-10 22:12 - 2015-06-10 22:13 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB956572$
2015-06-10 22:12 - 2015-06-10 22:12 - 00015764 _____ C:\WINDOWS1\KB923561.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00012877 _____ C:\WINDOWS1\KB952954.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00012775 _____ C:\WINDOWS1\KB952069.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00011795 _____ C:\WINDOWS1\KB950974.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00010630 _____ C:\WINDOWS1\KB951376.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00010626 _____ C:\WINDOWS1\KB946648.log
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB952954$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB952069$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB951376$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB950974$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB946648$
2015-06-10 22:12 - 2015-06-10 22:12 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB923561$
2015-06-10 22:11 - 2015-06-10 22:11 - 00010699 _____ C:\WINDOWS1\KB936357.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010698 _____ C:\WINDOWS1\KB950762.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010697 _____ C:\WINDOWS1\KB946026.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010633 _____ C:\WINDOWS1\KB944653.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00010363 _____ C:\WINDOWS1\KB941569.log
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB950762$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB946026$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB944653$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB941569$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB936357$
2015-06-10 22:11 - 2015-06-10 22:11 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB925398_WMP64$
2015-06-10 22:10 - 2015-06-10 22:11 - 00010856 _____ C:\WINDOWS1\KB925398.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00011032 _____ C:\WINDOWS1\KB932168.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00011023 _____ C:\WINDOWS1\KB929123.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00010161 _____ C:\WINDOWS1\KB925902.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00009797 _____ C:\WINDOWS1\KB931261.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00008095 _____ C:\WINDOWS1\KB924667-v2.log
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB932168$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB931261$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB929123$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB925902$
2015-06-10 22:10 - 2015-06-10 22:10 - 00000000 __HDC C:\WINDOWS1\$NtUninstallKB924667-v2$
2015-06-10 21:55 - 2014-02-07 12:27 - 04602368 _____ (Microsoft Corporation) C:\WINDOWS1\system32\win32k.sys
2015-06-10 21:50 - 2013-11-12 17:22 - 00060928 ____N (Microsoft Corporation) C:\WINDOWS1\system32\tzchange.exe
2015-06-10 21:50 - 2013-11-12 17:22 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS1\SysWOW64\tzchange.exe
2015-06-10 21:50 - 2013-11-07 11:25 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS1\system32\rpcrt4.dll
2015-06-10 21:50 - 2013-11-07 11:25 - 00635392 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\rpcrt4.dll
2015-06-10 21:50 - 2013-10-12 21:37 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS1\system32\oakley.dll
2015-06-10 21:50 - 2013-10-09 18:54 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS1\system32\gdi32.dll
2015-06-10 21:50 - 2013-10-09 18:54 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\gdi32.dll
2015-06-10 21:50 - 2013-10-07 16:42 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS1\system32\crypt32.dll
2015-06-10 21:50 - 2013-10-07 16:42 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\crypt32.dll
2015-06-10 21:50 - 2013-08-14 09:00 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS1\system32\themeui.dll
2015-06-10 21:50 - 2013-08-05 19:17 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS1\system32\ole32.dll
2015-06-10 21:50 - 2013-08-05 19:17 - 01270784 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\ole32.dll
2015-06-10 21:50 - 2013-07-10 15:42 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS1\system32\usp10.dll
2015-06-10 21:50 - 2013-07-04 17:09 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\comctl32.dll
2015-06-10 21:50 - 2013-06-04 18:02 - 00453120 _____ (Adobe Systems Incorporated) C:\WINDOWS1\system32\atmfd.dll
2015-06-10 21:49 - 2013-03-08 14:15 - 00513024 _____ (Microsoft Corporation) C:\WINDOWS1\system32\winsrv.dll
2015-06-10 21:46 - 2012-06-08 21:37 - 10510848 _____ (Microsoft Corporation) C:\WINDOWS1\system32\shell32.dll
2015-06-10 21:46 - 2012-06-08 21:37 - 08362496 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\shell32.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS1\system32\schannel.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS1\system32\msv1_0.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\schannel.dll
2015-06-10 21:46 - 2012-06-04 14:41 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\msv1_0.dll
2015-06-10 21:41 - 2011-11-22 22:18 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\ntdll.dll
2015-06-10 21:41 - 2011-10-26 00:54 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS1\system32\csrsrv.dll
2015-06-10 21:41 - 2011-10-15 02:34 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS1\system32\winmm.dll
2015-06-10 21:41 - 2011-10-15 02:34 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\winmm.dll
2015-06-10 21:38 - 2011-03-11 13:32 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\mfc42.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS1\system32\mswsock.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS1\system32\dnsapi.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\mswsock.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\dnsapi.dll
2015-06-10 21:38 - 2011-03-03 12:50 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS1\system32\dnsrslvr.dll
2015-06-10 21:30 - 2010-12-18 02:32 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS1\system32\kerberos.dll
2015-06-10 21:27 - 2010-08-18 01:31 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS1\system32\spoolsv.exe
2015-06-10 21:24 - 2009-10-15 13:35 - 00622080 _____ (Microsoft Corporation) C:\WINDOWS1\system32\shlwapi.dll
2015-06-10 21:24 - 2009-10-15 13:35 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\shlwapi.dll
2015-06-10 21:23 - 2009-10-08 22:06 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS1\system32\rastls.dll
2015-06-10 21:23 - 2009-10-08 22:06 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS1\system32\raschap.dll
2015-06-10 21:22 - 2009-09-09 22:02 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS1\system32\msasn1.dll
2015-06-10 21:22 - 2009-09-09 22:02 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\msasn1.dll
2015-06-10 21:22 - 2009-07-18 11:54 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS1\system32\atl.dll
2015-06-10 21:22 - 2009-07-18 11:54 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\atl.dll
2015-06-10 21:20 - 2009-03-19 19:51 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS1\system32\rpcss.dll
2015-06-10 21:20 - 2009-03-19 19:51 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\advapi32.dll
2015-06-10 21:20 - 2009-03-19 19:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS1\system32\sc.exe
2015-06-10 21:18 - 2008-04-30 04:49 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS1\system32\es.dll
2015-06-10 21:18 - 2008-04-30 04:49 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\es.dll
2015-06-10 21:06 - 2007-03-21 08:18 - 00454144 _____ (Microsoft Corporation) C:\WINDOWS1\system32\w03a2409.dll
2015-06-10 21:06 - 2007-03-02 01:54 - 01086464 _____ (Microsoft Corporation) C:\WINDOWS1\system32\user32.dll
2015-06-10 21:06 - 2007-03-02 01:54 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS1\SysWOW64\user32.dll
2015-06-10 21:06 - 2007-02-08 08:51 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS1\system32\upnphost.dll
2015-05-28 19:30 - 2015-05-28 19:30 - 00000000 ____D C:\Program Files (x86)\ESET

