Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack This Log [Solved]


  • This topic is locked This topic is locked
26 replies to this topic

#1 jabrooksy

jabrooksy

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 09 January 2015 - 12:44 AM

My old computer has ground to a halt.   Been down this road before but have come out of it every time with your guys help.  Here is my Hijack This Log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:36 PM, on 1/8/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\AOL\1102552839\ee\AOLSoftware.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daddy.JIM\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...EA88&si=radiopi
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102552839\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SparkTrust PC Cleaner Plus] C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://tbedits.radio...2012030409&cv=1
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.co...ebInstaller.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.sy...eqlabdetect.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin..../p3dactivex.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SparkTrust AntiVirus (SBAMSvc) - GFI Software - C:\Program Files\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10194 bytes
 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 January 2015 - 06:05 AM

:welcome:

 

Hijackthis is not used much anymore but its shown me enough to get going

 

Run this in order please

 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 jabrooksy

    jabrooksy

      Authentic Member

    • Authentic Member
    • PipPip
    • 58 posts

    Posted 09 January 2015 - 11:28 PM

    You guys are great.  Already notice marked improvement.  Before when I tried to run a Malware Bytes scan it would go on and on and on for eight hours and after finding 376,000 errors....that's right 376,000 the program would lock up.  That was my hint that something was terribly wrong.  Completed all the steps you asked.  Here are the logs:

    . # AdwCleaner v4.107 - Report created 09/01/2015 at 08:28:58
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Daddy - JIM
    # Running from : C:\Documents and Settings\Daddy.JIM\My Documents\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
    Folder Deleted : C:\Program Files\Viewpoint

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\80808350484848
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B0A842D6-107B-4A3A-A897-C21914522460}
    Key Deleted : HKCU\Software\CompeteInc
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\StumbleUpon
    Key Deleted : HKCU\Software\Viewpoint
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\SOFTWARE\CompeteInc
    Key Deleted : HKLM\SOFTWARE\StumbleUpon
    Key Deleted : HKLM\SOFTWARE\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

    -\\ Mozilla Firefox v34.0.5 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [7208 octets] - [09/01/2015 08:18:52]
    AdwCleaner[S0].txt - [7055 octets] - [09/01/2015 08:28:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7115 octets] ##########
     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Daddy on Fri 01/09/2015 at 10:01:27.17
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



    ~~~ Files

    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\sparktrust"
    Successfully deleted: [Folder] "C:\Documents and Settings\Daddy.JIM\Application Data\getrighttogo"
    Successfully deleted: [Folder] "C:\Documents and Settings\Daddy.JIM\Application Data\radiorage_4j"
    Successfully deleted: [Folder] "C:\Documents and Settings\Daddy.JIM\Application Data\sparktrust"
    Successfully deleted: [Folder] "C:\Documents and Settings\Daddy.JIM\Application Data\viewpoint"
    Failed to delete: [Folder] "C:\Program Files\sparktrust"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\start menu\programs\sparktrust"
    Successfully deleted: [Folder] "C:\Documents and Settings\Daddy.JIM\start menu\programs\sparktrust"



    ~~~ FireFox

    Successfully deleted: [File] C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\user.js
    Successfully deleted: [File] C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\searchplugins\aol-search.xml
    Successfully deleted: [File] C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\searchplugins\askcom.xml
    Successfully deleted: [File] C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\searchplugins\bing-zugo.xml
    Successfully deleted: [File] C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\searchplugins\my-web-search.xml
    Successfully deleted: [Folder] C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\fctb
    Successfully deleted: [Folder] C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    Successfully deleted the following from C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\prefs.js

    user_pref("FirstSearch.aol_toolbar.search.hasDoneFirst", 188);
    user_pref("aol_toolbar.aolmail", "");
    user_pref("aol_toolbar.aolmail.address", "JABROOKSY@aol.com");
    user_pref("aol_toolbar.aolmail.count", "21");
    user_pref("aol_toolbar.aolmail.id", "value");
    user_pref("aol_toolbar.aolmail.imagelist.layout", "open");
    user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
    user_pref("aol_toolbar.aolmail.user", "JABROOKSY");
    user_pref("aol_toolbar.button.facebook_1305124421968.view", "0");
    user_pref("aol_toolbar.button.facebook_1308920391405.view", "0");
    user_pref("aol_toolbar.button.facebook_1317210564546.view", "0");
    user_pref("aol_toolbar.button.facebook_40839.click", "1");
    user_pref("aol_toolbar.button.mapquest_40872.click", "1");
    user_pref("aol_toolbar.button.twitter_40883.click", "1");
    user_pref("aol_toolbar.button.wikipedia_1317210580791.view", "0");
    user_pref("aol_toolbar.button.winter%20games_tb_publish1_aol.view", "0");
    user_pref("aol_toolbar.button.youtube_1305124431617.view", "0");
    user_pref("aol_toolbar.button.youtube_1308920405288.view", "0");
    user_pref("aol_toolbar.button.youtube_1317210567832.view", "0");
    user_pref("aol_toolbar.buttons.defaultview", 0);
    user_pref("aol_toolbar.buttons.layout", "facebook_40839;youtube_40850;mapquest_40872;twitter_40883;gmail_40894;wikipedia_40905;yahoo_mail_40916;netflix_40927;wikipedia_1317210
    user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
    user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
    user_pref("aol_toolbar.calendar.timestamp", "1420822702971");
    user_pref("aol_toolbar.cookie.homepage", "");
    user_pref("aol_toolbar.cookie.search", "");
    user_pref("aol_toolbar.curtain.congrats", "curtain");
    user_pref("aol_toolbar.default.homepage.check", true);
    user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051");
    user_pref("aol_toolbar.default.search.check", true);
    user_pref("aol_toolbar.default.search.label", "AOL Search");
    user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=20100812203332908&tb_oid=08-01-2010&tb_mrud=21-0
    user_pref("aol_toolbar.firsttime.showwindow", false);
    user_pref("aol_toolbar.guid", "{65EBEE47-8869-E771-D3DF-A51EA8DB15DD}");
    user_pref("aol_toolbar.historybutton.active", true);
    user_pref("aol_toolbar.historybutton.enabled", true);
    user_pref("aol_toolbar.homepageprotection.enabled", true);
    user_pref("aol_toolbar.install.distroid", "");
    user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
    user_pref("aol_toolbar.install.homepage.label", "AOL.com");
    user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9660");
    user_pref("aol_toolbar.install.lid", "hyplognew00000010");
    user_pref("aol_toolbar.install.mtmhp", "txtlnkusaolp00000051");
    user_pref("aol_toolbar.install.ncid", "");
    user_pref("aol_toolbar.install.sethomepage", "1");
    user_pref("aol_toolbar.install.setsearch", "1");
    user_pref("aol_toolbar.install.type", "upgrade");
    user_pref("aol_toolbar.metrics.activestampdate", "9");
    user_pref("aol_toolbar.metrics.activestampmonth", "0");
    user_pref("aol_toolbar.metrics.activestampyear", "2015");
    user_pref("aol_toolbar.metrics.log", false);
    user_pref("aol_toolbar.metrics.originalDate", "8");
    user_pref("aol_toolbar.metrics.originalHours", "8");
    user_pref("aol_toolbar.metrics.originalMinutes", "8");
    user_pref("aol_toolbar.metrics.originalMonth", "1");
    user_pref("aol_toolbar.metrics.originalSeconds", "10");
    user_pref("aol_toolbar.metrics.originalYear", "2010");
    user_pref("aol_toolbar.presethomepage", "aol.com");
    user_pref("aol_toolbar.presetsearch", "AOL Search");
    user_pref("aol_toolbar.relatednews.enabled", false);
    user_pref("aol_toolbar.remote..xml", "1420780263796");
    user_pref("aol_toolbar.remote.alerts.xml", "1328991229340");
    user_pref("aol_toolbar.remote.config.js", "");
    user_pref("aol_toolbar.remote.historyconfig.js", "");
    user_pref("aol_toolbar.remote.publish.xml", "1420780263785");
    user_pref("aol_toolbar.remote.rtw.js", "1352724166817");
    user_pref("aol_toolbar.remote.searchterm.js", "");
    user_pref("aol_toolbar.remote.ticker.rss", "1328991229963");
    user_pref("aol_toolbar.reset.flag", "1");
    user_pref("aol_toolbar.reset.style", "A");
    user_pref("aol_toolbar.resetprompt.daily.num", "1");
    user_pref("aol_toolbar.resetprompt.daily.timestamp", "Sun Dec 14 2014 01:16:46 GMT-0700 (Mountain Standard Time)");
    user_pref("aol_toolbar.resetprompt.display.limit", "5");
    user_pref("aol_toolbar.rtw.active", true);
    user_pref("aol_toolbar.search.button", true);
    user_pref("aol_toolbar.search.cid", "21-09-2013");
    user_pref("aol_toolbar.search.focusnewtab", false);
    user_pref("aol_toolbar.search.instd", "20100812203332908");
    user_pref("aol_toolbar.search.newtab", false);
    user_pref("aol_toolbar.search.oid", "08-01-2010");
    user_pref("aol_toolbar.search.placement", "right");
    user_pref("aol_toolbar.search.populateoncomplete", false);
    user_pref("aol_toolbar.search.savehistory", true);
    user_pref("aol_toolbar.search.searchtype", "web");
    user_pref("aol_toolbar.search.source", "aolrt-ff");
    user_pref("aol_toolbar.searchengine.label", "AOL Search");
    user_pref("aol_toolbar.searchprotection.enabled", true);
    user_pref("aol_toolbar.searchprotection.set", "1");
    user_pref("aol_toolbar.skin.custom", false);
    user_pref("aol_toolbar.surf.date", "395");
    user_pref("aol_toolbar.surf.lastDate", "20");
    user_pref("aol_toolbar.surf.lastMonth", "8");
    user_pref("aol_toolbar.surf.lastYear", "2013");
    user_pref("aol_toolbar.surf.mURL", "");
    user_pref("aol_toolbar.surf.mURLh", "0");
    user_pref("aol_toolbar.surf.mURLw", "0");
    user_pref("aol_toolbar.surf.mURLx", "0");
    user_pref("aol_toolbar.surf.mURLy", "0");
    user_pref("aol_toolbar.surf.milestone", "-1");
    user_pref("aol_toolbar.surf.month", "3491");
    user_pref("aol_toolbar.surf.prevMonth", "5034");
    user_pref("aol_toolbar.surf.show", true);
    user_pref("aol_toolbar.surf.total", "244184");
    user_pref("aol_toolbar.surf.week", "1130");
    user_pref("aol_toolbar.surf.year", "37586");
    user_pref("aol_toolbar.ticker.active", false);
    user_pref("aol_toolbar.ticker.animation", "hscroll");
    user_pref("aol_toolbar.ticker.collapsed", "0");
    user_pref("aol_toolbar.ticker.endColor", "444444");
    user_pref("aol_toolbar.ticker.fontFamily", "Arial, Helvetica, sans-serif");
    user_pref("aol_toolbar.ticker.fontSize", "10");
    user_pref("aol_toolbar.ticker.maxWidth", "200");
    user_pref("aol_toolbar.ticker.show", true);
    user_pref("aol_toolbar.ticker.startColor", "0D0D0D");
    user_pref("aol_toolbar.ticker.tipHidden", "Show Headlines");
    user_pref("aol_toolbar.ticker.tipVisible", "Hide Headlines");
    user_pref("aol_toolbar.ticker.url", "hxxp://feeds.feedburner.com/aolnewstopstories");
    user_pref("aol_toolbar.uninstallreset", "3");
    user_pref("aol_toolbar.upgrade.showwindow", false);
    user_pref("aol_toolbar.weather.condition", "26");
    user_pref("aol_toolbar.weather.degc", "7");
    user_pref("aol_toolbar.weather.degf", "44");
    user_pref("aol_toolbar.weather.degrees", "F");
    user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/33_n.png");
    user_pref("aol_toolbar.weather.lastupdate", "");
    user_pref("aol_toolbar.weather.locationid", "USNY0996");
    user_pref("aol_toolbar.weather.metric", true);
    user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Clear");
    user_pref("aol_toolbar.weather.update", "1379662283565");
    user_pref("aol_toolbar.weather.zipcode", "10065");
    user_pref("aol_toolbar.widgets.layout", "aolmail,calendar");
    user_pref("aol_toolbar.widgets.log", false);
    user_pref("aol_toolbar.widgets.timestamp", "1420414240947");
    user_pref("aol_toolbar.widgets.version", "5.74.1.9660");
    user_pref("aol_toolbar.winamp.volume", "");
    user_pref("browser.search.defaultengine", "Ask.com");
    user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=20100812203332908&tb_oid=08-01-2010&tb_mrud=21-09-201
    user_pref("browser.search.order.1", "Ask.com");
    user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20111119&q=");
    user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=992AA782-2F41-4114-9A19-2BBE3CF3EA88&n=77ed2573&ptnrS=ZXxdm039YYus&
    user_pref("extensions.toolbar.mindspark._4jMembers_.hp.user.defined", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2012030323");
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "ZXxdm039YYus");
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "radiopi");
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "992AA782-2F41-4114-9A19-2BBE3CF3EA88");
    user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1414952104369");
    user_pref("extensions.toolbar.mindspark._4jMembers_.searchHistory", "Stephanie Louise Winfield||country of bangladesh||disasterous||Tash Walch ");
    user_pref("extensions.toolbar.mindspark._4jMembers_.tab.date", "1330843768162");
    user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "81001");
    user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");
    user_pref("extensions.toolbar.mindspark.sa.enabled", true);
    user_pref("extensions.toolbar.mindspark.sa.owner", "radiorage@mindspark.com");
    user_pref("extensions.toolbar.mindspark.tab.enabled", true);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.DNSCatch", false);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.FirstLaunchShown", true);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.LastDate", 25);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.customNewTab", false);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.CaptureType", 3);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingDisabled", true);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20140225.connection_error", 0);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20140225.invalid_cert", 0);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20140225.server_error", 0);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20140225.success", 0);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.currentOffset", 1);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.dcaConfigInterval", "525600");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.enableVoicebox", false);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.epochTimeInterval", "1440");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.eulaVersion", 20110301);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigModification", "Mon, 26 Aug 2013 20:16:19 GMT");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigTime", "1383715971151");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigUrl", "hxxps://dcs-config.consumerinput.com/configs/dca_config/FCZ3F9Lfox/9411?userId=FCZ3F9L56724387
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaStatus", 1);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTime", "1393337860665");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTimeUrl", "hxxps://dcs.consumerinput.com/cgi-bin/EpochReturn.py");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendAttemptDate", "20140225");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendSuccessDate", "20121227");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPingTime", "1393337917826");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyFailureDate", 20121125);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.panelID", "FCZ3F9Lfox");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.pingInterval", "1440");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailures", 1);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailuresThreshold", 6);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.probationLength", 0);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.userID", "FCZ3F9L56724387");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.version", "1.7.0.9411");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.installDate", "11212011");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.version", "1.0.40");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.processAddrBar", false);
    user_pref("freecause46d606b0a64511df981c0800200c9a66.tb_lang", "en");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.user_id", "56724387");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.dcaAlertShown", "1");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.disablecuidinject", "1");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.lastcheck", "Sat%20Dec%2031%202011%2010%3A16%3A32%20GMT-0700%20%28Mountain%20Standard%20Time%29");
    user_pref("freecause46d606b0a64511df981c0800200c9a66.yahooSearch", false);
    Emptied folder: C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\firefox\profiles\m1ijzg0m.default\minidumps [2 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/09/2015 at 10:51:05.12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/9/2015
    Scan Time: 1:49:21 PM
    Logfile: Malware Bytes Log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.09.16
    Rootkit Database: v2015.01.07.01
    License: Premium
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Daddy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 612226
    Time Elapsed: 1 hr, 10 min, 4 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 4
    PUP.Optional.EpicPlay.A, HKU\S-1-5-21-682003330-179605362-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}, Quarantined, [224223d21772cd69e49a05dcd72bf30d],
    PUP.Optional.EpicPlay.A, HKU\S-1-5-21-682003330-179605362-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}, Quarantined, [224223d21772cd69e49a05dcd72bf30d],
    PUP.Optional.StartNow.A, HKU\.DEFAULT-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StartNow Toolbar, Quarantined, [ec78965fa5e40234bda6836940c41de3],
    PUP.Optional.StartNow.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StartNow Toolbar, Quarantined, [5b09e01558317cba91d247a5d52fb848],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    .

