Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

repeated Blue Screen after booting; infection? [Solved]


  • This topic is locked This topic is locked
6 replies to this topic

#1 dave e

dave e

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 08 November 2013 - 03:49 PM

Dell Dimension E510 desktop.

I dont know if I have malware, or software/hardware issues.

Got a Fatal Error message blue screen. Now every time I boot up, after a minute or two, the PC stalls and I get the Blue Screen "Detected an error and is shutting down." Tried a "restore" in safe mode but PC still stalled and got the bsod. Cant access USB ports.

I managed to download Rkill to see if I could run the diagnostics for Malware. I dont think it found anything unusual BUT the PC ran for about 30 minutes. I was hoping this meant rKill was stopping malware, but then I got the "Fatal Error" blue screen like the first time (which is different from the repeated "Detected an error and shut down" blue screen). Anyway, I ran the tests. I'm posting the (unrequested) rkill log first.

The DDS program said to zip it's two logs, so I'm attaching the zip file.

Attached File  DDS.zip   9.56KB   71 downloads

 

===================================================================

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 11/08/2013 03:41:18 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : cbeebeb899e31ef52b962cb31fc8ca5c [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys : 360,576 : 04/20/2006 07:18 AM : b2220c618b42a2212a59d91ebd6fc4b4 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys : 360,832 : 10/30/2007 11:53 AM : 64798ecfa43d78c7178375fcdd16d8c8 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys : 360,960 : 06/20/2008 05:44 AM : 744e57c99232201ae98c49168b918f48 [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
 +-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 360,320 : 06/20/2008 05:45 AM : 2a5554fc5b1e04e131230e3ce035c3f9 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/13/2008 02:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/08/2013 03:44:37 PM
Execution time: 0 hours(s), 3 minute(s), and 18 seconds(s)
 

===========================================================================

OTL LOG

OTL logfile created on: 11/8/2013 4:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.07 Mb Total Physical Memory | 330.49 Mb Available Physical Memory | 64.79% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 4.74 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
 
Computer Name: DGL5F091 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Dave\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\SpywareGuard\spywareguard.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (tfsnifs) -- system32\dla\tfsnifs.sys File not found
DRV - (SASKUTIL) -- C:\DOCUME~1\Dave\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- C:\DOCUME~1\Dave\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (CrystalSysInfo) -- C:\Program Files\AudioCoder\SysInfo.sys File not found
DRV - (Changer) --  File not found
DRV - (MpKsl0a2309af) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ABBBFF9-EDF9-4A95-A4DA-545CC5B1355F}\MpKsl0a2309af.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (tapoas) -- C:\WINDOWS\system32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (WsAudio_DeviceS(5) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\wibukey.sys (WIBU-SYSTEMS AG)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (KBCAM) -- C:\WINDOWS\system32\drivers\KBCAM.sys (LCS/Telegraphics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {06632A5B-C6F4-45B7-A6C8-3862862CB56E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{06632A5B-C6F4-45B7-A6C8-3862862CB56E}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-00123FB46BCA}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {06632A5B-C6F4-45B7-A6C8-3862862CB56E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{06632A5B-C6F4-45B7-A6C8-3862862CB56E}: "URL" = http://www.google.co...1I7MXGB_enUS545
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DF-44A140054090
IE - HKCU\..\SearchScopes\{4747BCA0-1B7F-4416-8789-6ED2713BDD43}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-00123FB46BCA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519_yserp3tst"
FF - prefs.js..browser.search.selectedEngineInDialog: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: %7B3474c305-9dad-11d8-9207-00055d74c2e4%7D:0.4.11
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.0.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {b5fb4c8d-8220-4a63-8e0f-708cdd0f4c3d}:3.3.0.19
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files\Java\jre1.6.0_22\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/14 08:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ff [2011/02/26 14:45:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/25 17:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/12 10:40:01 | 000,000,000 | ---D | M]
 