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 10:06 - 2014-05-19 00:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-06-27 10:01 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\Temp
2015-06-27 09:59 - 2014-07-01 09:33 - 00000716 _____ C:\WINDOWS1\system32\d3d9caps.dat
2015-06-27 09:57 - 2014-05-20 21:26 - 00000664 _____ C:\WINDOWS1\SysWOW64\d3d9caps.dat
2015-06-27 09:56 - 2014-05-19 00:08 - 01181976 _____ C:\WINDOWS1\WindowsUpdate.log
2015-06-27 09:55 - 2014-05-20 05:14 - 00005142 ____C C:\WINDOWS1\system32\PerfStringBackup.INI
2015-06-27 09:52 - 2015-05-15 20:54 - 00000374 _____ C:\WINDOWS1\system32\Drivers\etc\hosts.ics
2015-06-27 09:52 - 2014-05-19 00:22 - 00000000 _____ C:\WINDOWS1\0.log
2015-06-27 09:51 - 2014-05-19 23:22 - 00000000 ____D C:\WINDOWS1\SysWOW64\Lang
2015-06-27 09:51 - 2014-05-19 00:22 - 00000159 _____ C:\Documents and Settings\LocalService\wiadebug.log
2015-06-27 09:51 - 2014-05-19 00:22 - 00000006 ____H C:\WINDOWS1\Tasks\SA.DAT
2015-06-27 09:51 - 2008-08-04 18:04 - 00000982 _____ C:\WINDOWS1\SysWOW64\bscs.ini
2015-06-27 09:51 - 2005-03-25 17:30 - 00002206 _____ C:\WINDOWS1\system32\wpa.dbl
2015-06-26 00:09 - 2014-05-19 00:22 - 00032566 _____ C:\WINDOWS1\Tasks\SchedLgU.Txt
2015-06-26 00:09 - 2014-05-19 00:22 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-25 18:54 - 2015-04-18 14:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 18:41 - 2014-06-17 19:56 - 00000000 ____D C:\Documents and Settings\Guest
2015-06-25 15:31 - 2014-05-19 00:22 - 00000265 _____ C:\Documents and Settings\Administrator\wiadebug.log
2015-06-25 14:46 - 2015-05-12 22:30 - 00000526 _____ C:\WINDOWS1\Tasks\SUPERAntiSpyware Scheduled Task 78220cb0-5bdc-4168-9f98-43f96b15e38d.job
2015-06-23 21:21 - 2015-04-23 14:50 - 00000000 ____D C:\Program Files (x86)\AnMing
2015-06-21 00:31 - 2014-05-19 22:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2015-06-19 22:09 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1
2015-06-17 22:05 - 2014-05-19 00:22 - 00011848 _____ C:\WINDOWS1\PFRO.log
2015-06-15 16:25 - 2014-06-08 23:13 - 00034308 _____ C:\WINDOWS1\SysWOW64\BASSMOD.dll
2015-06-15 16:18 - 2014-05-29 20:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitComet
2015-06-15 10:57 - 2014-05-20 05:13 - 00822591 _____ C:\WINDOWS1\setupapi.log
2015-06-11 14:58 - 2014-06-08 22:00 - 00778416 ____C (Adobe Systems Incorporated) C:\WINDOWS1\SysWOW64\FlashPlayerApp.exe
2015-06-11 14:58 - 2014-06-08 22:00 - 00142512 ____C (Adobe Systems Incorporated) C:\WINDOWS1\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 00:13 - 2014-05-19 00:22 - 00000000 ____D C:\Documents and Settings\Administrator
2015-06-10 23:51 - 2015-03-06 12:48 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\Oracle
2015-06-10 23:51 - 2015-03-06 12:48 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS1\Application Data\Oracle
2015-06-10 23:51 - 2014-11-11 19:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-10 23:49 - 2015-04-12 11:50 - 00097888 _____ (Oracle Corporation) C:\WINDOWS1\SysWOW64\WindowsAccessBridge-32.dll
2015-06-10 23:48 - 2014-05-20 20:43 - 00146432 _____ (Oracle Corporation) C:\WINDOWS1\SysWOW64\javacpl.cpl