    Look forward to your reply.  Thanks again................JB



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 January 2015 - 04:56 AM

    Morning JB,

     

    I would like you to run aswMBR first, it just checks to see if there is a possible rootkit present, it wont remove anything, and then a scan with  FRST, there are two versions, 32 and 64 bit , with Windows XP you most likely need the 32 bit version, there will be two logs, FRST and Additions, post them both please

     

     

     
    1QYkxTZ.jpg Please download aswMBR to your desktop.
     
    • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 jabrooksy

    jabrooksy

      Authentic Member

    • Authentic Member
    • PipPip
    • 58 posts

    Posted 10 January 2015 - 12:46 PM

    Here are the logs: aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-01-10 11:04:43
    -----------------------------
    11:04:43.109    OS Version: Windows 5.1.2600 Service Pack 3
    11:04:43.109    Number of processors: 1 586 0x209
    11:04:43.109    ComputerName: JIM  UserName:
    11:04:44.687    Initialize success
    11:04:45.203    VM: initialized successfully
    11:04:45.203    VM: Intel CPU virtualization not supported
    11:31:27.687    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    11:31:27.687    Disk 0 Vendor: WDC_WD800BB-75CAA0 16.06V16 Size: 76293MB BusType: 3
    11:31:27.906    Disk 0 MBR read successfully
    11:31:27.906    Disk 0 MBR scan
    11:31:27.906    Disk 0 Windows XP default MBR code
    11:31:27.906    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       31 MB offset 63
    11:31:27.921    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76253 MB offset 64260
    11:31:27.921    Disk 0 unknown boot code
    11:31:27.921    Disk 0 statistics 287/0/0 @ 0.64 MB/s
    11:31:27.921    Scan finished successfully
    11:31:48.781    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daddy.JIM\My Documents\hijack this logs\MBR.dat"
    11:31:48.781    The log file has been saved successfully to "C:\Documents and Settings\Daddy.JIM\My Documents\hijack this logs\aswMBR.txt"

