WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP, something is running slowing computer to a crawl

Started by gcdi , Jul 31 2014 08:04 PM

Please log in to reply

122 replies to this topic

#1 gcdi

Authentic Member

Authentic Member
119 posts

Posted 31 July 2014 - 08:04 PM

Computer keeps freezing as if it's waiting for something to get done before it can proceed.

I've noticed in task manager that cpu time is higher than normal, even if I just boot computer and don't open any programs the cpu usage is up around 25 to 40% but it used to drop to 0 or 1% after a couple of minutes.

Looking at processes it's usually one of the svchost that's using cpu.

I've also seen 2 or 3 iexplore's in processes using cpu even though I haven't opened internet.

Also getting some errors and some settings are changing on their own.

Errors: iexplore.exe aplication error, some instruction at some memory, memory could not be read

dialup connection window has started popping up and it won't close, I have to use task manager to close it.

try to open IE and get webpage is unavailable and find that work offline has been checked even after I unchecked it.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:24 PM, on 7/31/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\My Documents\Downloads\HiJackThis(1).exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\MIKE\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IsemhAwixp] regsvr32.exe "C:\Documents and Settings\All Users\Application Data\IsemhAwixp\IsemhAwixp.dat"
O4 - HKCU\..\Run: [IdeguXagqi] regsvr32.exe "C:\Documents and Settings\All Users\Application Data\IdeguXagqi\IdeguXagqi.dat"
O4 - HKCU\..\Run: [Vecevegaiksuax] "C:\Documents and Settings\MIKE\Application Data\Noimcifi\kimavya.exe"
O4 - S-1-5-21-1085031214-2000478354-839522115-1009 Startup: evuwyq.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: ifvai.exe (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} (NVIDIA GPU Reader Class) - http://www.geforce.c.../GPU_Reader.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.giga...bject/Dldrv.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...ols/pcmatic.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...102/CTSUEng.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://service.samsu...rustChecker.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - https://pbells.broad...otiveClient.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creat...015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...21022/CTPID.cab
O20 - Winlogon Notify: ciltadl - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll
O20 - Winlogon Notify: ohnmkie - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 7A2A25B2 - Unknown owner - C:\WINDOWS\system32\7A2A25B2.exe (file missing)
O23 - Service: 9938A174 - Unknown owner - C:\WINDOWS\system32\9938A174.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

--
End of file - 10427 bytes

Advertisements

Register to Remove

#2 gcdi

Authentic Member

Authentic Member
119 posts

Posted 01 August 2014 - 01:17 AM

additional info, pc much worse already, couldn't get to this forum with it, had to use another one to get you this info.

ran microsoft security essentials, as it was running it said prelemenary results showed a problem.

as it was running screen went all white, taskbar showed 2 IE's open, then website poop muffin opened with no place to close it and right click would not work.

tried opening task manager, took a long time to open, only app it showed was security essentials even though that web page was still open.

then security essentials screen disappeared, used task manager to swith to security essentials again, took a long time but finally switched and website screen disappeared.

then screen went all white again and task bar showed 4 IE's open and web page called country search.com opened, task bar showed 6 IE's open.

if i right click on any IE in task bar security essentials would disappear.

security essentials finally finished and show 2 serious threats, sorry i don't remember names, i took screen shots but since i can't get pc on the forum I may not be able to get you the names.

security essentials tried to remove the two threats, removed one but had a problem removing the other.

pc now so slow i may not be able to use it, tried for about twenty minutes to get it on forum with no luck.

#3 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 01 August 2014 - 07:05 AM

Hi gcdi, welcome to the forum.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Download OTL to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following

%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Next

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with

OTL.txt
Extra.txt
aswMBR log
MBR.dat (zipped and attached)

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#4 gcdi

Authentic Member

Authentic Member
119 posts

Posted 01 August 2014 - 08:39 PM

OTL logfile created on: 8/1/2014 1:16:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\MIKE\Desktop\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 69.57% Memory free

4.96 Gb Paging File | 4.11 Gb Available in Paging File | 82.90% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 805.74 Gb Free Space | 86.50% Space Free | Partition Type: NTFS

Drive D: | 7.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 69.23 Gb Total Space | 29.09 Gb Free Space | 42.01% Space Free | Partition Type: NTFS

Drive F: | 232.88 Gb Total Space | 175.56 Gb Free Space | 75.39% Space Free | Partition Type: NTFS

Computer Name: GCDI | User Name: MIKE | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\MIKE\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()

PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (No Company Name) ==========

MOD - c:\Documents and Settings\MIKE\Application Data\1396467839\graphicsserver.dll ()

MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll ()

MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll ()

MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()

MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()

MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()

MOD - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()

MOD - C:\Program Files\Gigabyte\EasySaver\ycc.dll ()

========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found

SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found

SRV - (SDScannerService) -- C:\Program Files\Spybot File not found

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe File not found

SRV - (9938A174) -- C:\WINDOWS\system32\9938A174.exe File not found

SRV - (7A2A25B2) -- C:\WINDOWS\system32\7A2A25B2.exe File not found

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\essvr.exe ()

SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe (SiSoftware)

SRV - (BCUService) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (pr2ah4nc) -- C:\WINDOWS\System32\pr2ah4nc.exe (CODEMASTERS)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (mosuport) -- system32\DRIVERS\mosuport.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\DOCUME~1\MIKE\LOCALS~1\Temp\catchme.sys File not found

DRV - (AODDriver) -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys File not found

DRV - (MpKslb1621762) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EAF4220-BEDB-4DCF-A3A7-97E312F7A877}\MpKslb1621762.sys (Microsoft Corporation)

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)

DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)

DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()

DRV - (etdrv) -- C:\WINDOWS\etdrv.sys (Windows ® 2000 DDK provider)

DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)

DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV - (CTEXFIFX) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV - (CTHWIUT.SYS) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV - (CTHWIUT) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV - (CT20XUT.SYS) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV - (CT20XUT) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (RTLTEAMING) -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS (Realtek Semiconductor Corporation)

DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (nusb3xhc) -- C:\WINDOWS\system32\drivers\nusb3xhc.sys (NEC Electronics Corporation)

DRV - (nusb3hub) -- C:\WINDOWS\system32\drivers\nusb3hub.sys (NEC Electronics Corporation)

DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\sandra.sys (SiSoftware)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation )

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (RtNdPt5x) -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys (Realtek Semiconductor Corporation )

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()

DRV - (MarkFun_NT) -- C:\Program Files\Gigabyte\ET5\MARKFUN.W32 (Windows ® 2000 DDK provider)

DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys (D-Link )

DRV - (pe3ah4nc) -- C:\WINDOWS\system32\drivers\pe3ah4nc.sys (CODEMASTERS)

DRV - (ps6ah4nc) -- C:\WINDOWS\system32\drivers\ps6ah4nc.sys (CODEMASTERS)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (RemoteControl-USBLAN) -- C:\WINDOWS\system32\drivers\rcblan.sys (Belcarra Technologies)

DRV - (ET5Drv) -- C:\WINDOWS\system32\drivers\ET5Drv.sys (Microsoft Corporation)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (sfvfs02) -- C:\WINDOWS\system32\drivers\sfvfs02.sys (Protection Technology)

DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)

DRV - (LHidKE) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)

DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)

DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)

DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKLM\..\SearchScopes\{1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: - No CLSID value found

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {3906D159-82FC-450d-A57A-92D10437A2F5}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes\{3906D159-82FC-450d-A57A-92D10437A2F5}: "URL" = http://search.yahoo....cevm&type=STDVM

IE - HKCU\..\SearchScopes\{67D06BCF-9EF0-4D55-A736-5DBD0B58BABB}: "URL" = http://search.condui...8601233467&UM=2

IE - HKCU\..\SearchScopes\{69375861-28F5-4c72-B52E-5C6DA8270101}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6E8FEB12-4AFD-4c88-A16F-6EBD16138199}: "URL" = http://www.google.co...2788:4067623346

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.40.349

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\MIKE\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/03 09:27:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/19 03:51:35 | 000,000,000 | ---D | M]

[2010/03/27 01:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Extensions

[2014/03/06 00:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions

[2014/03/06 00:12:32 | 000,000,000 | ---D | M] (MaskMe) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions\idme@abine.com

[2013/06/26 12:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions\ftd@ftd.com.xpi

[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2014/06/19 03:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2014/06/19 03:52:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2013/09/12 03:18:29 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: (Enabled)

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - plugin: Error reading preferences file

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: RealDownloader = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_1\

CHR - Extension: Google Wallet = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: KeyBar 2.5 = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej\10.31.4.510_0\

CHR - Extension: KeyBar 2.5 = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej\10.31.4.510_0\nativeMessaging\nmHost

O1 HOSTS File: ([2014/07/14 15:01:03 | 000,449,906 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15470 more lines...