2015-06-10 23:37 - 2014-05-19 00:22 - 00000809 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-10 23:37 - 2014-05-19 00:22 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-06-10 23:36 - 2014-05-19 22:13 - 00031527 _____ C:\WINDOWS1\spupdsvc.log
2015-06-10 23:35 - 2014-05-20 05:13 - 00354568 _____ C:\WINDOWS1\system32\FNTCACHE.DAT
2015-06-10 23:35 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\Help
2015-06-10 23:34 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\msagent64
2015-06-10 23:21 - 2014-05-20 05:14 - 00574549 _____ C:\WINDOWS1\FaxSetup.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00339998 _____ C:\WINDOWS1\msmqinst.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00249672 _____ C:\WINDOWS1\tsoc.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00232290 _____ C:\WINDOWS1\comsetup.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00224042 _____ C:\WINDOWS1\iis6.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00195913 _____ C:\WINDOWS1\ocgen.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00147937 _____ C:\WINDOWS1\ntdtcsetup.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00038590 _____ C:\WINDOWS1\ocmsn.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00034611 _____ C:\WINDOWS1\msgsocm.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00000970 _____ C:\WINDOWS1\imsins.log
2015-06-10 23:21 - 2014-05-20 05:14 - 00000970 _____ C:\WINDOWS1\imsins.BAK
2015-06-10 23:21 - 2014-05-19 21:47 - 00155203 _____ C:\WINDOWS1\updspapi.log
2015-06-10 23:15 - 2015-01-14 09:40 - 00000000 ___HD C:\WINDOWS1\$hf_mig$
2015-06-10 23:08 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\Media
2015-06-10 22:51 - 2014-05-21 23:29 - 00005124 _____ C:\WINDOWS1\SysWOW64\PerfStringBackup.INI
2015-06-10 22:40 - 2014-05-19 00:06 - 00000000 ____D C:\Program Files\Outlook Express
2015-06-10 22:40 - 2014-05-19 00:06 - 00000000 ____D C:\Program Files (x86)\Outlook Express
2015-06-10 22:30 - 2014-05-19 00:22 - 00000828 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-06-10 22:30 - 2014-05-19 00:07 - 00000000 ____D C:\Program Files (x86)\Movie Maker
2015-06-10 22:30 - 2014-05-19 00:04 - 00025032 _____ C:\WINDOWS1\wmsetup.log
2015-06-10 22:13 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\system32\Setup
2015-06-10 22:12 - 2014-05-19 00:02 - 00000000 ____D C:\Program Files\Messenger
2015-06-10 22:10 - 2014-05-20 05:03 - 00000000 ____D C:\WINDOWS1\msagent
2015-06-10 22:10 - 2014-05-19 00:05 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-10 22:09 - 2014-05-19 21:46 - 00000000 ____D C:\WINDOWS1\system32\ReinstallBackups
2015-06-08 21:16 - 2014-06-06 20:59 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Nitro PDF
2015-05-28 21:35 - 2015-04-30 23:07 - 00000000 ____D C:\Program Files (x86)\SalePlus
2015-05-28 21:35 - 2015-04-30 23:06 - 00000000 ____D C:\Program Files (x86)\SaLEPluSS
2015-05-28 21:33 - 2015-04-30 23:08 - 00000000 ____D C:\Program Files (x86)\Bookolio
2015-05-28 21:33 - 2015-04-30 23:08 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-05-28 19:25 - 2014-06-08 23:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\DMCache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 1033728 ____A (Microsoft Corporation) 12896823FB95BFB3DC9B46BCAEDC9923