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
    Ran by Daddy (administrator) on JIM on 10-01-2015 11:36:43
    Running from C:\Documents and Settings\Daddy.JIM\My Documents\Downloads
    Loaded Profile: Daddy (Available profiles: Daddy & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    (Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (AOL LLC) C:\Program Files\Common Files\aol\ACS\AOLacsd.exe
    () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    (Inprise Corporation) C:\Program Files\Borland\InterBase\bin\ibguard.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (GFI Software) C:\Program Files\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\tcpsvcs.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\snmp.exe
    (America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mqsvc.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mqtgsvc.exe
    (Inprise Corporation) C:\Program Files\Borland\InterBase\bin\ibserver.exe
    (CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
    (A4Tech Co.,Ltd.) C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    (Intel Corporation) C:\WINDOWS\SYSTEM32\hkcmd.exe
    (Sonic Solutions) C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
    (Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Intel Corporation) C:\WINDOWS\SYSTEM32\igfxtray.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1102552839\EE\aolsoftware.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (SEIKO EPSON CORPORATION) C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIABA.EXE
    (Octoshape ApS) C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Logitech Inc.) C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Media Connect 2] => C:\Program Files\Windows Media Connect 2\WMCCFG.exe [8704 2009-02-02] (Microsoft Corporation)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [204800 2003-08-26] (CyberLink Corp.)
    HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
    HKLM\...\Run: [MediaFace Integration] => C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2002-12-17] (Fellowes, Inc.)
    HKLM\...\Run: [iKeyWorks] => C:\Program Files\A4Tech\Keyboard\Ikeymain.exe [61440 2004-08-31] (A4Tech Co.,Ltd.)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [126976 2006-05-25] (Intel Corporation)
    HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-06] (Sonic Solutions)
    HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
    HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-07-10] (ArcSoft Inc.)
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-05-16] (Logitech Inc.)
    HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1102552839\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [931200 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [EPSON Stylus C88 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
    HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-682003330-179605362-725345543-1003\...\Run: [Octoshape Streaming Services] => C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
    HKU\S-1-5-21-682003330-179605362-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
    HKU\S-1-5-21-682003330-179605362-725345543-1003\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
    HKU\S-1-5-18\...\Run: [AOL Fast Start] => "C:\Program Files\AOL 9.1\AOL.EXE" -b
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.43searche...=1&d=2012-11-17
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {9001ECE5-27F9-7260-292B-CF945347FC97} URL = http://www.bing.com/...eferrer:source}
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {B0A842D6-107B-4A3A-A897-C21914522460} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab
    DPF: {94B82441-A413-4E43-8422-D49930E69764} https://echat.us.del...t/TLIEFlash.CAB
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,21/mcgdmgr.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driverage...driveragent.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @soe.sony.com/installer,version=1.0.3 -> C:\WINDOWS\Downloaded Program Files\npsoe.dll No File
    FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-682003330-179605362-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Daddy.JIM\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-682003330-179605362-725345543-1003: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMGWRAP.DLL (Network Associates Inc)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
    FF Extension: Ancestry.com Advanced Image Viewer - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\support@ancestry.com [2010-01-27]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
    FF Extension: AddThis - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-08-28]
    FF Extension: ShopToWin9 - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{46d606b0-a645-11df-981c-0800200c9a66} [2012-11-20]
    FF Extension: AOL Toolbar - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-01-09]
    FF Extension: DownloadHelper - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-04]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-02]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation) [File not signed]
    R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
    R3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
    S3 cisvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
    S2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    S2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
    R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
    S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
    R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
    R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    S2 Fax; C:\WINDOWS\system32\fxssvc.exe [267776 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 InterBaseGuardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [22016 2004-11-05] (Inprise Corporation) [File not signed]
    R3 InterBaseServer; C:\Program Files\Borland\InterBase\bin\ibserver.exe [1701888 2004-11-05] (Inprise Corporation) [File not signed]
    S3 KodakCCS; C:\WINDOWS\system32\drivers\KodakCCS.exe [322104 2004-05-24] (Eastman Kodak Company) [File not signed]
    S2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation) [File not signed]
    S2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
    R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-04-07] (Lexmark International, Inc.) [File not signed]
    R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 LPDSVC; C:\WINDOWS\System32\tcpsvcs.exe [19456 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
    R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel® Corporation) [File not signed]
    R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
    R3 NtLmSsp; C:\WINDOWS\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 p2pimsvc; C:\WINDOWS\system32\p2psvc.dll [554496 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [554496 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
    S3 PNRPSvc; C:\WINDOWS\system32\p2psvc.dll [554496 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RpcLocator; C:\WINDOWS\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
    S3 RSVP; C:\WINDOWS\System32\rsvp.exe [132608 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 SBAMSvc; C:\Program Files\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
    S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 SimpTcp; C:\WINDOWS\System32\tcpsvcs.exe [19456 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 SNMP; C:\WINDOWS\System32\snmp.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [8704 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
    S2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    S3 TlntSvr; C:\WINDOWS\System32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
    R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed]
    S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
    S3 WmiApSrv; C:\WINDOWS\System32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2009-01-30] (Microsoft Corporation) [File not signed]
    R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-26] (Microsoft Corporation) [File not signed]
    R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
    S2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{7494A3C3-C230-4419-B814-9872918D1B9A}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
    S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 Avc; C:\WINDOWS\System32\DRIVERS\avc.sys [38912 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) [File not signed]
    R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys [4272 2003-08-28] () [File not signed]
    S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
    S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2003-07-16] (Microsoft Corporation) [File not signed]
    R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-05-02] (Microsoft Corporation) [File not signed]
    R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    R0 dmio; C:\WINDOWS\System32\DRIVERS\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    R0 dmload; C:\WINDOWS\system32\Drivers\dmload.sys [5888 2003-07-16] (Microsoft Corp., Veritas Software.) [File not signed]
    S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
    R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
    R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
    U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 GenPort; C:\WINDOWS\system32\Drivers\GenPort.sys [4832 1997-09-24] (3Dfx Interactive, Inc.) [File not signed]
    S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
    S1 I8042PRT; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [807804 2006-05-25] (Intel Corporation) [File not signed]
    R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 itchfltr; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [12953 2004-03-10] (Logitech, Inc.) [File not signed]
    R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
    S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [53869 2003-05-16] (Logitech, Inc.) [File not signed]
    R3 LCcfltr; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [14095 2004-03-03] (Logitech, Inc.) [File not signed]
    R3 LHidFlt2; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [25213 2003-05-16] (Logitech, Inc.) [File not signed]
    R3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37887 2004-03-03] (Logitech, Inc.) [File not signed]
    R3 LMouFlt2; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [72893 2003-05-16] (Logitech, Inc.) [File not signed]
    R2 MapMem; C:\WINDOWS\system32\Drivers\MapMem.sys [6816 1997-09-24] (3Dfx Interactive, Inc.) [File not signed]
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-10] (Malwarebytes Corporation)
    R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2003-07-16] (Microsoft Corporation) [File not signed]
    R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MODEMCSA; C:\WINDOWS\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 motccgp; C:\WINDOWS\System32\DRIVERS\motccgp.sys [18688 2008-08-21] (Motorola) [File not signed]
    S3 motccgpfl; C:\WINDOWS\System32\DRIVERS\motccgpfl.sys [8320 2008-08-21] (Motorola) [File not signed]
    S3 motmodem; C:\WINDOWS\System32\DRIVERS\motmodem.sys [23680 2007-06-18] (Motorola) [File not signed]
    S3 motport; C:\WINDOWS\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola) [File not signed]
    R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    R1 MpKsl1792b86f; c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{149CDFEB-14D3-44ED-97DD-BD90C899200F}\MpKsl1792b86f.sys [39464 2015-01-09] (Microsoft Corporation)
    R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
    S3 MSDV; C:\WINDOWS\System32\DRIVERS\msdv.sys [51200 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
    S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
    R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation) [File not signed]
    R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
    R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 NTRemap; C:\WINDOWS\system32\Drivers\NTRemap.sys [6336 1997-09-24] (3Dfx Interactive, Inc.) [File not signed]
    R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
    R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
    S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
    S1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2003-07-16] (Parallel Technologies, Inc.) [File not signed]
    R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2003-07-16] (Microsoft Corporation) [File not signed]
    R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2003-07-16] (Microsoft Corporation) [File not signed]
    R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2003-07-16] (Microsoft Corporation) [File not signed]
    R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]
    R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RMCAST; C:\WINDOWS\system32\drivers\RMCast.sys [203136 2008-05-08] (Microsoft Corporation) [File not signed]
    S3 RT25USBAP; C:\WINDOWS\System32\DRIVERS\rt25usbap.sys [162816 2006-04-09] (Ralink Technology Inc.) [File not signed]
    R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software)
    R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software)
    R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software)
    S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
    R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
    S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
    R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software)
    R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
    R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) [File not signed]
    R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
    S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [52384 2004-03-25] (MCCI) [File not signed]
    S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [84512 2004-03-25] (MCCI) [File not signed]
    S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [260224 2005-03-22] (Analog Devices, Inc.) [File not signed]
    S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
    R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
    R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
    R3 StillCam; C:\WINDOWS\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
    R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]
    S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
    R3 tunmp; C:\WINDOWS\System32\DRIVERS\tunmp.sys [12288 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60032 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [121984 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) [File not signed]
    R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation) [File not signed]
    R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
    S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) [File not signed]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) [File not signed]
    S3 aeaudio; system32\drivers\aeaudio.sys [X]
    S3 catchme; \??\C:\DOCUME~1\Daddy.JIM\LOCALS~1\Temp\catchme.sys [X]
    S3 DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys [X]
    S3 FilterService; system32\DRIVERS\lvuvcflt.sys [X]
    S4 IntelIde; No ImagePath
    S3 LVRS; system32\DRIVERS\lvrs.sys [X]
    S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
    S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
    U3 aswMBR; \??\C:\DOCUME~1\Daddy.JIM\LOCALS~1\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\DOCUME~1\Daddy.JIM\LOCALS~1\Temp\aswVmm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-07-05 09:35 - 2099-07-05 09:35 - 00000544 ____C () C:\WINDOWS\untD6.pif
    2099-07-05 09:35 - 2099-07-05 09:35 - 00000272 ____C () C:\WINDOWS\untD6.bat
    2099-07-02 20:54 - 2011-05-03 01:27 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Local Settings\Application Data\Temp
    2015-01-10 11:36 - 2015-01-10 11:36 - 00000000 ___DC () C:\FRST
    2015-01-10 10:35 - 2015-01-10 10:35 - 00007704 _____ () C:\WINDOWS\FaxSetup.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00006492 _____ () C:\WINDOWS\iis6.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00005772 _____ () C:\WINDOWS\ocgen.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00004590 _____ () C:\WINDOWS\tsoc.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00002576 _____ () C:\WINDOWS\msmqinst.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00002542 _____ () C:\WINDOWS\comsetup.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00001917 _____ () C:\WINDOWS\imsins.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00001836 _____ () C:\WINDOWS\ntdtcsetup.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00001592 _____ () C:\WINDOWS\netfxocm.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000479 _____ () C:\WINDOWS\msgsocm.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000425 _____ () C:\WINDOWS\ocmsn.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000311 _____ () C:\WINDOWS\tabletoc.log
    2015-01-10 10:26 - 2015-01-10 10:26 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-01-10 01:02 - 2015-01-10 01:02 - 00000060 _____ () C:\WINDOWS\setupact.log
    2015-01-10 01:02 - 2015-01-10 01:02 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-01-10 00:59 - 2015-01-10 10:25 - 00021494 _____ () C:\WINDOWS\setupapi.log
    2015-01-10 00:59 - 2015-01-10 00:59 - 00000000 ____D () C:\WINDOWS\LastGood
    2015-01-09 10:51 - 2015-01-09 10:51 - 00016677 _____ () C:\Documents and Settings\Daddy.JIM\Desktop\JRT.txt
    2015-01-09 10:36 - 2015-01-09 10:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
    2015-01-09 10:36 - 2015-01-09 10:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
    2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-09 08:30 - 2015-01-10 10:35 - 00004917 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-09 08:14 - 2015-01-09 08:29 - 00000000 ___DC () C:\AdwCleaner
    2015-01-08 00:45 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
    2015-01-07 22:51 - 2015-01-09 08:31 - 00000528 _____ () C:\WINDOWS\Tasks\SparkTrust AntiVirus Startup.job
    2015-01-07 22:51 - 2015-01-09 08:31 - 00000450 _____ () C:\WINDOWS\Tasks\SparkTrust Update Version3 Startup Task.job
    2015-01-07 22:51 - 2015-01-07 22:51 - 00000997 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SparkTrust AntiVirus.lnk
    2015-01-07 22:51 - 2012-09-20 05:11 - 00222368 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbtis.sys
    2015-01-07 22:51 - 2012-09-20 05:11 - 00094496 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbhips.sys
    2015-01-07 22:51 - 2012-09-12 20:19 - 00066344 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbapifs.sys
    2015-01-07 22:51 - 2012-09-12 20:19 - 00022064 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbaphd.sys
    2015-01-07 22:50 - 2015-01-07 22:50 - 00000000 ____D () C:\WINDOWS\system32\Drivers\VDD
    2015-01-07 22:50 - 2012-09-20 05:11 - 00337184 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFw.sys
    2015-01-07 22:50 - 2012-09-12 20:19 - 00095488 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFwIm.sys
    2015-01-07 20:55 - 2015-01-09 08:31 - 00000574 _____ () C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus Startup.job
    2015-01-07 20:55 - 2015-01-07 22:34 - 00000621 _____ () C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_26268AB2-96EA-11E4-B1ED-00038A000015.job
    2015-01-07 20:55 - 2015-01-07 22:34 - 00000398 _____ () C:\WINDOWS\Tasks\SparkTrust Update Version3_triggeronce.job
    2015-01-07 20:55 - 2015-01-07 22:34 - 00000398 _____ () C:\WINDOWS\Tasks\SparkTrust Update Version3.job
    2015-01-07 20:55 - 2015-01-07 20:55 - 00001006 _____ () C:\Documents and Settings\Daddy.JIM\Desktop\SparkTrust PC Cleaner Plus.lnk
    2015-01-07 20:55 - 2015-01-07 20:55 - 00000392 _____ () C:\WINDOWS\Tasks\SparkTrust Registration3.job
    2015-01-07 20:54 - 2015-01-09 10:03 - 00000000 ____D () C:\Program Files\SparkTrust
    2015-01-07 20:54 - 2015-01-07 20:54 - 00000000 ____D () C:\Program Files\Common Files\SparkTrust
    2015-01-07 20:28 - 2015-01-07 20:28 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4E262469.sys
    2015-01-07 08:23 - 2015-01-10 01:04 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-07 08:19 - 2015-01-07 08:19 - 00010752 _____ () C:\Documents and Settings\Daddy.JIM\My Documents\new search.xlr
    2015-01-07 08:14 - 2015-01-07 08:14 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-07 08:14 - 2015-01-07 08:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-07 08:14 - 2015-01-07 08:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-07 08:12 - 2015-01-07 08:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-07 08:12 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-01-07 08:12 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-07-07 02:26 - 2004-10-10 09:54 - 00000000 ____D () C:\Program Files\Maxis
    2099-07-05 09:38 - 2007-12-25 13:58 - 00000000 ____D () C:\Program Files\Living Books
    2099-07-05 09:36 - 2005-08-01 17:05 - 00000000 ____D () C:\Program Files\Yahoo!
    2099-07-05 09:35 - 2007-03-24 12:31 - 00000000 ____D () C:\Program Files\TQ Sports Software
    2099-07-05 09:30 - 2008-02-17 18:41 - 00000000 ____D () C:\Program Files\The Learning Company
    2099-07-05 09:28 - 2009-01-24 17:12 - 00000000 ___DC () C:\KA
    2099-07-05 09:26 - 2008-12-04 20:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Interactive
    2099-07-05 09:26 - 2008-12-04 20:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Interactive
    2099-07-05 09:21 - 2006-07-05 19:03 - 00000000 ____D () C:\Program Files\Mattel Interactive
    2099-07-04 02:34 - 2009-06-18 06:40 - 00000790 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Vid.lnk
    2099-07-04 02:17 - 2004-09-23 12:53 - 00000000 ____D () C:\Program Files\McAfee
    2099-07-04 02:17 - 2003-12-01 11:47 - 00000000 ____D () C:\Program Files\McAfee.com
    2099-07-04 02:07 - 2004-09-23 12:53 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\McAfee
    2015-01-10 11:37 - 2011-05-05 15:00 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Local Settings\Temp
    2015-01-10 10:32 - 2004-08-31 10:39 - 00001588 _____ () C:\WINDOWS\wiadebug.log
    2015-01-10 10:32 - 2003-12-01 11:45 - 00000000 ____D () C:\Program Files\Microsoft Picture It! 7
    2015-01-10 10:32 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\Help
    2015-01-10 10:31 - 2003-12-01 11:44 - 00000000 ____D () C:\Program Files\Microsoft Money
    2015-01-10 10:23 - 2007-07-29 15:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-10 01:27 - 2003-07-16 09:45 - 00000829 _____ () C:\WINDOWS\win.ini
    2015-01-10 00:59 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\SYSTEM
    2015-01-10 00:57 - 2003-07-16 09:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-09 22:59 - 2011-05-03 16:30 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\temp
    2015-01-09 22:56 - 2014-11-02 14:43 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2015-01-09 22:52 - 2004-08-31 17:00 - 00032410 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-09 22:47 - 2004-08-31 10:39 - 00000048 ____C () C:\WINDOWS\wiaservc.log
    2015-01-09 22:46 - 2004-08-31 16:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-09 22:45 - 2004-08-31 17:31 - 00000178 ___SH () C:\Documents and Settings\Daddy.JIM\ntuser.ini
    2015-01-09 08:34 - 2004-11-02 11:17 - 00000000 ___DC () C:\Documents and Settings\Administrator.JIM
    2015-01-08 21:49 - 2006-05-08 16:40 - 00000200 _____ () C:\WINDOWS\AUDC70UI.dat
    2015-01-08 15:16 - 2014-11-02 20:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-08 15:09 - 2004-08-31 20:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\FaxTools
    2015-01-08 15:09 - 2004-08-31 20:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\FaxTools
    2015-01-07 22:29 - 2014-12-08 20:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-07 22:29 - 2009-04-05 21:29 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\BitTorrent
    2015-01-07 22:29 - 2008-09-13 20:35 - 00000000 ____D () C:\Program Files\QuickTime
    2015-01-07 22:29 - 2008-01-12 20:32 - 00000000 ____D () C:\Program Files\SG2
    2015-01-07 22:29 - 2007-04-24 15:34 - 00000000 ___DC () C:\Documents and Settings\Daddy~JIM
    2015-01-07 22:29 - 2007-03-27 14:11 - 00000000 ____D () C:\Program Files\Apple Software Update
    2015-01-07 22:29 - 2007-02-16 16:25 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\IMVU
    2015-01-07 22:29 - 2007-02-12 01:04 - 00000000 ____D () C:\Program Files\LimeWire
    2015-01-07 22:29 - 2006-04-17 16:52 - 00000000 ____D () C:\Program Files\Common Files\EasyInfo
    2015-01-07 22:29 - 2004-08-31 17:31 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM
    2015-01-07 22:29 - 2004-08-31 10:34 - 00000000 ___HD () C:\Documents and Settings\Default User.WINDOWS
    2015-01-07 22:29 - 2004-08-31 10:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
    2015-01-07 22:29 - 2004-08-29 20:26 - 00000000 ____D () C:\Program Files\FaxTools
    2015-01-07 22:29 - 2004-08-21 16:20 - 00000000 ____D () C:\Program Files\WebIQ
    2015-01-07 22:29 - 2004-02-01 23:22 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
    2015-01-07 22:29 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\SECURITY
    2015-01-07 22:29 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\REPAIR
    2015-01-07 22:28 - 2004-08-31 21:33 - 00000000 __SHD () C:\Documents and Settings\Daddy.JIM\UserData
    2015-01-07 22:28 - 2004-08-31 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickTime
    2015-01-07 22:28 - 2004-08-31 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickTime
    2015-01-07 22:25 - 2014-07-09 11:42 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Start Menu\Programs\Capsule Utilities
    2015-01-06 12:19 - 2014-11-02 11:15 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Desktop\Old Firefox Data
    2015-01-04 17:19 - 2011-05-03 09:36 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\Malwarebytes
    2015-01-04 17:19 - 2011-05-03 09:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2015-01-04 17:19 - 2011-05-03 09:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2014-12-27 23:12 - 2014-08-15 12:28 - 00041472 ___SH () C:\Documents and Settings\Daddy.JIM\Desktop\Thumbs.db
    2014-12-14 01:14 - 2012-04-12 21:29 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-14 01:14 - 2011-09-19 04:32 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-13 20:58 - 2012-04-24 20:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