[2010/06/19 23:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2010/06/19 23:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\MediaCoder
[2010/06/19 23:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2013/11/01 09:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions
[2012/02/13 16:33:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/13 16:33:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2013/11/01 09:07:22 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/27 07:48:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/12 12:04:15 | 000,003,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2013/06/06 11:44:53 | 000,031,960 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}.xpi
[2011/12/12 12:07:23 | 000,031,899 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi
[2013/10/09 18:18:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/06 08:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 08:14:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/05 08:16:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/10 09:13:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/09/25 17:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/25 17:03:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/26 14:45:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE1.6.0_22\LIB\DEPLOY\JQS\FF
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/02/26 13:09:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Epson scanner Registration.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190818361731 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9324B3D8-E5C4-41D6-BDA3-9974DB603E2F}: NameServer = 192.168.1.1,192.168.1.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.444p - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.MP42 - mpg4c32.dll File not found
Drivers32: VIDC.MPG4 - mpg4c32.dll File not found
Drivers32: vidc.mpng - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: vidc.mvjp - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: VIDC.ULRA - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULRG - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULY0 - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULY2 - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.VIFP - C:\WINDOWS\System32\VFCodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/08 15:37:53 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/11/08 12:57:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:55:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 12:34:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/11/04 09:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
[2013/11/04 09:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2013/11/04 09:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/11/04 09:04:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/11/04 09:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/11/04 09:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/11/04 09:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/26 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\rage pics
[2013/10/15 11:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\ABBYY
[2013/10/15 10:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/10/15 09:43:57 | 000,000,000 | ---D | C] -- C:\abbyy
[2013/10/14 12:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SomePDF
[2013/10/14 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SomePDF
[2013/10/14 12:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\SomePDF
[2008/08/02 18:48:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dave\Application Data\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/08 16:15:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/11/08 16:08:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/11/08 15:48:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/08 15:42:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3372268520-2825707008-1307184964-1005.job
[2013/11/08 15:40:50 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 15:34:50 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/11/08 12:57:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:56:49 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2013/11/08 12:55:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 12:52:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3372268520-2825707008-1307184964-1005.job
[2013/11/08 12:43:23 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbamgui.exe.lnk
[2013/11/08 12:43:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbam.exe.lnk
[2013/11/08 12:41:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/11/06 18:18:35 | 026,201,644 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.wav
[2013/11/06 18:17:30 | 006,208,354 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.mp3
[2013/11/06 18:01:47 | 007,823,816 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\72 .mp3
[2013/11/06 17:48:13 | 033,958,444 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\72.wav
[2013/11/04 17:11:15 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/11/04 17:11:09 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/04 17:09:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/11/04 17:09:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/11/04 09:28:10 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MPC-HC.lnk
[2013/11/04 09:00:20 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Temporary Internet Files.lnk
[2013/11/03 07:26:31 | 000,443,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/03 07:26:31 | 000,072,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/24 09:13:04 | 000,330,255 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\cbs_years.pdf
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavSR.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavSL.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavLFE.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavFR.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavFL.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavC.wav
[2013/10/15 20:38:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/10/15 07:14:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/15 07:14:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/10 07:04:09 | 000,280,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/10 03:50:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
========== Files Created - No Company Name ==========
 