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2008-04-14 17:30] - [2008-04-14 17:30] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe
[2008-04-14 17:30] - [2008-04-14 17:30] - 0026112 ____A (Microsoft Corporation) A93AEE1928A9D7CE3E16D24EC7380F89

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 17:30] - [2008-04-14 17:30] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End of log ============================

 

 

 

addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Administrator at 2015-06-27 10:06:52
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4196316794-2275671525-1384915817-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-4196316794-2275671525-1384915817-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
SUPPORT_388945a0 (S-1-5-21-4196316794-2275671525-1384915817-1001 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Bandwidth Meter Pro v2.6 build 629 (HKLM-x32\...\{C3E08AD8-3B84-4663-A7F8-BF6737B15589}_is1) (Version:  - BANDWIDTH-METER.NET)
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
Bluesoleil 6.2.227.11 (HKLM\...\{F230730E-4C3C-4A9B-A44B-C5E533F0BFA2}) (Version: 6.2.227.11 - IVT Corporation)
Bookolio (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{27D0BA93-9779-481A-BC4A-2F966A2B0DC6}) (Version: 5.0.93.0 - ESET, spol. s r.o.)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
IIFL Trader Terminal (HKLM-x32\...\{6701BE65-01D4-483A-9F8F-8C6414CC7432}) (Version: 1.0.0 - IIFL)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - )
ISM Office 3.04 (HKLM-x32\...\ISM300) (Version:  - )
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Mega Codec Pack 9.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version:  - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.09.02.910 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MP3 To Ringtone Gold 8.7 (HKLM-x32\...\MP3 To Ringtone Gold_is1) (Version:  - AnMing)
MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E1B33EF1-258C-4EC0-A340-D031100FE50D}) (Version: 6.20.2016.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{461D1871-A4D4-4FF6-8E8E-ED8CA4177986}) (Version: 8.5.7.3 - Nitro)
PowerISO (HKLM-x32\...\PowerISO) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
SalePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - ) <==== ATTENTION
StarToken-NG (HKLM-x32\...\{9AEF25CF-6F43-41FB-9DDD-9BFA15EE81FD}) (Version: 3.1.12 - Bank of India)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Update for Windows XP (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Waterfox (HKLM\...\{C55B5B3C-7F46-40E6-B943-EFB6765FB828}) (Version: 16.0.1 - Waterfox Limited)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140744 - Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows x64 Service Pack) (Version: 20070217.000042 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Youtube Downloader HD v. 2.9.9.19 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4196316794-2275671525-1384915817-500_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A140\temp\Mp3 To Ringtone Gold 8.7 keygen.exe No File