    ZeroAccess:
    C:\RECYCLER\S-1-5-21-682003330-179605362-725345543-1003\$16062789ce2baeb2f0d240c7bad8c41f

    Files to move or delete:
    ====================
    C:\Documents and Settings\Daddy.JIM\gotomypc_437.exe
    C:\Documents and Settings\Daddy.JIM\gotomypc_533.exe
    C:\Documents and Settings\Daddy.JIM\gotomypc_540.exe
    C:\Documents and Settings\Daddy.JIM\gotomypc_626.exe


    Some content of TEMP:
    ====================
    C:\Documents and Settings\Daddy.JIM\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Daddy.JIM\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Daddy.JIM\Local Settings\Temp\_is141.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================

    .

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
    Ran by Daddy at 2015-01-10 11:38:43
    Running from C:\Documents and Settings\Daddy.JIM\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3Dfx Interactive (HKLM\...\3Dfx InteractiveDeinstKey) (Version:  - )
    A4Tech iKeyWorks 7.64 (HKLM\...\A4Tech iKeyWorks) (Version:  - )
    A4Tech iWheelWorks 7.64 (HKLM\...\WheelMouse) (Version:  - )
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
    Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
    AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.6.255.207 - ArcSoft)
    Auction Client (HKLM\...\{22D9B90E-5975-4C44-B0B2-F02A97BE030D}) (Version:  - )
    AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
    BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
    Catclub saver1 (HKLM\...\Catclub saver1) (Version:  - )
    CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
    Citrix Online Launcher (HKLM\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CR2 (Version: 3.01.0001.0003 - Eastman Kodak Company) Hidden
    Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
    Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
    Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
    Disney's Cinderella's Castle Designer (HKLM\...\{680E5008-CA49-11D6-8940-0002A5E32BEF}) (Version:  - )
    DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
    EA Download Manager (HKLM\...\EADM) (Version: 5.0.0.161 - Electronic Arts, Inc.)
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
    ESSBrwr (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESScore (Version: 7.01.0000.0012 - EASTMAN KODAK Company) Hidden
    ESSgui (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSini (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    FaxTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: 5.10 - BVRP Software)
    Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
    FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    gAttach! (HKLM\...\gAttach!_is1) (Version:  - Chris Wood)
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
    HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
    Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
    Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
    Intel® PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
    Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
    Logitech iTouch Software (HKLM\...\{036AA4D4-6D32-11D4-9875-00105ACE7734}) (Version:  - )
    Logitech MouseWare 9.77  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
    Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
    Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.01.1015 - Logitech Inc.)
    Magicbit Audio Converter (HKLM\...\Audio Converter) (Version: 2.2.30.730 - Magicbit)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Shredder (Version: 1.00.0000 - McAfee, Inc) Hidden
    MediaFACE 4.0 (HKLM\...\InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}) (Version: 4.0 - Fellowes)
    MediaFACE 4.0 (Version: 4.0 - Fellowes) Hidden
    MediaFACE 4.0 Image Library (HKLM\...\InstallShield_{494C271C-1528-4886-A78C-BFB3C823A37B}) (Version: 4.0 - Fellowes)
    MediaFACE 4.0 Image Library (Version: 4.0 - Fellowes) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Encarta Encyclopedia Standard 2003 (HKLM\...\{03410014-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Publisher 2007 Trial (HKLM\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
    Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
    Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}) (Version: 3.1.3.0 - Apple Inc.)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
    muvee Plugin 1.0 (HKLM\...\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}) (Version: 1.01.100 - muvee Technologies)
    netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Octoshape Streaming Services (HKU\S-1-5-21-682003330-179605362-725345543-1003\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
    OfotoXMI (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
    QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version:  - )
    RealArcade (HKLM\...\RealArcade) (Version:  - )
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    SanDisk TransferMate (HKLM\...\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}) (Version:  - SanDisk)
    SecurDisc Viewer (HKLM\...\{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}) (Version: 7.02.8511 - Nero AG)
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
    SFR2 (Version: 3.03.0000.0002 - EASTMAN KODAK Company) Hidden
    SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    skin0001 (Version: 7.01.0000.0003 - EASTMAN KODAK Company) Hidden
    SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.80 - Sonic Solutions)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.7000 - Analog Devices)
    SparkTrust AntiVirus (HKLM\...\{9F817F09-5E09-4F08-907B-F1BB74801733}) (Version: 2.1.4.0 - SparkTrust)
    SparkTrust PC Cleaner Plus (HKLM\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.14.0 - SparkTrust) <==== ATTENTION
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    staticcr (Version: 7.01.0000.0005 - EASTMAN KODAK Company) Hidden
    System Requirements Lab (HKLM\...\{1E99F5D7-4262-4C7C-9135-F066E7485811}) (Version: 4.1.14.0 - Husdawg, LLC)
    TES Construction Set (HKLM\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
    tooltips (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Träningsdagboken - Interbase (HKLM\...\InterBase) (Version:  - )
    Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Vipre (Version: 6.1.5496 - Vipre) Hidden
    VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    WIRELESS (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-682003330-179605362-725345543-1003_Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\InprocServer32 -> C:\Program Files\SystemRequirementsLab\sysreqlabdetect.dll (Husdawg, LLC)
    CustomCLSID: HKU\S-1-5-21-682003330-179605362-725345543-1003_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\sua-1312180-0-apoctoshape.dll (Octoshape ApS)
    CustomCLSID: HKU\S-1-5-21-682003330-179605362-725345543-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

    ==================== Restore Points  =========================

    16-09-2014 20:47:08 System Checkpoint
    17-09-2014 20:47:15 System Checkpoint
    18-09-2014 21:47:15 System Checkpoint
    19-09-2014 23:57:47 System Checkpoint
    21-09-2014 00:09:52 System Checkpoint
    22-09-2014 00:47:33 System Checkpoint
    23-09-2014 01:47:33 System Checkpoint
    24-09-2014 02:47:32 System Checkpoint
    25-09-2014 03:47:33 System Checkpoint
    26-09-2014 04:47:33 System Checkpoint
    27-09-2014 05:47:33 System Checkpoint
    28-09-2014 06:47:33 System Checkpoint
    29-09-2014 06:47:47 System Checkpoint
    30-09-2014 07:07:15 System Checkpoint
    01-10-2014 07:52:18 System Checkpoint
    02-10-2014 08:02:22 System Checkpoint
    03-10-2014 08:53:35 System Checkpoint
    04-10-2014 12:05:17 System Checkpoint
    05-10-2014 12:52:31 System Checkpoint
    06-10-2014 12:52:44 System Checkpoint
    07-10-2014 13:52:44 System Checkpoint
    08-10-2014 14:52:44 System Checkpoint
    09-10-2014 15:52:44 System Checkpoint
    10-10-2014 16:52:44 System Checkpoint
    11-10-2014 17:52:44 System Checkpoint
    12-10-2014 21:27:05 System Checkpoint
    13-10-2014 22:48:20 System Checkpoint
    14-10-2014 23:22:30 System Checkpoint
    15-10-2014 23:53:04 System Checkpoint
    17-10-2014 00:53:04 System Checkpoint
    18-10-2014 01:53:04 System Checkpoint
    19-10-2014 02:53:05 System Checkpoint
    20-10-2014 02:53:17 System Checkpoint
    21-10-2014 03:53:17 System Checkpoint
    22-10-2014 05:05:22 System Checkpoint
    23-10-2014 05:53:17 System Checkpoint
    24-10-2014 06:54:23 System Checkpoint
    25-10-2014 07:53:17 System Checkpoint
    26-10-2014 08:53:18 System Checkpoint
    27-10-2014 08:53:31 System Checkpoint
    28-10-2014 09:53:31 System Checkpoint
    29-10-2014 10:53:30 System Checkpoint
    30-10-2014 11:53:30 System Checkpoint
    31-10-2014 12:53:31 System Checkpoint
    01-11-2014 13:53:31 System Checkpoint
    02-11-2014 13:10:29 Removed Sonic RecordNow!
    02-11-2014 13:11:16 Removed Rhapsody Player Engine
    02-11-2014 13:12:41 Removed URGE
    02-11-2014 13:14:56 Removed Logitech Vid.
    02-11-2014 13:18:03 Removed PRODUCT_NAME
    02-11-2014 13:25:20 Configured Broadcom Advanced Control Suite
    02-11-2014 13:29:15 Removed Bonjour
    02-11-2014 13:30:19 Configured RemoteCapture Task 1.1
    02-11-2014 13:36:49 Removed Jasc Paint Shop Photo Album
    02-11-2014 13:38:41 Removed Jasc Paint Shop Pro 8 Dell Edition
    02-11-2014 13:41:28 Removed Microsoft Streets and Trips 2002
    02-11-2014 13:44:15 Configured ubCore

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2003-07-16 09:23 - 2014-02-25 23:10 - 00450622 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    127.0.0.1    1-2005-search.com
    127.0.0.1    123fporn.info
    127.0.0.1    www.123fporn.info
    127.0.0.1    123haustiereundmehr.com
    127.0.0.1    www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: C:\WINDOWS\Tasks\SparkTrust AntiVirus Startup.job => C:\Program Files\SparkTrust\SparkTrust AntiVirus\SparkTrust.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_26268AB2-96EA-11E4-B1ED-00038A000015.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
    2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
    2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 ____C () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
    2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
    2010-10-26 01:50 - 2010-10-26 01:50 - 00438272 ____C () C:\Program Files\Flip Video\FlipShareServer\PlugIns\sqldrivers\qsqlite4.dll
    2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-12-08 20:55 - 2014-12-08 20:56 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2003-07-16 09:36 - 2011-11-03 08:28 - 01292288 ____C () C:\WINDOWS\System32\quartz.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:24051EFF
    AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:24051EFF

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbaphd => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifs => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifsl => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbhips => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbaphd => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifs => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifsl => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbhips => ""=""

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: IgfxTray =>
    MSCONFIG\startupreg: Microsoft Works Update Detection =>
    MSCONFIG\startupreg: MMTray =>
    MSCONFIG\startupreg: QuickTime Task =>
    MSCONFIG\startupreg: SunJavaUpdateSched =>
    MSCONFIG\startupreg: TkBellExe =>

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-682003330-179605362-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.JIM
    ASPNET (S-1-5-21-682003330-179605362-725345543-1008 - Limited - Enabled)
    Daddy (S-1-5-21-682003330-179605362-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Daddy.JIM
    Guest (S-1-5-21-682003330-179605362-725345543-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-682003330-179605362-725345543-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-682003330-179605362-725345543-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/01/2099 11:05:47 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 11:05:26 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 11:05:11 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (07/01/2099 11:04:56 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The specified server cannot perform the requested operation.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The specified server cannot perform the requested operation.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (07/01/2099 09:37:53 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


    System errors:
    =============
    Error: (08/04/2009 02:31:40 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:40 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:39 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:39 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:39 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:38 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:38 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:37 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:37 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:37 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor:  Intel® Pentium® 4 CPU 2.80GHz
    Percentage of memory in use: 42%
    Total physical RAM: 2045.98 MB
    Available physical RAM: 1176.34 MB
    Total Pagefile: 2664.24 MB
    Available Pagefile: 1497.67 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1936.19 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.47 GB) (Free:10.07 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive f: (STORE N GO) (Removable) (Total:3.73 GB) (Free:0.74 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E)
    Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
    Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 3.7 GB) (Disk ID: 6F20736B)
    No partition Table on disk 1.
    Disk 1 is a removable device.