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5043442D-472D-5637-00A7-7A786E7484D7} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)

O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe ()

O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)

O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()

O4 - HKCU..\Run: [2211080937] c:\documents and settings\mike\application data\1396467839\graphicsserver.dll ()

O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\MIKE\Local Settings\Application Data\Akamai\netsession_win.exe" File not found

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [IdeguXagqi] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)

O4 - HKCU..\Run: [IsemhAwixp] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler File not found

O4 - HKCU..\Run: [Vecevegaiksuax] "C:\Documents and Settings\MIKE\Application Data\Noimcifi\kimavya.exe" File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: gigabyte.us ([www] https in Trusted sites)

O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} http://www.geforce.c.../GPU_Reader.cab (NVIDIA GPU Reader Class)

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} http://service.samsu...rustChecker.cab (ACUBETrustChecker Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pbells.broad...otiveClient.cab (Reg Error: Key error.)

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49581C7F-1CFC-4C55-B4EF-8588276CD04B}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A58FF43-D0E1-4ABF-AF28-71D624F648EF}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ciltadl: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll ()

O20 - Winlogon\Notify\ohnmkie: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll ()

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2014/07/31 08:49:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2010/03/26 22:18:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/05/19 14:32:23 | 000,749,568 | R--- | M] (Codemasters Software Co.) - D:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2007/05/01 05:26:01 | 000,000,067 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2006/02/11 21:54:47 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2014/07/31 08:48:18 | 000,000,000 | ---D | M] - F:\AUTO -- [ NTFS ]

O32 - AutoRun File - [2006/02/11 21:54:47 | 000,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005/11/28 12:44:10 | 008,188,928 | ---- | M] () - F:\Autotap 3.00.msi -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/08/01 12:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Desktop\OTL

[2014/08/01 00:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Desktop\screenshot

[2014/08/01 00:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\0c7610

[2014/08/01 00:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610

[2014/08/01 00:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\98132781

[2014/08/01 00:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\4073586247

[2014/08/01 00:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906

[2014/08/01 00:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\1396467839

[2014/07/31 09:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IdeguXagqi

[2014/07/31 08:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\Noimcifi

[2014/07/31 08:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsemhAwixp

[2014/07/31 08:46:48 | 000,000,000 | -H-D | C] -- C:\c088cf6

[2014/07/31 04:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Start Menu\Programs\NetSurveillance

[2014/07/31 04:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\NetSurveillance

[2014/07/27 14:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Start Menu\Programs\CMS

[2014/07/27 14:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\CMS

[2014/07/24 04:12:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}

[2014/07/20 22:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\My Documents\process

[2014/07/19 02:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\My Documents\process expl

[2014/07/14 03:14:24 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/07/14 03:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/07/14 03:12:44 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/07/14 03:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/01 14:02:27 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\2302247755

[2014/08/01 14:00:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2014/08/01 14:00:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1946099523

[2014/08/01 12:42:19 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\qtfv.idw

[2014/08/01 12:38:56 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2014/08/01 12:32:37 | 000,019,756 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps

[2014/08/01 12:30:23 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1233740586

[2014/08/01 12:30:21 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/08/01 12:28:43 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys

[2014/08/01 12:28:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/08/01 03:03:01 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx

[2014/08/01 03:03:01 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx

[2014/08/01 03:03:01 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx

[2014/08/01 01:12:52 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1131910924

[2014/07/31 12:33:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2014/07/31 12:33:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2014/07/31 09:49:07 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML

[2014/07/31 09:49:07 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL

[2014/07/31 09:49:06 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML

[2014/07/31 09:49:06 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL

[2014/07/31 08:49:10 | 000,000,280 | ---- | M] () -- C:\Boot.bak

[2014/07/29 23:43:29 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/07/27 14:01:39 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\CMS.lnk

[2014/07/26 01:25:18 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/07/24 02:16:19 | 000,000,358 | RHS- | M] () -- C:\boot.ini

[2014/07/20 17:09:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2014/07/18 13:35:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2014/07/15 02:30:31 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job

[2014/07/15 02:30:26 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job

[2014/07/15 02:30:20 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job

[2014/07/15 02:30:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2014/07/15 02:30:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2014/07/15 02:30:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2014/07/15 02:29:58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2014/07/15 02:29:52 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2014/07/15 02:29:47 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2014/07/15 02:29:40 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2014/07/15 02:29:35 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job