==================== Restore Points =========================

23-06-2015 22:11:49 System Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2005-03-25 17:30 - 2005-03-25 17:30 - 00000734 ____A C:\WINDOWS1\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: C:\WINDOWS1\Tasks\SUPERAntiSpyware Scheduled Task 0638929a-5f9a-4e0f-ae7b-11bffb9a1b91.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS1\Tasks\SUPERAntiSpyware Scheduled Task 78220cb0-5bdc-4168-9f98-43f96b15e38d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2008-08-04 18:04 - 2008-10-18 07:32 - 00775168 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
2008-08-01 16:00 - 2008-08-01 16:00 - 00022016 _____ () C:\WINDOWS1\system32\bstrace.dll
2008-08-01 15:55 - 2008-08-01 15:55 - 00143467 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
2008-08-01 16:00 - 2008-08-01 16:00 - 00022016 _____ () C:\WINDOWS1\system32\BsTrace.dll
2008-07-09 15:12 - 2008-07-09 15:12 - 00237568 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
2008-07-09 15:12 - 2008-07-09 15:12 - 00061440 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\ExtraLib.dll
2003-05-01 17:23 - 2003-05-01 17:23 - 00041472 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\cscvt.dll
2008-08-01 15:55 - 2008-08-01 15:55 - 00028672 _____ () C:\WINDOWS1\SysWOW64\BsMobileCSps.dll
2014-05-19 20:11 - 2013-03-01 12:03 - 00650240 _____ () C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
2014-05-19 20:11 - 2009-01-11 00:02 - 00011362 _____ () C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-05-19 20:11 - 2009-06-23 08:12 - 00043008 _____ () C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-05-19 20:11 - 2012-10-31 14:41 - 02417152 _____ () C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-05-19 20:11 - 2012-10-31 14:44 - 01148416 _____ () C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-05-19 20:11 - 2013-03-01 12:03 - 00843264 _____ () C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-05-19 20:11 - 2012-10-31 14:41 - 00398336 _____ () C:\Documents and Settings\All Users.WINDOWS1\Application Data\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-05-19 20:10 - 2014-05-19 20:11 - 00516096 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2014-05-19 20:10 - 2013-03-01 11:14 - 01373184 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00288256 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2014-05-19 20:10 - 2009-01-11 00:02 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2014-05-19 20:10 - 2009-06-23 08:12 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2014-05-19 20:10 - 2012-10-31 14:41 - 02417152 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2014-05-19 20:10 - 2012-10-31 15:03 - 09562624 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2014-05-19 20:10 - 2012-10-31 14:41 - 00398336 _____ () C:\Program Files (x86)\Mobile Partner\QtXml4.dll
2014-05-19 20:10 - 2012-10-31 19:04 - 15675904 _____ () C:\Program Files (x86)\Mobile Partner\QtWebKit4.dll
2014-05-19 20:10 - 2012-10-31 14:44 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2014-05-19 20:10 - 2012-10-31 17:53 - 03962368 _____ () C:\Program Files (x86)\Mobile Partner\QtXmlPatterns4.dll
2014-05-19 20:10 - 2012-10-31 17:54 - 00306176 _____ () C:\Program Files (x86)\Mobile Partner\phonon4.dll
2014-05-19 20:10 - 2012-11-23 11:42 - 00407040 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.dll
2014-05-19 20:10 - 2012-11-23 11:42 - 00628224 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2014-05-19 20:10 - 2012-11-23 11:42 - 00158208 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00583168 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00646144 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2014-05-19 20:10 - 2013-03-01 11:21 - 00729600 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00195584 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00247296 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00166400 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2014-05-19 20:10 - 2012-11-23 11:42 - 00155136 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00177152 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00672768 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00219648 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2014-05-19 20:10 - 2013-03-01 11:21 - 00731136 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2014-05-19 20:10 - 2012-06-06 06:52 - 00155648 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 01124352 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00704000 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00187392 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00569344 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:42 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2014-05-19 20:10 - 2013-01-31 14:24 - 00236544 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2014-05-19 20:10 - 2013-01-31 14:23 - 00102912 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00201216 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00131584 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2014-05-19 20:10 - 2012-07-27 12:23 - 01114112 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00702464 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2014-05-19 20:10 - 2012-06-06 06:52 - 00224256 _____ () C:\Program Files (x86)\Mobile Partner\tdpcvoice.