    ==================== End Of Log ============================

     



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 January 2015 - 03:10 PM

    It looks like you may be infected with the ZeroAccess Rootkit

     

     

    Please download TDSSKiller.zip
     
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 jabrooksy

    jabrooksy

      Authentic Member

    • Authentic Member
    • PipPip
    • 58 posts

    Posted 11 January 2015 - 12:47 AM

    Link you gave me doesn't work.  I figure its a kasperksky  deal but I dont want to download anything on my own that you dont send me right now.  want to try it again?.....................JB



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 January 2015 - 03:09 AM

    It worked for me but was kind of confusing, they must have changed there website

     

    Try this one, you can just download the .exe version

    http://www.bleepingc...oad/tdsskiller/



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 jabrooksy

    jabrooksy

      Authentic Member

    • Authentic Member
    • PipPip
    • 58 posts

    Posted 11 January 2015 - 02:24 PM

    Okay was able to download and run TDDSKiller.exe .  No malicious objects were found.  I viewed the report.  It gave me no option to save the report.  So I rebooted thinking it would pop up somewhere on the desktop.  Also searched for it on the files with no success.  Ran it again and tried the old cut and paste routine but it wouldn't allow me to do that for you either.  Next move or school me how to find the report.  I did run search for anything related to TDSSKiller.exe and came up with nothing.  Sorry.......................JB



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 January 2015 - 03:19 PM

    No problem JB, as long as you say it didnt find anything, its very possible that your not completely infected with ZeroAccess, maybe just a few files installed and nothing else

     

    Lets run Combofix, if ZeroAccess is present CF will find and remove it

     

     

    Download ComboFix from here:
     
    Place ComboFix.exe on your Desktop <--Important
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  • * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
     
     
    You can get help on disabling your protection programs here
     
  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply
  •  
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 jabrooksy

    jabrooksy

      Authentic Member

    • Authentic Member
    • PipPip
    • 58 posts

    Posted 11 January 2015 - 09:20 PM

    Here you go:

    .

    ComboFix 15-01-08.01 - Daddy 01/11/2015  18:09:26.2.1 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1091 [GMT -7:00]
    Running from: c:\documents and settings\Daddy.JIM\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    c:\documents and settings\Daddy.JIM\WINDOWS
    c:\windows\desktop
    c:\windows\desktop\Instal~1.lnk
    c:\windows\system32\hkcmd.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-12-12 to 2015-01-12  )))))))))))))))))))))))))))))))
    .
    .
    2099-07-05 16:36 . 2015-01-08 05:29    --------    d-----w-    c:\documents and settings\Daddy.JIM\Local Settings\Application Data\Wal-Mart Music Downloads
    2099-07-05 16:35 . 2099-07-05 16:35    544    -c--a-w-    c:\windows\untD6.pif
    2099-07-05 16:35 . 2099-07-05 16:35    272    -c--a-w-    c:\windows\untD6.bat
    2099-07-03 03:54 . 2011-05-03 08:27    --------    d-----w-    c:\documents and settings\Daddy.JIM\Local Settings\Application Data\Temp
    2015-01-11 21:07 . 2015-01-11 21:07    --------    d-----w-    c:\windows\LastGood
    2015-01-11 19:56 . 2015-01-11 19:56    39464    ----a-w-    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02CE056-7D82-46F3-B1E3-D8A8262D1B5E}\MpKsl21749650.sys
    2015-01-11 06:43 . 2014-12-02 11:01    9054624    ----a-w-    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02CE056-7D82-46F3-B1E3-D8A8262D1B5E}\mpengine.dll
    2015-01-10 18:36 . 2015-01-10 18:39    --------    dc----w-    C:\FRST
    2015-01-09 17:36 . 2015-01-09 17:36    --------    d-----w-    c:\documents and settings\All Users.WINDOWS\Application Data\SparkTrust
    2015-01-09 17:01 . 2015-01-09 17:01    --------    d-----w-    c:\windows\ERUNT
    2015-01-09 15:14 . 2015-01-09 15:29    --------    dc----w-    C:\AdwCleaner
    2015-01-08 07:45 . 2013-05-23 14:39    43368    ----a-w-    c:\windows\system32\drivers\gfiark.sys
    2015-01-08 05:51 . 2012-09-13 03:19    66344    ----a-w-    c:\windows\system32\drivers\sbapifs.sys
    2015-01-08 05:51 . 2012-09-20 12:11    94496    ----a-w-    c:\windows\system32\drivers\sbhips.sys
    2015-01-08 05:51 . 2012-09-13 03:19    22064    ----a-w-    c:\windows\system32\drivers\sbaphd.sys
    2015-01-08 05:51 . 2012-09-20 12:11    222368    ----a-w-    c:\windows\system32\drivers\sbtis.sys
    2015-01-08 05:50 . 2012-09-20 12:11    337184    ----a-w-    c:\windows\system32\drivers\SbFw.sys
    2015-01-08 05:50 . 2012-09-13 03:19    95488    ----a-w-    c:\windows\system32\drivers\SbFwIm.sys
    2015-01-08 05:50 . 2015-01-08 05:50    --------    d-----w-    c:\windows\system32\drivers\VDD
    2015-01-08 03:54 . 2015-01-08 03:54    --------    d-----w-    c:\program files\Common Files\SparkTrust
    2015-01-08 03:54 . 2015-01-09 17:03    --------    d-----w-    c:\program files\SparkTrust
    2015-01-08 03:28 . 2015-01-08 03:28    114904    ----a-w-    c:\windows\system32\drivers\4E262469.sys
    2015-01-07 15:23 . 2015-01-12 00:59    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-07 15:12 . 2014-11-21 13:14    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-07 15:12 . 2014-11-21 13:14    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2015-01-07 15:12 . 2015-01-07 15:13    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
    2015-01-05 15:31 . 2014-12-02 11:01    9054624    ----a-w-    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-14 08:14 . 2012-04-13 04:29    701616    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
    2014-12-14 08:14 . 2011-09-19 11:32    71344    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-24 21:04 . 2011-08-11 14:34    229000    -c----w-    c:\windows\system32\MpSigStub.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ReinstallBackups\0049\DriverFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ReinstallBackups\0054\DriverFiles\i386\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys
    .
    [-] 2003-07-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
    [-] 2003-07-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DLLCACHE\beep.sys
    [-] 2003-07-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\beep.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ntfs.sys
    .
    [-] 2003-07-16 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
    [-] 2003-07-16 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DLLCACHE\null.sys
    [-] 2003-07-16 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\null.sys
    .
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    .
    [-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SYSTEM32\browser.dll
    [-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SYSTEM32\DLLCACHE\browser.dll
    [-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ERDNT\cache\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SYSTEM32\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\bits\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\qmgr.dll
    .
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    .
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
    .
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SYSTEM32\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SYSTEM32\DLLCACHE\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\winlogon.exe
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ipsec.sys
    .
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SYSTEM32\comctl32.dll
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SYSTEM32\DLLCACHE\comctl32.dll
    [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    [-] 2004-12-21 . 865CF4B7CA471E4E9E4EC3F3CE60FE9E . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1612_x-ww_7c379b08\comctl32.dll
    [-] 2004-08-20 . FC13804088C77CCA6B6C9B26BA5BDECB . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll
    [-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\InstallTemp\66276384\comctl32.dll
    [-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    [-] 2003-07-16 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    [-] 2003-07-16 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\54012\comctl32.dll
    [-] 2003-07-16 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\cryptsvc.dll
    .
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\DLLCACHE\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\imm32.dll
    .
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SYSTEM32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\lpk.dll
    .
    [-] 2012-07-02 . 13D2E016B784730A98F24D6E5BEED22F . 6008320 . . [8.00.6001.19298] . . c:\windows\SYSTEM32\mshtml.dll
    [-] 2012-07-02 . 13D2E016B784730A98F24D6E5BEED22F . 6008320 . . [8.00.6001.19298] . . c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
    [-] 2012-07-02 . DF599AC52B62DE001E42D36F92B45E68 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll
    [-] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
    [-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
    [-] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
    [-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
    [-] 2011-12-17 . A9259CD226283CD4F798C00909754A94 . 5979136 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
    [-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll
    [-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
    [-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
    [-] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    [-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
    [-] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
    [-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
    [-] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
    [-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
    [-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ERDNT\cache\mshtml.dll
    [-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
    [-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
    [-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
    [-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
    [-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
    [-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
    [-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    [-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
    [-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
    [-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
    [-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
    [-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
    [-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
    [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
    [-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie8\mshtml.dll
    [-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
    [-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    [-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
    [-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
    [-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
    [-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [-] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
    [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
    [-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
    [-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
    [-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
    [-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
    [-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
    [-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
    [-] 2006-10-27 . 7C91F9D79EC63BEA7CCC23F58F2C7182 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
    [-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\ie7\mshtml.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SYSTEM32\msvcrt.dll
    [-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    [-] 2003-07-16 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2003-07-16 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
    .
    [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
    [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\mswsock.dll
    [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
    .
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SYSTEM32\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\userinit.exe
    .
    [-] 2012-07-02 . C4300CB4D20B1159DC77E01E8A2525EC . 916992 . . [8.00.6001.19298] . . c:\windows\SYSTEM32\wininet.dll
    [-] 2012-07-02 . C4300CB4D20B1159DC77E01E8A2525EC . 916992 . . [8.00.6001.19298] . . c:\windows\SYSTEM32\DLLCACHE\wininet.dll
    [-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
    [-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\ie8updates\KB2722913-IE8\wininet.dll
    [-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
    [-] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\wininet.dll
    [-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
    [-] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll
    [-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
    [-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll
    [-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
    [-] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    [-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
    [-] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
    [-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
    [-] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
    [-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
    [-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ERDNT\cache\wininet.dll
    [-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
    [-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
    [-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
    [-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
    [-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
    [-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
    [-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
    [-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
    [-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
    [-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
    [-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
    [-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
    [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
    [-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie8\wininet.dll
    [-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
    [-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
    [-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
    [-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
    [-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
    [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
    [-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
    [-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
    [-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
    [-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
    [-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
    [-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
    [-] 2006-10-27 . 7CF0B0D5D9D47585853E2A6978441F64 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
    [-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\ie7\wininet.dll
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\regedit.exe
    .
    [-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\SYSTEM32\ole32.dll
    [-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\SYSTEM32\DLLCACHE\ole32.dll
    [-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    .
    [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\ERDNT\cache\usp10.dll
    [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\SYSTEM32\usp10.dll
    [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\SYSTEM32\DLLCACHE\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\LastGood\system32\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SYSTEM32\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SYSTEM32\ReinstallBackups\0034\DriverFiles\i386\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SYSTEM32\ReinstallBackups\0048\DriverFiles\i386\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ctfmon.exe
    .
    [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\ERDNT\cache\shsvcs.dll
    [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\SYSTEM32\shsvcs.dll
    [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\SYSTEM32\DLLCACHE\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    .
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\msimg32.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\xmlprov.dll
    .
    [-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\SYSTEM32\ntdll.dll
    [-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\SYSTEM32\DLLCACHE\ntdll.dll
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
    .
    [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\SYSTEM32\msctfime.ime
    [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\SYSTEM32\DLLCACHE\msctfime.ime
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfcfiles.dll
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\hnetcfg.dll
    .
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\appmgmts.dll
    .
    [-] 2003-07-16 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
    [-] 2003-07-16 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DLLCACHE\acpiec.sys
    [-] 2003-07-16 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\acpiec.sys
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SYSTEM32\DRIVERS\aec.sys
    .
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\agp440.sys
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys
    .
    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\iprip.dll
    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\iprip.dll
    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\iprip.dll
    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\iprip.dll
    .
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SYSTEM32\mfc40u.dll
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SYSTEM32\DLLCACHE\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\msgsvc.dll
    .
    [-] 2009-01-31 03:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\SYSTEM32\mspmsnsv.dll
    [-] 2009-01-31 03:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll
    [-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
    [-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
    [-] 2002-11-27 01:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
    .
    [-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
    [-] 2012-05-04 . 5DD80D56AF1CEFBFF4F25951069B55BB . 2069120 . . [5.1.2600.6223] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2012-05-04 . 5DD80D56AF1CEFBFF4F25951069B55BB . 2069120 . . [5.1.2600.6223] . . c:\windows\SYSTEM32\ntkrnlpa.exe
    [-] 2012-05-04 . 5DD80D56AF1CEFBFF4F25951069B55BB . 2069120 . . [5.1.2600.6223] . . c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
    [-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
    [-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
    [-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
    [-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
    [-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
    [-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SYSTEM32\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SYSTEM32\DLLCACHE\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SYSTEM32\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SYSTEM32\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SYSTEM32\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DLLCACHE\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\version.dll
    .
    [-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
    [-] 2012-05-04 . DDF0CB8CD3C6007CDF4AD8F0409ED930 . 2192640 . . [5.1.2600.6223] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2012-05-04 . DDF0CB8CD3C6007CDF4AD8F0409ED930 . 2192640 . . [5.1.2600.6223] . . c:\windows\SYSTEM32\ntoskrnl.exe
    [-] 2012-05-04 . DDF0CB8CD3C6007CDF4AD8F0409ED930 . 2192640 . . [5.1.2600.6223] . . c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
    [-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
    [-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
    [-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
    [-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
    [-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
    [-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\ERDNT\cache\ntoskrnl.exe
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\rasadhlp.dll
    .
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wshtcpip.dll
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Octoshape Streaming Services"="c:\documents and settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2009-02-03 8704]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
    "MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
    "MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2002-12-17 53248]
    "iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2004-08-31 61440]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
    "HostManager"="c:\program files\Common Files\AOL\1102552839\ee\AOLSoftware.exe" [2010-03-08 41800]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbaphd]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifs]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifsl]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbhips]
    @=""
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R1 MpKsl21749650;MpKsl21749650;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02CE056-7D82-46F3-B1E3-D8A8262D1B5E}\MpKsl21749650.sys [1/11/2015 12:56 PM 39464]
    R1 sbaphd;sbaphd;c:\windows\SYSTEM32\DRIVERS\sbaphd.sys [1/7/2015 10:51 PM 22064]
    R1 SbFw;SbFw;c:\windows\SYSTEM32\DRIVERS\SbFw.sys [1/7/2015 10:50 PM 337184]
    R1 sbtis;sbtis;c:\windows\SYSTEM32\DRIVERS\sbtis.sys [1/7/2015 10:51 PM 222368]
    R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 11:58 AM 1085440]
    R2 GenPort;GenPort;c:\windows\SYSTEM32\DRIVERS\genport.sys [3/27/2005 5:01 PM 4832]
    R2 MapMem;MapMem;c:\windows\SYSTEM32\DRIVERS\MAPMEM.SYS [3/27/2005 5:01 PM 6816]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [1/7/2015 8:12 AM 1871160]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [1/7/2015 8:12 AM 969016]
    R2 NTRemap;NTRemap;c:\windows\SYSTEM32\DRIVERS\NTREMAP.SYS [3/27/2005 5:01 PM 6336]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056]
    R2 SBAMSvc;SparkTrust AntiVirus;c:\program files\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe [9/20/2012 5:39 AM 3677000]
    R2 sbapifs;sbapifs;c:\windows\SYSTEM32\DRIVERS\sbapifs.sys [1/7/2015 10:51 PM 66344]
    R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [1/7/2015 8:12 AM 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\MBAMSwissArmy.sys [1/7/2015 8:23 AM 114904]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\SYSTEM32\DRIVERS\SbFwIm.sys [1/7/2015 10:50 PM 95488]
    S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\Drivers\DrvAgent32.sys --> c:\windows\system32\Drivers\DrvAgent32.sys [?]
    S3 gfiark;gfiark;c:\windows\SYSTEM32\DRIVERS\gfiark.sys [1/8/2015 12:45 AM 43368]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\SYSTEM32\DRIVERS\SbFwIm.sys [1/7/2015 10:50 PM 95488]
    S3 sbhips;sbhips;c:\windows\SYSTEM32\DRIVERS\sbhips.sys [1/7/2015 10:51 PM 94496]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - MPKSL21749650
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 08:14]
    .
    2015-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 18:34]
    .
    2015-01-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
    .
    2015-01-08 c:\windows\Tasks\SparkTrust Registration3.job
    - c:\program files\Common Files\SparkTrust\UUS3\UUS3.dll [2014-11-20 01:18]
    .
    2015-01-11 c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
    - c:\program files\Common Files\SparkTrust\UUS3\Update3.exe [2014-11-20 01:18]
    .
    2015-01-08 c:\windows\Tasks\SparkTrust Update Version3.job
    - c:\program files\common files\sparktrust\uus3\Update3.exe [2014-11-20 01:18]
    .
    2015-01-08 c:\windows\Tasks\SparkTrust Update Version3_triggeronce.job
    - c:\program files\common files\sparktrust\uus3\Update3.exe [2014-11-20 01:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{146C646B-4CCB-46FD-813F-13109BA96C34}: DhcpNameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
    FF - ProfilePath - c:\documents and settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\
    FF - ExtSQL: !HIDDEN! 2009-07-07 16:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - ExtSQL: !HIDDEN! 2012-03-03 20:51; 4jffxtbr@RadioRage_4j.com; c:\program files\RadioRage_4j\bar\1.bin
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-igfxhkcmd - c:\windows\system32\hkcmd.exe
    HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
    HKU-Default-Run-AOL Fast Start - c:\program files\AOL 9.1\AOL.EXE
    AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
    AddRemove-{35827710-D042-428B-A1E5-E20E12D2FEB9} - c:\program files\SparkTrust\SparkTrust PC Cleaner Plus\uninstall.exe
    AddRemove-{9F817F09-5E09-4F08-907B-F1BB74801733} - c:\program files\SparkTrust\SparkTrust AntiVirus\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-01-11 18:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,f9,eb,db,59,0e,b1,49,a3,62,45,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,f9,eb,db,59,0e,b1,49,a3,62,45,\
    .
    [HKEY_USERS\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2015-01-11  18:28:51
    ComboFix-quarantined-files.txt  2015-01-12 01:28
    ComboFix2.txt  2011-05-03 23:30
    .
    Pre-Run: 13,909,037,056 bytes free
    Post-Run: 14,205,235,200 bytes free
    .
    - - End Of File - - 69DD133A0A7CE3C300129E38BD160CCE
    8F558EB6672622401DA993E1E865C861
     