[2013/11/08 12:56:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2013/11/08 12:43:23 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbamgui.exe.lnk
[2013/11/08 12:43:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbam.exe.lnk
[2013/11/08 10:41:32 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/06 18:17:44 | 026,201,644 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.wav
[2013/11/06 18:17:22 | 006,208,354 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.mp3
[2013/11/06 18:01:01 | 007,823,816 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\72 .mp3
[2013/11/06 17:47:11 | 033,958,444 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\72.wav
[2013/11/04 17:09:14 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/11/04 17:09:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2013/11/04 09:28:10 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MPC-HC.lnk
[2013/11/04 08:59:05 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Temporary Internet Files.lnk
[2013/10/24 09:13:10 | 000,330,255 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\cbs_years.pdf
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavSR.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavSL.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavLFE.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavFR.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavFL.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavC.wav
[2013/06/08 15:17:14 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2013/06/02 11:41:48 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2013/05/24 15:28:46 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2013/05/24 15:22:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2013/05/24 15:04:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\emcore.INI
[2013/05/24 11:49:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2013/02/15 10:52:29 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejoaa.ini
[2013/02/11 16:33:10 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejokg.ini
[2012/10/22 08:43:28 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejole.ini
[2012/10/22 08:40:22 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejoeh.ini
[2012/06/21 12:00:08 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin
[2012/05/02 18:28:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/05/02 10:21:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/05/02 10:21:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/05/02 10:21:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/05/02 10:21:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/05/02 10:21:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/05/02 10:21:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/05/02 10:21:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/05/02 10:21:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/05/02 10:21:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/05/02 10:21:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/05/02 10:21:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/05/02 10:21:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/05/02 10:21:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/05/02 10:21:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/05/02 10:21:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/05/02 10:21:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/05/02 10:20:47 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin
[2012/05/02 10:20:02 | 000,000,060 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2012/03/08 08:27:27 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejohb.ini
[2012/03/08 08:27:27 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejobg.ini
[2012/02/15 07:50:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/11 18:53:07 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2011/08/05 14:33:37 | 000,002,177 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/12/08 18:49:31 | 000,002,631 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\dvdae.config
[2010/07/09 18:57:33 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\AutoGK.ini
[2009/12/04 20:56:10 | 017,563,648 | ---- | C] () -- C:\Documents and Settings\Dave\ntuser.bak
[2009/10/29 16:24:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\prvlcl.dat
[2008/08/06 22:13:21 | 000,000,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/08/02 18:48:15 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\pcouffin.cat
[2008/08/02 18:48:15 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\pcouffin.inf
[2008/07/20 09:06:42 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Dave\Eudora.lnk
[2007/10/25 18:27:04 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\FixVTS.ini
[2007/10/09 08:45:41 | 000,001,345 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\DVDSubEdit.ini
[2007/09/28 11:14:32 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Dave\default.pls
[2007/09/26 20:20:39 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 00:04:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PFP120JPR.{PB
[2007/09/26 00:04:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PFP120JCM.{PB
[2007/09/25 23:59:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/10/26 09:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/12/04 21:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/08 10:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/10/26 09:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/05/02 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/06/08 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/06/20 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2007/09/26 09:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/10/13 11:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitachi GST
[2012/02/19 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/01/23 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/06/09 16:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/01/13 11:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/04 09:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2013/06/08 19:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro
[2011/03/03 11:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/07/05 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/08/06 22:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/05/15 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/01/28 16:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/01/16 19:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SurfAnonymousFree
[2013/08/27 17:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/12/14 20:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/11 17:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Arts
[2009/11/07 13:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/21 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\.BitTornado
[2010/09/04 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AnvSoft
[2009/01/11 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Any Video Converter
[2013/10/18 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Audacity
[2009/12/25 13:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Auslogics
[2011/03/03 01:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVG
[2012/02/13 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\avidemux
[2010/01/22 20:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVSEdit
[2013/11/04 05:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Azureus
[2013/05/24 15:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\BITS
[2012/07/02 18:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Broad Intelligence
[2009/07/19 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canneverbe_Limited
[2013/08/14 19:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2011/05/26 09:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/28 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CUE Tools
[2012/03/30 19:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CUERipper
[2013/05/24 11:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DonationCoder
[2013/06/08 19:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Downloaded Installations
[2012/10/29 13:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\dvdae
[2010/09/09 19:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDFab
[2010/01/18 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDforger
[2011/10/07 11:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EAC
[2013/09/18 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2012/05/02 10:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EPSON
[2013/06/08 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileOpen
[2013/05/24 15:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FlashgetSetup
[2013/05/24 19:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FLV Extract
[2013/11/07 10:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\foobar2000
[2012/07/19 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Full
[2010/08/17 18:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GeoVid
[2008/07/20 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Get Mail
[2013/06/08 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gimagereader
[2009/10/12 11:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GrabPro
[2012/07/18 23:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2011/10/13 20:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Hitachigst
[2011/10/25 16:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IObit
[2008/01/23 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iolo
[2012/07/29 13:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iZotope
[2012/01/16 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\JonDo
[2007/09/26 00:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2007/09/30 19:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\LEAPS
[2010/02/06 13:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Meda MP3 Joiner 1.2
[2008/09/10 18:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MenuShrink
[2010/06/19 21:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\mkvtoolnix
[2010/12/11 14:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MPEG Streamclip
[2012/12/24 16:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MSNInstaller
[2013/06/09 07:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nitro
[2013/06/09 12:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nitro PDF
[2012/03/12 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nullsoft
[2009/11/26 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\OpenOffice.org
[2011/01/25 17:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Orbit
[2011/03/03 11:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PCDr
[2011/03/25 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Pegasys Inc
[2012/06/05 22:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PgcEdit
[2012/05/15 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Publish Providers
[2008/07/20 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Qualcomm
[2010/11/08 11:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\R-TT
[2009/02/26 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\RipIt4Me
[2013/07/09 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Shareaza
[2007/09/27 11:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Snapfish
[2010/11/21 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Softplicity
[2013/10/14 12:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SomePDF
[2012/05/15 14:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sony
[2013/08/27 17:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SpiritON TV Software
[2013/07/07 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Subtitle Edit
[2013/10/04 20:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SuperNZB
[2012/01/16 23:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2013/10/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\VideoReDoPlus
[2011/03/15 11:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vso
[2011/11/10 17:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves
[2011/11/10 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Audio
[2011/11/10 17:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Preferences
[2012/12/09 14:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Winff
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EX_  >
[2004/08/10 06:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: EXPLORER.SC_  >
[2004/08/10 06:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_
 