[2014/07/15 02:29:29 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job

[2014/07/15 02:29:09 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job

[2014/07/15 02:29:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job

[2014/07/15 02:28:53 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job

[2014/07/15 02:28:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/07/15 02:28:32 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/07/15 02:28:04 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job

[2014/07/14 15:01:03 | 000,449,906 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2014/07/14 03:13:17 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/01 00:35:55 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\1131910924

[2014/08/01 00:35:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\1946099523

[2014/08/01 00:33:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\2302247755

[2014/08/01 00:22:41 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\1233740586

[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML

[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.HTML

[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL

[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.URL

[2014/07/31 09:49:07 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML

[2014/07/31 09:49:07 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL

[2014/07/31 09:49:06 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML

[2014/07/31 09:49:06 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL

[2014/07/31 06:58:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2014/07/27 14:01:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\CMS.lnk

[2014/07/14 03:13:17 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/02/20 18:14:02 | 000,179,377 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2013/10/30 01:55:30 | 000,000,289 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2013/06/13 00:47:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\$_hpcst$.hpc

[2012/10/03 06:41:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe

[2012/10/03 06:41:43 | 012,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys

[2012/10/03 06:41:43 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys

[2012/10/03 06:41:43 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini

[2012/10/03 06:41:42 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll

[2012/10/03 06:41:41 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll

[2012/09/16 02:48:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/09/16 02:48:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/09/16 02:48:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/09/16 02:48:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/09/16 02:48:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/09/10 13:38:33 | 001,098,800 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2012/09/10 13:38:33 | 001,098,800 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2012/09/10 13:38:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2012/01/14 05:06:20 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\MIKE\default.pls

[2011/11/28 05:08:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MIKE\RoomEQWizardV5-Path

[2011/07/22 10:26:46 | 001,146,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-2000478354-839522115-1003-0.dat

[2011/07/22 10:26:45 | 000,145,058 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/01/24 02:47:44 | 010,964,992 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda

[2010/03/29 07:58:51 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/03/27 18:47:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/20 21:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN

[2012/12/05 03:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2012/12/05 03:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2011/08/08 01:10:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/04/04 14:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters

[2013/10/29 05:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit

[2012/09/29 08:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2014/07/31 09:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IdeguXagqi

[2014/07/31 08:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsemhAwixp

[2010/07/13 10:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MoTeC

[2010/05/08 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Music Coach

[2011/11/10 12:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2014/07/31 08:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin

[2013/12/11 13:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache

[2013/04/08 02:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2014/07/31 08:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield

[2010/04/04 13:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania

[2014/07/31 09:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2014/07/24 04:12:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}

[2014/08/01 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\0c7610

[2014/08/01 01:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\1396467839

[2014/08/01 00:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\4073586247

[2014/08/01 00:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\98132781

[2012/12/05 03:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Autodesk

[2014/01/15 22:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\bizarre creations

[2011/06/25 17:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/01/19 00:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Disney Interactive Studios

[2013/03/17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\ElevatedDiagnostics

[2010/12/08 04:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\FUEL

[2014/07/31 09:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Image Zone Express

[2011/01/19 00:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Leadertech

[2014/06/18 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Music Coach

[2014/07/31 17:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Noimcifi

[2014/02/01 02:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Origin

[2011/05/24 00:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Sammsoft

[2011/10/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Singlesnet

[2013/03/11 06:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Visan

[2011/11/03 01:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\vmntemplate

[2013/01/12 00:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Zeon

========== Purity Check ==========

========== Custom Scans ==========

< In the window under Custom Scans/Fixes copy and paste the following >

Invalid Switch: Fixes copy and paste the following

< >

[2010/03/26 22:17:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini

[2010/03/26 22:22:39 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

[2011/10/14 18:13:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2011/10/14 18:13:19 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2011/10/19 00:38:34 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job

[2011/10/19 00:38:35 | 000,000,974 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job

[2012/01/03 02:55:34 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job

[2012/02/12 15:15:53 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

[2012/02/12 15:15:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

[2013/03/11 06:46:40 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Tasks\HP Photo Creations Communicator.job

[2013/04/16 23:47:31 | 000,000,324 | ---- | C] () -- C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2013/04/16 23:47:33 | 000,000,298 | ---- | C] () -- C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2013/04/16 23:47:33 | 000,000,306 | ---- | C] () -- C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2013/08/30 04:24:26 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

[2013/10/17 23:15:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2013/10/17 23:15:32 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job

[2013/10/29 23:46:52 | 000,000,644 | ---- | C] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job