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00584192 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00311808 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2014-05-19 20:10 - 2012-11-23 11:43 - 00168960 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2014-05-19 20:10 - 2013-02-21 16:54 - 00716288 _____ () C:\Program Files (x86)\Mobile Partner\CallUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00097792 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00327680 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00392704 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2014-05-19 20:10 - 2013-02-21 16:50 - 00730112 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00214016 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoRecordUIPlugin.dll
2014-05-19 20:10 - 2013-03-01 11:15 - 00505856 _____ () C:\Program Files (x86)\Mobile Partner\WiFiHotspotUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00165376 _____ () C:\Program Files (x86)\Mobile Partner\IbiboAdvertisementPugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00119296 _____ () C:\Program Files (x86)\Mobile Partner\ConnectMgrUIPlugin.dll
2014-05-19 20:10 - 2010-12-10 09:53 - 00070656 _____ () C:\Program Files (x86)\Mobile Partner\plugins\designer\qwebview.dll
2014-05-19 20:10 - 2012-11-01 17:40 - 00197632 _____ () C:\Program Files (x86)\Mobile Partner\plugins\codecs\qcncodecs4.dll
2014-05-19 20:10 - 2012-11-01 17:40 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2014-05-19 20:10 - 2012-11-01 17:40 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2014-05-19 20:10 - 2012-11-01 17:40 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2014-05-19 20:10 - 2012-11-01 17:40 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2014-05-19 20:10 - 2012-11-01 17:40 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2014-05-19 20:10 - 2013-03-01 11:17 - 00420864 _____ () C:\Program Files (x86)\Mobile Partner\WebUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00358400 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2014-05-19 20:10 - 2013-03-01 11:16 - 00506880 _____ () C:\Program Files (x86)\Mobile Partner\USSDUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00304640 _____ () C:\Program Files (x86)\Mobile Partner\DiagnosisPlugin.dll
2014-05-19 20:10 - 2013-02-08 10:43 - 00543232 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2014-05-19 20:10 - 2013-02-21 16:52 - 00859648 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00819200 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00416768 _____ () C:\Program Files (x86)\Mobile Partner\CallLogUIPlugin.dll
2014-05-19 20:10 - 2013-03-01 11:16 - 00314368 _____ () C:\Program Files (x86)\Mobile Partner\MiniFramePlugin.dll
2014-05-19 20:10 - 2013-03-01 12:03 - 00694272 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00219648 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2014-05-19 20:10 - 2013-02-07 15:20 - 00138752 _____ () C:\Program Files (x86)\Mobile Partner\DownLoadAndCache.dll
2008-01-16 04:24 - 2008-01-16 04:24 - 00037376 _____ () E:\Winamp\winampa.exe
2008-08-04 18:04 - 2008-08-04 18:04 - 00226816 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
2008-08-01 16:01 - 2008-08-01 16:01 - 00381440 _____ () C:\WINDOWS1\system32\BsMobileSDK.dll
2008-08-01 15:46 - 2008-08-01 15:46 - 17892352 _____ () C:\WINDOWS1\system32\BsLangInDepRes.dll
2008-08-01 16:02 - 2008-08-01 16:02 - 00141312 ____C () C:\WINDOWS1\system32\BsProfilefunc.dll
2008-08-01 16:00 - 2008-08-01 16:00 - 00081408 _____ () C:\WINDOWS1\system32\Bs2Res.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS1:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4196316794-2275671525-1384915817-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS1\web\wallpaper\Windows XP.bmp
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\BitComet\BitComet.exe] => Enabled:BitComet.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe] => Enabled:BlueSoleilCS
StandardProfile\GloballyOpenPorts: [13149:TCP] => Enabled:BitComet 13149 TCP
StandardProfile\GloballyOpenPorts: [13149:UDP] => Enabled:BitComet 13149 UDP
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Modem
Description: PCI Modem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2015 10:06:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst64.exe, version 13.6.2015.0, faulting module frst64.exe, version 13.6.2015.0, fault address 0x0000000000024a04.
Processing media-specific event for [frst64.exe!ws!]