< MD5 for: EXPLORER.SCF  >
[2004/08/10 06:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
 
< MD5 for: IEXPLORE.CHM  >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/10 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\i386\iexplore.chm
[2004/08/10 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006/09/01 08:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm
 
< MD5 for: IEXPLORE.CHW  >
[2010/06/18 18:12:02 | 000,153,185 | ---- | M] () MD5=2AABFEA7AC3B4740AF948B65F26E295D -- C:\WINDOWS\Help\iexplore.chw
 
< MD5 for: IEXPLORE.EX_  >
[2004/08/10 06:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\i386\IEXPLORE.EX_
 
< MD5 for: IEXPLORE.EXE  >
[2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008/10/15 01:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2009/04/25 00:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=092A7F2B49A19ECCE5369D3CB2276148 -- C:\WINDOWS\ie8\iexplore.exe
[2008/12/19 00:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/04/22 03:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008/08/23 00:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008/04/22 02:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007/12/06 06:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2008/02/29 03:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2007/08/17 05:21:21 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3AC2BC667DA0AF2C968E96E1630F5AB5 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2007/08/17 05:12:49 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=5577D0E3AC2F9F035ACD81B44AF5F511 -- C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007/10/10 03:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2008/06/23 04:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008/02/22 04:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2007/12/06 03:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2008/10/15 02:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009/02/27 23:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie7updates\KB969897-IE7\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009/02/27 23:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2009/04/25 00:27:39 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=C0503FD8D163652735C1EE900672A75C -- C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[2008/06/23 03:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
[2004/08/10 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008/08/23 00:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007/10/10 05:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.LNK  >
[2012/03/07 12:34:17 | 000,000,755 | ---- | M] () MD5=D3326A4E6C3B61B1E5EB71B61CE1E6F0 -- C:\Documents and Settings\Dave\Desktop\iexplore.exe.lnk
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007/08/13 18:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-2D97EBE6.PF  >
[2013/11/04 19:14:45 | 000,108,400 | ---- | M] () MD5=B973D2307B23E8DA859FAC080D1C4A31 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
 
< MD5 for: IEXPLORE.HLP  >
[2004/08/10 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\i386\iexplore.hlp
[2004/08/10 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
 
< MD5 for: SERVICES  >
[2004/08/10 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/10 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.CFG  >
[2013/09/03 08:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.CNF  >
[2008/09/05 20:59:25 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Dave\My Documents\My Webs\_vti_pvt\services.cnf
[2008/09/05 20:59:25 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\HelpAssistant.DGL5F091\My Documents\My Webs\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.CSS  >
[2010/08/31 17:40:56 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
 
< MD5 for: SERVICES.HTML  >
[2012/01/16 20:58:21 | 000,005,382 | ---- | M] () MD5=0B96A6345A16630AB1529FC34C6E6909 -- C:\Documents and Settings\Dave\Application Data\JonDo\help\de\help\services.html
[2012/01/16 20:58:12 | 000,003,131 | ---- | M] () MD5=52C196C547A80D6DFD034BBE436E4AA3 -- C:\Documents and Settings\Dave\Application Data\JonDo\help\en\help\services.html
 
< MD5 for: SERVICES.INI  >
[2010/08/31 17:40:56 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
 
< MD5 for: SERVICES.LNK  >
[2007/09/26 00:09:13 | 000,001,602 | ---- | M] () MD5=D44CE93DBF970329AF5C5B44556FC28B -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2004/08/10 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/10 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.PNG  >
[2010/11/17 19:36:00 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
 
< MD5 for: SERVICES.RDB  >
[2009/08/19 09:24:20 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2009/08/19 09:23:28 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
 
< MD5 for: SERVICES.SBS  >
[2007/09/25 06:30:12 | 000,040,039 | ---- | M] () MD5=EEDDBF903B1D53F941A446945784DCB4 -- C:\Software\Spyware\Spybot14 stuff October\Includes\Services.sbs
 