[2013/10/29 23:46:53 | 000,000,446 | ---- | C] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

[2013/10/29 23:46:53 | 000,000,616 | ---- | C] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job

[2014/03/27 04:38:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

[2014/03/27 04:38:38 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

< >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2013/09/20 10:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >

[2014/08/01 02:44:44 | 000,088,068 | ---- | M] () MD5=5BBEEA58C05E9F1C37A7A0F6B652731C -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.SCF >

[2004/08/04 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: IEXPLORE.CHM >

[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm

[2004/08/04 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm

[2006/09/01 08:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.CHW >

[2010/10/21 05:22:47 | 000,157,092 | ---- | M] () MD5=0C7430741204FB68EAD612AD88A5E92C -- C:\WINDOWS\Help\iexplore.chw

< MD5 for: IEXPLORE.EXE >

[2010/12/20 06:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=091D358EFC9D22901BD879EF37F0DAC4 -- C:\WINDOWS\ie7updates\KB2497640-IE7\iexplore.exe

[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe

[2010/06/17 10:12:57 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=203E897F843D56496E2CC101DFF6CE34 -- C:\WINDOWS\ie7updates\KB2360131-IE7\iexplore.exe

[2011/04/21 05:34:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=3E23DBEBE1020D52C63235E4189FAC03 -- C:\WINDOWS\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe

[2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\ie7updates\KB980182-IE7\iexplore.exe

[2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\SoftwareDistribution\Download\88c63804b5f0c64f6faa724a1c0c9991\SP3GDR\iexplore.exe

[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe

[2010/10/18 06:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=72D1F43C4146D312B0DB6AB98C21340E -- C:\WINDOWS\ie7updates\KB2482017-IE7\iexplore.exe

[2010/06/17 09:45:15 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B0BC6DC9C9277250C5C8F7B7A48A02CC -- C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe

[2010/04/16 06:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe

[2010/02/23 00:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B5116340B84824DDD0A641E36B126194 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe

[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe

[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe

[2011/04/21 05:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B6E13F9C120C776A89D783E26D6C15C5 -- C:\WINDOWS\ie8\iexplore.exe

[2010/12/20 05:49:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B74CBEBA34E3CAA2CCACC87FEE8A16C0 -- C:\WINDOWS\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe

[2010/04/16 06:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie7updates\KB2183461-IE7\iexplore.exe

[2010/02/23 00:19:59 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=C8DDA4028065D5CE39CBE7A156B72AB9 -- C:\WINDOWS\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe

[2009/12/18 02:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe

[2009/12/18 02:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\SoftwareDistribution\Download\88c63804b5f0c64f6faa724a1c0c9991\SP3QFE\iexplore.exe

[2010/10/18 05:36:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=DA6E1F0F1932B62DD2F6ED05541C555C -- C:\WINDOWS\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe

[2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB978207-IE7\iexplore.exe

[2011/02/14 06:36:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E3CC8CCF21BFDC954255BB17083FB9F0 -- C:\WINDOWS\$hf_mig$\KB2497640-IE7\SP3QFE\iexplore.exe

[2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E4A798DFDE7FE6E79F23548F0EF0F844 -- C:\WINDOWS\ie7updates\KB2530548-IE7\iexplore.exe

[2010/08/25 06:30:33 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E5412ED9E07C42C20C48D3FF71E6B1E8 -- C:\WINDOWS\ie7updates\KB2416400-IE7\iexplore.exe

[2004/08/04 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe

[2010/08/25 06:07:58 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=F047BEB9771E45A05F425499A30F9BBA -- C:\WINDOWS\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >

[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui

[2007/08/13 18:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-27122324.PF >

[2014/08/01 14:51:31 | 000,050,150 | ---- | M] () MD5=43DAF0FD8E380D557A0CE7D36D919B90 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf

< MD5 for: IEXPLORE.HLP >

[2004/08/04 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: SERVICES >

[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >

[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

[2014/05/08 06:21:20 | 000,559,489 | ---- | M] () MD5=E829329E4886E9A3540C62114FC8E145 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CSS >

[2013/12/13 16:07:18 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.EXE >

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

[2004/08/04 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.EXE.LNK >

[2014/07/21 02:31:13 | 000,000,681 | ---- | M] () MD5=FA6CA830AF51B617BDDB98E19C412FCA -- C:\Documents and Settings\MIKE\Recent\services.exe.lnk