    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 January 2015 - 10:57 PM

    CF did not remove much but I am concerned over the SigCheck entries, there are a ton of them and there all unsigned files, even the files in backups are unsigned so there is no way to replace them if there bad. CF also did not find the Rootkit, this may or may not be a good thing

     

     

    Heads up on this one let me know if you want to keep it

     

    http://techlifepost....enhancement’/

     

     

    Go ahead and run a new scan with FRST, checkmark Additions and post both new logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 jabrooksy

    jabrooksy

      Authentic Member

    • Authentic Member
    • PipPip
    • 58 posts

    Posted 11 January 2015 - 11:33 PM

    I have no idea about the heads up deal.  Don't recognize it.  Here are the logs you requested:

    .

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015 01
    Ran by Daddy at 2015-01-11 22:30:28
    Running from C:\Documents and Settings\Daddy.JIM\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3Dfx Interactive (HKLM\...\3Dfx InteractiveDeinstKey) (Version:  - )
    A4Tech iKeyWorks 7.64 (HKLM\...\A4Tech iKeyWorks) (Version:  - )
    A4Tech iWheelWorks 7.64 (HKLM\...\WheelMouse) (Version:  - )
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
    Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
    AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.6.255.207 - ArcSoft)
    Auction Client (HKLM\...\{22D9B90E-5975-4C44-B0B2-F02A97BE030D}) (Version:  - )
    AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
    BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
    Catclub saver1 (HKLM\...\Catclub saver1) (Version:  - )
    CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
    Citrix Online Launcher (HKLM\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CR2 (Version: 3.01.0001.0003 - Eastman Kodak Company) Hidden
    Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
    Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
    Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
    Disney's Cinderella's Castle Designer (HKLM\...\{680E5008-CA49-11D6-8940-0002A5E32BEF}) (Version:  - )
    DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
    ESSBrwr (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESScore (Version: 7.01.0000.0012 - EASTMAN KODAK Company) Hidden
    ESSgui (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSini (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    FaxTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: 5.10 - BVRP Software)
    Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
    FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    gAttach! (HKLM\...\gAttach!_is1) (Version:  - Chris Wood)
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
    HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
    Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
    Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
    Intel® PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
    Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
    Logitech iTouch Software (HKLM\...\{036AA4D4-6D32-11D4-9875-00105ACE7734}) (Version:  - )
    Logitech MouseWare 9.77  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
    Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
    Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.01.1015 - Logitech Inc.)
    Magicbit Audio Converter (HKLM\...\Audio Converter) (Version: 2.2.30.730 - Magicbit)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Shredder (Version: 1.00.0000 - McAfee, Inc) Hidden
    MediaFACE 4.0 (HKLM\...\InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}) (Version: 4.0 - Fellowes)
    MediaFACE 4.0 (Version: 4.0 - Fellowes) Hidden
    MediaFACE 4.0 Image Library (HKLM\...\InstallShield_{494C271C-1528-4886-A78C-BFB3C823A37B}) (Version: 4.0 - Fellowes)
    MediaFACE 4.0 Image Library (Version: 4.0 - Fellowes) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Encarta Encyclopedia Standard 2003 (HKLM\...\{03410014-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Publisher 2007 Trial (HKLM\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
    Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
    Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}) (Version: 3.1.3.0 - Apple Inc.)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
    muvee Plugin 1.0 (HKLM\...\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}) (Version: 1.01.100 - muvee Technologies)
    netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Octoshape Streaming Services (HKU\S-1-5-21-682003330-179605362-725345543-1003\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
    OfotoXMI (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
    QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version:  - )
    RealArcade (HKLM\...\RealArcade) (Version:  - )
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    SanDisk TransferMate (HKLM\...\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}) (Version:  - SanDisk)
    SecurDisc Viewer (HKLM\...\{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}) (Version: 7.02.8511 - Nero AG)
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
    SFR2 (Version: 3.03.0000.0002 - EASTMAN KODAK Company) Hidden
    SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    skin0001 (Version: 7.01.0000.0003 - EASTMAN KODAK Company) Hidden
    SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.80 - Sonic Solutions)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.7000 - Analog Devices)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    staticcr (Version: 7.01.0000.0005 - EASTMAN KODAK Company) Hidden
    System Requirements Lab (HKLM\...\{1E99F5D7-4262-4C7C-9135-F066E7485811}) (Version: 4.1.14.0 - Husdawg, LLC)
    TES Construction Set (HKLM\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
    tooltips (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Träningsdagboken - Interbase (HKLM\...\InterBase) (Version:  - )
    Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Vipre (Version: 6.1.5496 - Vipre) Hidden
    VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    WIRELESS (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
    XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-682003330-179605362-725345543-1003_Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\InprocServer32 -> C:\Program Files\SystemRequirementsLab\sysreqlabdetect.dll (Husdawg, LLC)
    CustomCLSID: HKU\S-1-5-21-682003330-179605362-725345543-1003_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\sua-1312180-0-apoctoshape.dll (Octoshape ApS)
    CustomCLSID: HKU\S-1-5-21-682003330-179605362-725345543-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

    ==================== Restore Points  =========================

    13-10-2014 22:48:20 System Checkpoint
    14-10-2014 23:22:30 System Checkpoint
    15-10-2014 23:53:04 System Checkpoint
    17-10-2014 00:53:04 System Checkpoint
    18-10-2014 01:53:04 System Checkpoint
    19-10-2014 02:53:05 System Checkpoint
    20-10-2014 02:53:17 System Checkpoint
    21-10-2014 03:53:17 System Checkpoint
    22-10-2014 05:05:22 System Checkpoint
    23-10-2014 05:53:17 System Checkpoint
    24-10-2014 06:54:23 System Checkpoint
    25-10-2014 07:53:17 System Checkpoint
    26-10-2014 08:53:18 System Checkpoint
    27-10-2014 08:53:31 System Checkpoint
    28-10-2014 09:53:31 System Checkpoint
    29-10-2014 10:53:30 System Checkpoint
    30-10-2014 11:53:30 System Checkpoint
    31-10-2014 12:53:31 System Checkpoint
    01-11-2014 13:53:31 System Checkpoint
    02-11-2014 13:10:29 Removed Sonic RecordNow!
    02-11-2014 13:11:16 Removed Rhapsody Player Engine
    02-11-2014 13:12:41 Removed URGE
    02-11-2014 13:14:56 Removed Logitech Vid.
    02-11-2014 13:18:03 Removed PRODUCT_NAME
    02-11-2014 13:25:20 Configured Broadcom Advanced Control Suite
    02-11-2014 13:29:15 Removed Bonjour
    02-11-2014 13:30:19 Configured RemoteCapture Task 1.1
    02-11-2014 13:36:49 Removed Jasc Paint Shop Photo Album
    02-11-2014 13:38:41 Removed Jasc Paint Shop Pro 8 Dell Edition
    02-11-2014 13:41:28 Removed Microsoft Streets and Trips 2002
    02-11-2014 13:44:15 Configured ubCore
    11-01-2015 18:05:11 ComboFix created restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2003-07-16 09:23 - 2015-01-11 18:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
    2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
    2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 ____C () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
    2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
    2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-12-08 20:55 - 2014-12-08 20:56 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbaphd => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifs => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifsl => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbhips => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbaphd => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifs => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifsl => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbhips => ""=""