< MD5 for: WINLOGON.EXE  >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %SYSTEMDRIVE%\*.* >
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/25 16:57:05 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/12/14 20:33:22 | 000,006,049 | R--- | M] () -- C:\dell.sdr
[2008/10/16 19:39:48 | 000,001,446 | ---- | M] () -- C:\devicetable.log
[2010/03/26 05:43:03 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/11/08 10:39:50 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2013/11/08 15:40:50 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/26 10:54:51 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/01/27 12:02:36 | 000,000,052 | ---- | M] () -- C:\info.txt
[2008/06/07 19:12:24 | 000,000,121 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2005/12/14 20:55:19 | 000,000,839 | ---- | M] () -- C:\IPH.PH
[2009/04/26 09:00:08 | 000,006,543 | ---- | M] () -- C:\JavaRa.log
[2008/05/10 14:30:00 | 005,071,488 | ---- | M] () -- C:\JC3REVD_Revised_3.0_Program.exe
[2008/05/10 12:14:28 | 003,754,234 | ---- | M] () -- C:\JCAM3FUD_3.0_Driver_for_XP.zip
[2010/05/15 08:18:44 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2012/10/12 17:46:11 | 000,000,128 | ---- | M] () -- C:\muxman.log
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/20 14:22:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/11/08 15:40:48 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2005/12/14 20:55:28 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/02/04 12:23:39 | 000,039,432 | ---- | M] () -- C:\xlogo-debug.txt
 
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2005/08/16 05:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/05/12 14:02:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2004/05/12 14:52:24 | 000,417,792 | ---- | M] () -- C:\WINDOWS\Nero PhotoShow.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Local Disk
 Volume Serial Number is D44D-A563
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/10/2013  03:55 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/10/2013  03:55 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)   5,036,982,272 bytes free
 
< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
 
< %USERPROFILE%\Desktop\*.exe >
[2013/09/11 10:59:01 | 022,308,174 | ---- | M] (Audacity Team                                               ) -- C:\Documents and Settings\Dave\Desktop\audacity-win-2.0.4.exe
[2013/07/08 10:08:03 | 000,584,600 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\cbsidlm-tr1_13-Torenkey-SEO-10812780.exe
[2013/11/08 12:57:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:55:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 15:34:50 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/06/13 07:46:00 | 009,918,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dave\Desktop\WMEncoder.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-10-16 01:38:30
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Dave\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7D0F96D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEDA5B17

< End of report >

 

===========================================================================

OTL EXTRAS LOG

 

OTL Extras logfile created on: 11/8/2013 4:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.07 Mb Total Physical Memory | 330.49 Mb Available Physical Memory | 64.79% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 4.74 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
 
Computer Name: DGL5F091 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"49152:TCP" = 49152:TCP:*:Disabled:utorrent
"65535:UDP" = 65535:UDP:*:Disabled:utorrent
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"443:TCP" = 443:TCP:*:Disabled:OpenVPN
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"50000:TCP" = 50000:TCP:*:Enabled:Vuze
"60000:UDP" = 60000:UDP:*:Enabled:Vuze
"50005:TCP" = 50005:TCP:*:Enabled:Vuze
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Azureus Software, Inc)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3645514F-7A8F-11E1-8AC3-001676AB6D60}" = MSVCRT Redists
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V33/V330 Photo Scanner Driver Update
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3467C3-C18F-4A9E-9A15-975199795D59}" = Ut Video Codec Suite x86
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD89DD7-234A-4801-9D87-3DE352E146A0}" = TMPGEnc DVD Author 1.6
"{9E912C47-345C-4306-9272-36DC42E06B01}" = UScreenCapture (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AB212B59-FF45-4C18-B369-F630CB268DAF}" = TMPGEnc 4.0 XPress
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1" = Hard Disk Scrubber 3.4 (Remove Only)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration 3.6
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.24)
"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF8455A9-21E8-457D-AC64-510A705D53B3}" = ArcSoft Scan-n-Stitch Deluxe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3 Splitter_is1" = AC3 Splitter version 1.1
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Algorithmix Plugin Bundle 1.3" = Algorithmix Plugin Bundle 1.3
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0.3
"AudibleDownloadManager" = Audible Download Manager
"AudioShell_is1" = AudioShell 1.3.5
"AviSynth" = AviSynth 2.5
"AVSLib_1-1-0(beta)" = AVSLib 1-1-0(beta)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Support Center" = Dell Support Center
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"File & Folder List Maker1.1.0" = File & Folder List Maker
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.2.3
"GoldWave v5.55" = GoldWave v5.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"iZotope RX 2_is1" = iZotope RX 2
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MediaInfo" = MediaInfo 0.7.63
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroVision!UninstallKey" = Nero Digital
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Polipo" = Polipo 1.0.4.1
"PROSet" = Intel® PRO Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SpywareGuard_is1" = SpywareGuard v2.2
"TagScanner_is1" = TagScanner 5.0 build 530
"Tor" = Tor 0.2.2.35
"uTorrent" = µTorrent
"Verizon Online DSL_is1" = Verizon Online DSL
"Vidalia" = Vidalia 0.2.17
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.5.512
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.6
"Wave Arts Master Restoration" = Wave Arts Master Restoration
"Waves Znoise v1.0" = Waves Znoise v1.0
"Wibu Emu driver v1.0" = Wibu Emu driver v1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"webmdshow" = WebM Project Directshow Filters
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/19/2013 4:17:18 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
Error - 10/20/2013 4:46:50 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
Error - 10/20/2013 6:56:45 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
Error - 10/20/2013 10:56:48 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
Error - 10/26/2013 2:13:14 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application vobblanker.exe, version 2.1.3.0, faulting module
 shell32.dll, version 6.0.2900.6242, fault address 0x00091c7b.
 