< MD5 for: SERVICES.EXE.TXT >

[2014/07/21 02:31:08 | 000,005,276 | ---- | M] () MD5=031F798EEECAF6E44271908565F523E5 -- C:\Documents and Settings\MIKE\My Documents\Downloads\services.exe.txt

< MD5 for: SERVICES.EXE-2F433351.PF >

[2014/08/01 12:28:34 | 000,015,012 | ---- | M] () MD5=0BCFE9AAE8B310FA1859E722C0B9618F -- C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf

< MD5 for: SERVICES.INI >

[2013/12/13 16:07:18 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.LNK >

[2013/10/19 23:28:11 | 000,001,602 | ---- | M] () MD5=CB825F5924BCCFCCF4620BE935441117 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >

[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >

[2011/03/01 01:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs

[2011/03/01 02:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >

[2013/12/04 04:33:15 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: WINLOGON.EXE >

[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.EXE-32C57D49.PF >

[2014/08/01 12:28:34 | 000,066,946 | ---- | M] () MD5=B3EDEDEDFEDBB9D7C70CB7285CA651E7 -- C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf

< %SYSTEMDRIVE%\*.* >

[2014/07/31 08:48:26 | 000,004,376 | ---- | M] () -- C:\AdwCleaner[S1].txt

[2010/03/26 22:18:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2014/07/31 08:49:10 | 000,000,280 | ---- | M] () -- C:\Boot.bak

[2014/07/24 02:16:19 | 000,000,358 | RHS- | M] () -- C:\boot.ini

[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2014/07/31 08:49:12 | 000,408,088 | ---- | M] () -- C:\ComboFix.txt

[2010/03/26 22:18:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2014/01/20 06:04:13 | 000,000,000 | ---- | M] () -- C:\END

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2010/03/26 23:56:45 | 000,000,197 | ---- | M] () -- C:\Install.log

[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2010/03/26 22:18:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2014/07/31 18:43:25 | 000,003,858 | ---- | M] () -- C:\LGSInst.Log

[2013/10/17 10:44:03 | 000,002,212 | ---- | M] () -- C:\logFileUI.txt

[2010/03/26 22:18:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/03/30 12:53:25 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2014/08/01 12:27:27 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2010/03/26 23:54:18 | 000,002,834 | ---- | M] () -- C:\RHDSetup.log

[2010/04/02 13:48:57 | 000,005,694 | ---- | M] () -- C:\Sdicon32.ico

[2014/08/01 12:30:25 | 000,000,144 | ---- | M] () -- C:\service.log

[2012/03/04 03:53:42 | 000,921,624 | ---- | M] () -- C:\snp2sxp-001.raw

[2010/08/15 23:41:37 | 000,921,624 | ---- | M] () -- C:\snp2sxp-002.raw

[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >

[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2010/03/26 22:18:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2006/11/05 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8O.DLL

[2006/11/05 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8O.DLL

[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

[2014/07/31 09:49:30 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\DECRYPT_INSTRUCTION.HTML

[2014/07/31 09:49:30 | 000,004,144 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\DECRYPT_INSTRUCTION.TXT

[2014/07/31 09:49:30 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\DECRYPT_INSTRUCTION.URL

[2013/06/23 22:45:02 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

[2014/07/27 14:02:01 | 000,033,768 | ---- | M] () -- C:\Program Files\CMS Setup Log.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >

Volume in drive C has no label.

Volume Serial Number is 0C76-10E0

Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices

02/12/2014 04:19 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a

0 File(s) 0 bytes

Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote

02/12/2014 04:19 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a

0 File(s) 0 bytes

Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices

02/12/2014 04:21 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a

0 File(s) 0 bytes

Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler

02/12/2014 04:16 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35

0 File(s) 0 bytes

Total Files Listed:

0 File(s) 0 bytes

4 Dir(s) 864,938,004,480 bytes free

< %systemroot%\System32\config\*.sav >

[2010/03/26 15:31:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2010/03/26 15:31:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2010/03/26 15:31:39 | 000,933,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

[2011/01/18 23:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive Studios\Pure\Data\UI\HUD\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

[2010/03/30 12:57:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2010/03/26 22:24:29 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2010/03/26 22:24:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

[2004/12/09 17:23:46 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2std.src

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

[2002/05/08 11:00:22 | 000,026,060 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{70af630e-2e1b-470f-b600-9ae48f0b94d0}.sdb

[2011/12/19 03:04:46 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-07-11 18:19:41

< End of report >

OTL Extras logfile created on: 8/1/2014 1:16:37 PM - Run 1