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-682003330-179605362-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.JIM
    ASPNET (S-1-5-21-682003330-179605362-725345543-1008 - Limited - Enabled)
    Daddy (S-1-5-21-682003330-179605362-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Daddy.JIM
    Guest (S-1-5-21-682003330-179605362-725345543-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-682003330-179605362-725345543-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-682003330-179605362-725345543-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/01/2099 11:05:47 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 11:05:26 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 11:05:11 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (07/01/2099 11:04:56 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The specified server cannot perform the requested operation.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The specified server cannot perform the requested operation.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/01/2099 09:38:08 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (07/01/2099 09:37:53 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


    System errors:
    =============
    Error: (08/04/2009 02:31:40 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:40 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:39 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:39 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:39 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:38 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:38 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:37 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:37 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0

    Error: (08/04/2009 02:31:37 PM) (Source: 0) (EventID: 11) (User: )
    Description: \Device\CdRom0


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor:  Intel® Pentium® 4 CPU 2.80GHz
    Percentage of memory in use: 56%
    Total physical RAM: 2045.98 MB
    Available physical RAM: 895.13 MB
    Total Pagefile: 2664.24 MB
    Available Pagefile: 1656.47 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1935.65 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.47 GB) (Free:15.09 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive f: (STORE N GO) (Removable) (Total:3.73 GB) (Free:0.73 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E)
    Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
    Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 3.7 GB) (Disk ID: 6F20736B)
    No partition Table on disk 1.
    Disk 1 is a removable device.

    ==================== End Of Log ============================

    .