Error: (06/27/2015 09:59:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 16.0.1.4682, faulting module mozalloc.dll, version 16.0.1.4682, fault address 0x00000000000011c2.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/27/2015 09:57:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 16.0.1.4682, faulting module xul.dll, version 16.0.1.4682, fault address 0x0000000000dc58e6.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/27/2015 09:55:53 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (06/27/2015 09:55:53 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (06/25/2015 11:36:37 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (06/25/2015 11:36:37 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (06/25/2015 06:55:37 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (06/25/2015 06:55:37 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (06/25/2015 06:49:38 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.


System errors:
=============
Error: (06/27/2015 09:53:49 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.29.43.76 for the Network Card with network address 582C80139263 has been
denied by the DHCP server 10.31.54.157 (The DHCP Server sent a DHCPNACK message).

Error: (06/27/2015 09:52:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
%%1053

Error: (06/27/2015 09:52:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Mobile Partner. OUC service to connect.

Error: (06/27/2015 09:51:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.

Error: (06/27/2015 09:51:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.

Error: (06/25/2015 11:56:59 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (06/25/2015 11:56:58 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.11.10.22 for the Network Card with network address 582C80139263 has been
denied by the DHCP server 10.29.43.73 (The DHCP Server sent a DHCPNACK message).

Error: (06/25/2015 11:34:46 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.9.123.65 for the Network Card with network address 582C80139263 has been
denied by the DHCP server 10.11.10.21 (The DHCP Server sent a DHCPNACK message).

Error: (06/25/2015 11:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
%%1053

Error: (06/25/2015 11:33:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Mobile Partner. OUC service to connect.


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 44%
Total physical RAM: 1917.74 MB
Available physical RAM: 1073.25 MB
Total Pagefile: 3842.73 MB
Available Pagefile: 3241.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Local ) (Fixed) (Total:18.63 GB) (Free:1.65 GB) NTFS
Drive d: () (Fixed) (Total:18.63 GB) (Free:0.57 GB) NTFS
Drive e: () (Fixed) (Total:18.63 GB) (Free:0.45 GB) NTFS
Drive f: () (Fixed) (Total:18.63 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: E10BE10B)
Partition 1: (Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.9 GB) - (Type=OF Extended)

==================== End of log ============================



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 AM

Posted 27 June 2015 - 03:53 PM

Greetings,

Your computer is a bit of a mess so you will need to be patient while we try to work through things.

Do you have a Windows XP 64 bit installation disk?

Can you tell me if this looks familiar to you or makes sense? This file is normally located in C:\Program Files\Winamp. Not saying it is bad but it is in an odd location.

E:\Winamp\winampa.exe


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winsock: Catalog5 03 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CustomCLSID: HKU\S-1-5-21-4196316794-2275671525-1384915817-500_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A140\temp\Mp3 To Ringtone Gold 8.7 keygen.exe No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
wininit.exe;Bootcat.cache
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 shitalpatil

shitalpatil
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 28 June 2015 - 12:26 PM

 

hi gary,

 

i have windows XP 64 bit installation disk . Winamp is running on my PC.

 

as per instruction, i fix the code and posting the log here,

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Administrator at 2015-06-28 22:32:25 Run:2
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winsock: Catalog5 03 C:\WINDOWS1\SysWOW64\mswsock.dll [233472 2015-06-10] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CustomCLSID: HKU\S-1-5-21-4196316794-2275671525-1384915817-500_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A140\temp\Mp3 To Ringtone Gold 8.7 keygen.exe No File
*****************

Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
"HKU\S-1-5-21-4196316794-2275671525-1384915817-500_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => key removed successfully

==== End of Fixlog 22:32:25 ====

 

search

 

Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Administrator at 2015-06-28 22:38:10
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal

================== Search Files: "wininit.exe;Bootcat.cache" =============

====== End of Search ======

 

thanx Gary

 
 
 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 AM

Posted 28 June 2015 - 02:43 PM

Please do this.

===================================================

Running sfc /scannow in Windows XP with Installation Disk

--------------------
  • Click Start then Run
  • Type sfc /scannow and press Enter
  • If the program asks you for a Windows XP Installation Disk please insert it
  • Allow the scan to complete
  • Navigate to C:\Windows\logs\cbs\cbs.log
  • Copy and Paste the contents of the log in your reply, or attach it if necessary
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CBS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 AM

Posted 03 July 2015 - 10:09 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 AM

Posted 06 July 2015 - 10:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users