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2015 01
    Ran by Daddy (administrator) on JIM on 11-01-2015 22:27:45
    Running from C:\Documents and Settings\Daddy.JIM\Desktop
    Loaded Profile: Daddy (Available profiles: Daddy & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    (Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (AOL LLC) C:\Program Files\Common Files\aol\ACS\AOLacsd.exe
    () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    (Inprise Corporation) C:\Program Files\Borland\InterBase\bin\ibguard.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (GFI Software) C:\Program Files\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\tcpsvcs.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\snmp.exe
    (America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mqsvc.exe
    (CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
    (A4Tech Co.,Ltd.) C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    (Sonic Solutions) C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
    (Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Intel Corporation) C:\WINDOWS\SYSTEM32\igfxtray.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1102552839\EE\aolsoftware.exe
    (SEIKO EPSON CORPORATION) C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIABA.EXE
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mqtgsvc.exe
    (Logitech Inc.) C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    (Inprise Corporation) C:\Program Files\Borland\InterBase\bin\ibserver.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mmc.exe
    (Microsoft Corp. and Executive Software International, Inc.) C:\WINDOWS\SYSTEM32\dfrgntfs.exe
    (Microsoft Corp. and Executive Software International, Inc.) C:\WINDOWS\SYSTEM32\dfrgfat.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Farbar) C:\Documents and Settings\Daddy.JIM\Desktop\FRST(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Media Connect 2] => C:\Program Files\Windows Media Connect 2\WMCCFG.exe [8704 2009-02-02] (Microsoft Corporation)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [204800 2003-08-26] (CyberLink Corp.)
    HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
    HKLM\...\Run: [MediaFace Integration] => C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2002-12-17] (Fellowes, Inc.)
    HKLM\...\Run: [iKeyWorks] => C:\Program Files\A4Tech\Keyboard\Ikeymain.exe [61440 2004-08-31] (A4Tech Co.,Ltd.)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
    HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-06] (Sonic Solutions)
    HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
    HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-07-10] (ArcSoft Inc.)
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-05-16] (Logitech Inc.)
    HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1102552839\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [931200 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [EPSON Stylus C88 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-682003330-179605362-725345543-1003\...\Run: [Octoshape Streaming Services] => C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
    HKU\S-1-5-21-682003330-179605362-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
    HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {9001ECE5-27F9-7260-292B-CF945347FC97} URL = http://www.bing.com/...eferrer:source}
    SearchScopes: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> {B0A842D6-107B-4A3A-A897-C21914522460} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-682003330-179605362-725345543-1003 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab
    DPF: {94B82441-A413-4E43-8422-D49930E69764} https://echat.us.del...t/TLIEFlash.CAB
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,21/mcgdmgr.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driverage...driveragent.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @soe.sony.com/installer,version=1.0.3 -> C:\WINDOWS\Downloaded Program Files\npsoe.dll No File
    FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-682003330-179605362-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Daddy.JIM\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-682003330-179605362-725345543-1003: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Documents and Settings\Daddy.JIM\Application Data\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMGWRAP.DLL (Network Associates Inc)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Daddy.JIM\Application Data\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
    FF Extension: Ancestry.com Advanced Image Viewer - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\support@ancestry.com [2010-01-27]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
    FF Extension: AddThis - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-08-28]
    FF Extension: ShopToWin9 - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{46d606b0-a645-11df-981c-0800200c9a66} [2012-11-20]
    FF Extension: AOL Toolbar - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2015-01-09]
    FF Extension: DownloadHelper - C:\Documents and Settings\Daddy.JIM\Application Data\Mozilla\Firefox\Profiles\m1ijzg0m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-04]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-02]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation) [File not signed]
    R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
    S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
    U3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
    S3 cisvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
    S2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    S2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
    R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
    S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
    R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
    S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    S2 Fax; C:\WINDOWS\system32\fxssvc.exe [267776 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 InterBaseGuardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [22016 2004-11-05] (Inprise Corporation) [File not signed]
    R3 InterBaseServer; C:\Program Files\Borland\InterBase\bin\ibserver.exe [1701888 2004-11-05] (Inprise Corporation) [File not signed]
    S3 KodakCCS; C:\WINDOWS\system32\drivers\KodakCCS.exe [322104 2004-05-24] (Eastman Kodak Company) [File not signed]
    S2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-26] (Microsoft Corporation) [File not signed]
    S2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-09] (Microsoft Corporation) [File not signed]
    R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-04-07] (Lexmark International, Inc.) [File not signed]
    R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 LPDSVC; C:\WINDOWS\System32\tcpsvcs.exe [19456 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
    R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel® Corporation) [File not signed]
    R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
    R3 NtLmSsp; C:\WINDOWS\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 p2pimsvc; C:\WINDOWS\system32\p2psvc.dll [554496 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [554496 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
    S3 PNRPSvc; C:\WINDOWS\system32\p2psvc.dll [554496 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 RpcLocator; C:\WINDOWS\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
    S3 RSVP; C:\WINDOWS\System32\rsvp.exe [132608 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 SBAMSvc; C:\Program Files\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
    S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
    U2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    R2 SimpTcp; C:\WINDOWS\System32\tcpsvcs.exe [19456 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 SNMP; C:\WINDOWS\System32\snmp.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [8704 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
    R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
    S3 TlntSvr; C:\WINDOWS\System32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation) [File not signed]
    S2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
    R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed]
    S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
    S3 WmiApSrv; C:\WINDOWS\System32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2009-01-30] (Microsoft Corporation) [File not signed]
    U2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-26] (Microsoft Corporation) [File not signed]
    U2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
    S2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{7494A3C3-C230-4419-B814-9872918D1B9A}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
    S3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 Avc; C:\WINDOWS\System32\DRIVERS\avc.sys [38912 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) [File not signed]
    R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys [4272 2003-08-28] () [File not signed]
    S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
    S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2003-07-16] (Microsoft Corporation) [File not signed]
    R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-05-02] (Microsoft Corporation) [File not signed]
    R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    R0 dmio; C:\WINDOWS\System32\DRIVERS\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
    R0 dmload; C:\WINDOWS\system32\Drivers\dmload.sys [5888 2003-07-16] (Microsoft Corp., Veritas Software.) [File not signed]
    S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
    R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
    R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
    U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2003-07-16] (Microsoft Corporation) [File not signed]
    R2 GenPort; C:\WINDOWS\system32\Drivers\GenPort.sys [4832 1997-09-24] (3Dfx Interactive, Inc.) [File not signed]
    S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
    S1 I8042PRT; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [807804 2006-05-25] (Intel Corporation) [File not signed]
    R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 itchfltr; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [12953 2004-03-10] (Logitech, Inc.) [File not signed]
    R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
    S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [53869 2003-05-16] (Logitech, Inc.) [File not signed]
    R3 LCcfltr; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [14095 2004-03-03] (Logitech, Inc.) [File not signed]
    R3 LHidFlt2; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [25213 2003-05-16] (Logitech, Inc.) [File not signed]
    R3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37887 2004-03-03] (Logitech, Inc.) [File not signed]
    R3 LMouFlt2; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [72893 2003-05-16] (Logitech, Inc.) [File not signed]
    R2 MapMem; C:\WINDOWS\system32\Drivers\MapMem.sys [6816 1997-09-24] (3Dfx Interactive, Inc.) [File not signed]
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-11] (Malwarebytes Corporation)
    R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2003-07-16] (Microsoft Corporation) [File not signed]
    R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MODEMCSA; C:\WINDOWS\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 motccgp; C:\WINDOWS\System32\DRIVERS\motccgp.sys [18688 2008-08-21] (Motorola) [File not signed]
    S3 motccgpfl; C:\WINDOWS\System32\DRIVERS\motccgpfl.sys [8320 2008-08-21] (Motorola) [File not signed]
    S3 motmodem; C:\WINDOWS\System32\DRIVERS\motmodem.sys [23680 2007-06-18] (Motorola) [File not signed]
    S3 motport; C:\WINDOWS\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola) [File not signed]
    R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    R1 MpKsl21749650; c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A02CE056-7D82-46F3-B1E3-D8A8262D1B5E}\MpKsl21749650.sys [39464 2015-01-11] (Microsoft Corporation)
    R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
    S3 MSDV; C:\WINDOWS\System32\DRIVERS\msdv.sys [51200 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
    S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
    R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation) [File not signed]
    R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
    R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 NTRemap; C:\WINDOWS\system32\Drivers\NTRemap.sys [6336 1997-09-24] (3Dfx Interactive, Inc.) [File not signed]
    R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
    R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2003-07-16] (Microsoft Corporation) [File not signed]
    R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
    S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
    S1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2003-07-16] (Parallel Technologies, Inc.) [File not signed]
    R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2003-07-16] (Microsoft Corporation) [File not signed]
    R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2003-07-16] (Microsoft Corporation) [File not signed]
    R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2003-07-16] (Microsoft Corporation) [File not signed]
    R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]
    R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 RMCAST; C:\WINDOWS\system32\drivers\RMCast.sys [203136 2008-05-08] (Microsoft Corporation) [File not signed]
    S3 RT25USBAP; C:\WINDOWS\System32\DRIVERS\rt25usbap.sys [162816 2006-04-09] (Ralink Technology Inc.) [File not signed]
    R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software)
    R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software)
    R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software)
    S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
    R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
    S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
    R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software)
    R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
    R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) [File not signed]
    R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
    S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [52384 2004-03-25] (MCCI) [File not signed]
    S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [84512 2004-03-25] (MCCI) [File not signed]
    S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [260224 2005-03-22] (Analog Devices, Inc.) [File not signed]
    S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
    R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
    R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
    R3 StillCam; C:\WINDOWS\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation) [File not signed]
    S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
    R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]
    S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
    R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
    R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
    R3 tunmp; C:\WINDOWS\System32\DRIVERS\tunmp.sys [12288 2008-04-13] (Microsoft Corporation) [File not signed]
    S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60032 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [121984 2008-04-13] (Microsoft Corporation) [File not signed]
    R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
    R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) [File not signed]
    R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation) [File not signed]
    R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2003-07-16] (Microsoft Corporation) [File not signed]
    S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
    R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
    S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) [File not signed]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) [File not signed]
    S3 aeaudio; system32\drivers\aeaudio.sys [X]
    R3 catchme; \??\C:\DOCUME~1\Daddy.JIM\LOCALS~1\Temp\catchme.sys [X]
    S3 DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys [X]
    S3 FilterService; system32\DRIVERS\lvuvcflt.sys [X]
    S4 IntelIde; No ImagePath
    S3 LVRS; system32\DRIVERS\lvrs.sys [X]
    S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
    S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
    S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
    U3 mbr; \??\C:\ComboFix\mbr.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-07-05 09:35 - 2099-07-05 09:35 - 00000544 ____C () C:\WINDOWS\untD6.pif
    2099-07-05 09:35 - 2099-07-05 09:35 - 00000272 ____C () C:\WINDOWS\untD6.bat
    2099-07-02 20:54 - 2011-05-03 01:27 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Local Settings\Application Data\Temp
    2015-01-11 22:27 - 2015-01-11 22:28 - 00051833 _____ () C:\Documents and Settings\Daddy.JIM\Desktop\FRST.txt
    2015-01-11 22:26 - 2015-01-11 22:27 - 01115648 _____ (Farbar) C:\Documents and Settings\Daddy.JIM\Desktop\FRST(1).exe
    2015-01-11 18:28 - 2015-01-11 18:28 - 00068720 ____C () C:\ComboFix.txt
    2015-01-11 18:28 - 2015-01-11 18:28 - 00000000 ___DC () C:\Documents and Settings\Administrator.JIM\Local Settings\temp
    2015-01-11 18:28 - 2015-01-11 18:28 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
    2015-01-11 18:28 - 2015-01-11 18:28 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\temp
    2015-01-11 18:28 - 2015-01-11 18:28 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
    2015-01-11 18:28 - 2015-01-11 18:28 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\temp
    2015-01-11 18:28 - 2015-01-11 18:28 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Local Settings\temp
    2015-01-11 17:59 - 2015-01-11 18:01 - 05609736 ____R (Swearware) C:\Documents and Settings\Daddy.JIM\Desktop\ComboFix.exe
    2015-01-11 14:07 - 2015-01-11 14:07 - 00000000 ____D () C:\WINDOWS\LastGood
    2015-01-10 23:27 - 2015-01-10 23:27 - 00001190 _____ () C:\WINDOWS\system32\ServiceConfig.xml
    2015-01-10 11:36 - 2015-01-11 22:27 - 00000000 ___DC () C:\FRST
    2015-01-10 10:35 - 2015-01-10 10:35 - 00007704 _____ () C:\WINDOWS\FaxSetup.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00006492 _____ () C:\WINDOWS\iis6.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00005772 _____ () C:\WINDOWS\ocgen.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00004590 _____ () C:\WINDOWS\tsoc.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00002576 _____ () C:\WINDOWS\msmqinst.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00002542 _____ () C:\WINDOWS\comsetup.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00001917 _____ () C:\WINDOWS\imsins.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00001836 _____ () C:\WINDOWS\ntdtcsetup.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00001592 _____ () C:\WINDOWS\netfxocm.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000479 _____ () C:\WINDOWS\msgsocm.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000425 _____ () C:\WINDOWS\ocmsn.log
    2015-01-10 10:35 - 2015-01-10 10:35 - 00000311 _____ () C:\WINDOWS\tabletoc.log
    2015-01-10 10:26 - 2015-01-10 12:20 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-01-10 01:02 - 2015-01-10 01:02 - 00000060 _____ () C:\WINDOWS\setupact.log
    2015-01-10 01:02 - 2015-01-10 01:02 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-01-10 00:59 - 2015-01-11 14:07 - 00033457 _____ () C:\WINDOWS\setupapi.log
    2015-01-09 10:51 - 2015-01-09 10:51 - 00016677 _____ () C:\Documents and Settings\Daddy.JIM\Desktop\JRT.txt
    2015-01-09 10:36 - 2015-01-09 10:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
    2015-01-09 10:36 - 2015-01-09 10:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
    2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-09 08:30 - 2015-01-11 20:23 - 00012125 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-09 08:14 - 2015-01-09 08:29 - 00000000 ___DC () C:\AdwCleaner
    2015-01-08 00:45 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
    2015-01-07 22:51 - 2015-01-11 12:51 - 00000450 _____ () C:\WINDOWS\Tasks\SparkTrust Update Version3 Startup Task.job
    2015-01-07 22:51 - 2015-01-07 22:51 - 00000997 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SparkTrust AntiVirus.lnk
    2015-01-07 22:51 - 2012-09-20 05:11 - 00222368 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbtis.sys
    2015-01-07 22:51 - 2012-09-20 05:11 - 00094496 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbhips.sys
    2015-01-07 22:51 - 2012-09-12 20:19 - 00066344 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbapifs.sys
    2015-01-07 22:51 - 2012-09-12 20:19 - 00022064 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbaphd.sys
    2015-01-07 22:50 - 2015-01-07 22:50 - 00000000 ____D () C:\WINDOWS\system32\Drivers\VDD
    2015-01-07 22:50 - 2012-09-20 05:11 - 00337184 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFw.sys
    2015-01-07 22:50 - 2012-09-12 20:19 - 00095488 _____ (GFI Software) C:\WINDOWS\system32\Drivers\SbFwIm.sys
    2015-01-07 20:55 - 2015-01-07 22:34 - 00000398 _____ () C:\WINDOWS\Tasks\SparkTrust Update Version3_triggeronce.job
    2015-01-07 20:55 - 2015-01-07 22:34 - 00000398 _____ () C:\WINDOWS\Tasks\SparkTrust Update Version3.job
    2015-01-07 20:55 - 2015-01-07 20:55 - 00001006 _____ () C:\Documents and Settings\Daddy.JIM\Desktop\SparkTrust PC Cleaner Plus.lnk
    2015-01-07 20:55 - 2015-01-07 20:55 - 00000392 _____ () C:\WINDOWS\Tasks\SparkTrust Registration3.job
    2015-01-07 20:54 - 2015-01-09 10:03 - 00000000 ____D () C:\Program Files\SparkTrust
    2015-01-07 20:54 - 2015-01-07 20:54 - 00000000 ____D () C:\Program Files\Common Files\SparkTrust
    2015-01-07 20:28 - 2015-01-07 20:28 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4E262469.sys
    2015-01-07 08:23 - 2015-01-11 20:31 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-07 08:14 - 2015-01-07 08:14 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-07 08:14 - 2015-01-07 08:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-07 08:14 - 2015-01-07 08:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-07 08:12 - 2015-01-07 08:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-07 08:12 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-01-07 08:12 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2099-07-07 02:26 - 2004-10-10 09:54 - 00000000 ____D () C:\Program Files\Maxis
    2099-07-05 09:36 - 2005-08-01 17:05 - 00000000 ____D () C:\Program Files\Yahoo!
    2099-07-05 09:28 - 2009-01-24 17:12 - 00000000 ___DC () C:\KA
    2099-07-05 09:26 - 2008-12-04 20:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Interactive
    2099-07-05 09:26 - 2008-12-04 20:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Interactive
    2099-07-04 02:34 - 2009-06-18 06:40 - 00000790 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Vid.lnk
    2099-07-04 02:07 - 2004-09-23 12:53 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\McAfee
    2015-01-11 22:29 - 2011-05-05 15:00 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Local Settings\Temp
    2015-01-11 22:16 - 2014-11-02 20:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-11 18:28 - 2014-11-02 14:43 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2015-01-11 18:28 - 2011-05-03 16:00 - 00000000 ___DC () C:\Qoobox
    2015-01-11 18:28 - 2004-08-31 16:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-11 18:19 - 2003-07-16 09:41 - 00000319 ____C () C:\WINDOWS\system.ini
    2015-01-11 18:18 - 2004-08-31 17:31 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM
    2015-01-11 18:06 - 2007-04-24 15:34 - 00000000 ___DC () C:\Documents and Settings\Daddy~JIM
    2015-01-11 18:06 - 2004-08-31 10:34 - 00000000 ___HD () C:\Documents and Settings\Default User.WINDOWS
    2015-01-11 18:06 - 2004-08-31 10:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS
    2015-01-11 14:07 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\SYSTEM
    2015-01-11 13:07 - 2006-05-08 16:40 - 00000200 _____ () C:\WINDOWS\AUDC70UI.dat
    2015-01-11 12:57 - 2004-08-31 17:00 - 00032410 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-11 12:55 - 2003-07-16 09:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-11 12:52 - 2004-08-31 10:39 - 00000300 _____ () C:\WINDOWS\wiadebug.log
    2015-01-11 12:52 - 2004-08-31 10:39 - 00000049 ____C () C:\WINDOWS\wiaservc.log
    2015-01-11 12:49 - 2004-08-31 17:31 - 00000178 ___SH () C:\Documents and Settings\Daddy.JIM\ntuser.ini
    2015-01-10 10:32 - 2003-12-01 11:45 - 00000000 ____D () C:\Program Files\Microsoft Picture It! 7
    2015-01-10 10:32 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\Help
    2015-01-10 10:31 - 2003-12-01 11:44 - 00000000 ____D () C:\Program Files\Microsoft Money
    2015-01-10 10:23 - 2007-07-29 15:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-10 01:27 - 2003-07-16 09:45 - 00000829 _____ () C:\WINDOWS\win.ini
    2015-01-09 08:34 - 2004-11-02 11:17 - 00000000 ___DC () C:\Documents and Settings\Administrator.JIM
    2015-01-08 15:09 - 2004-08-31 20:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\FaxTools
    2015-01-08 15:09 - 2004-08-31 20:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\FaxTools
    2015-01-07 22:29 - 2014-12-08 20:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-07 22:29 - 2009-04-05 21:29 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\BitTorrent
    2015-01-07 22:29 - 2008-09-13 20:35 - 00000000 ____D () C:\Program Files\QuickTime
    2015-01-07 22:29 - 2007-03-27 14:11 - 00000000 ____D () C:\Program Files\Apple Software Update
    2015-01-07 22:29 - 2007-02-16 16:25 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\IMVU
    2015-01-07 22:29 - 2007-02-12 01:04 - 00000000 ____D () C:\Program Files\LimeWire
    2015-01-07 22:29 - 2006-04-17 16:52 - 00000000 ____D () C:\Program Files\Common Files\EasyInfo
    2015-01-07 22:29 - 2004-08-29 20:26 - 00000000 ____D () C:\Program Files\FaxTools
    2015-01-07 22:29 - 2004-08-21 16:20 - 00000000 ____D () C:\Program Files\WebIQ
    2015-01-07 22:29 - 2004-02-01 23:22 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
    2015-01-07 22:29 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\SECURITY
    2015-01-07 22:29 - 2003-12-01 11:11 - 00000000 ____D () C:\WINDOWS\REPAIR
    2015-01-07 22:28 - 2004-08-31 21:33 - 00000000 __SHD () C:\Documents and Settings\Daddy.JIM\UserData
    2015-01-07 22:28 - 2004-08-31 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickTime
    2015-01-07 22:28 - 2004-08-31 21:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickTime
    2015-01-07 22:25 - 2014-07-09 11:42 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Start Menu\Programs\Capsule Utilities
    2015-01-06 12:19 - 2014-11-02 11:15 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Desktop\Old Firefox Data
    2015-01-04 17:19 - 2011-05-03 09:36 - 00000000 ____D () C:\Documents and Settings\Daddy.JIM\Application Data\Malwarebytes
    2015-01-04 17:19 - 2011-05-03 09:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2015-01-04 17:19 - 2011-05-03 09:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2014-12-27 23:12 - 2014-08-15 12:28 - 00041472 ___SH () C:\Documents and Settings\Daddy.JIM\Desktop\Thumbs.db
    2014-12-14 01:14 - 2012-04-12 21:29 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-14 01:14 - 2011-09-19 04:32 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-13 20:58 - 2012-04-24 20:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

    Files to move or delete:
    ====================
    C:\Documents and Settings\Daddy.JIM\gotomypc_437.exe
    C:\Documents and Settings\Daddy.JIM\gotomypc_533.exe
    C:\Documents and Settings\Daddy.JIM\gotomypc_540.exe
    C:\Documents and Settings\Daddy.JIM\gotomypc_626.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================



    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 12 January 2015 - 06:34 AM

    See if you can uninstall these via Programs and Features in the Control Panel

     

    Octoshape Streaming Services
    SparkTrust 
    gotomypc
     
     
    The entries for ZeroAccess are gone, must have been a false positive or CF removed them


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 jabrooksy

    jabrooksy

      Authentic Member

    • Authentic Member
    • PipPip
    • 58 posts

    Posted 12 January 2015 - 06:47 AM

    Octoshape Streaming services I could.  The others I couldn't.  Gotomypc is something I use on this computer but only to connect to my computer at work.  Sparktrust is something I downloaded just a day before posting in this forum.  It was featured on your site.  I resorted to it when I couldn't get MalwareBytes to run.  I do notice your scans have disabled it.  I guess downloading it was a no no.  There is still a file for it when I look on the Program Files section under C:\Program Files.  Also disabled icons are still on my desktop..................JB


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users