Error - 10/28/2013 11:05:20 AM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module , version 0.0.0.0, fault address 0x00000000.
 
Error - 10/28/2013 6:30:35 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module , version 0.0.0.0, fault address 0x00000000.
 
Error - 11/2/2013 3:41:22 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x00011129.
 
Error - 11/8/2013 9:20:33 AM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
Error - 11/8/2013 4:37:27 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application mbamgui.exe, version 1.70.0.0, faulting module
 mbamgui.exe, version 1.70.0.0, fault address 0x0003b525.
 
[ System Events ]
Error - 11/8/2013 4:47:33 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
 period.
 
Error - 11/8/2013 4:47:44 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
 period.
 
Error - 11/8/2013 4:47:54 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
 period.
 
Error - 11/8/2013 4:48:05 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
 period.
 
Error - 11/8/2013 4:48:15 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
 period.
 
Error - 11/8/2013 4:48:25 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
 period.
 
Error - 11/8/2013 4:48:36 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
 period.
 
Error - 11/8/2013 4:56:43 PM | Computer Name = DGL5F091 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 30  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 11/8/2013 4:56:43 PM | Computer Name = DGL5F091 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 29 minutes.  NtpClient has no source of accurate
 time.
 
Error - 11/8/2013 4:57:42 PM | Computer Name = DGL5F091 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.161.1547.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Signature Type: %%800     Update Type: %%803

    User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10003.0

    Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
 
< End of report >
 

 

===========================================================================

Hijackthis LOG

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:19 PM, on 11/8/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dave\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Epson scanner Registration.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.168
O15 - ESC Trusted IP range: http://192.168.1.168
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190818361731
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9324B3D8-E5C4-41D6-BDA3-9974DB603E2F}: NameServer = 192.168.1.1,192.168.1.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6132 bytes
 


Edited by dave e, 08 November 2013 - 04:06 PM.

    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 15 November 2013 - 03:31 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 

#3 dave e

dave e

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 15 November 2013 - 08:44 AM

I got an error when I first tried running gmer. I had another copy downloaded to the 2nd PC I'm using, and copied it over with a thumbdrive. That ran for a minute, then stalled, then the PC gave the blue screen FATAL ERROR. As described, PC only runs a minute or two before shutting down. Hardware issue?



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 15 November 2013 - 09:06 AM

Looks like that, yes. Please try the following:

 

when booting hit F8 several times

within the menu, select "Disable automatic restart on system error" (or similar)

 

Now boot into windows.

 

When facing the error, provide a picture of the BSOD message or write down the error message (separated by underscores, on the top of the screen, f.e. "IRQL_NOT_LESS_OR_EQUAL) and the stop code (begins with STOP:, at the bottom of the screen).


Proud Member of UNITE & TB
 

#5 dave e

dave e

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 15 November 2013 - 09:38 AM

I copied the info from one of the earlier crashes:

 

***STOP: 0x000000F4 (0x00000003, 0x828BD8D8, 0x828BDA4C, 0x805D22DA)

 

I also have an Events log which apparently shows errors:

 

Warning    11/8/2013    4:59:57 PM    disk    None    51    N/A    DGL5F091
Error    11/8/2013    4:59:57 PM    atapi    None    9    N/A    DGL5F091
Warning    11/8/2013    4:59:46 PM    disk    None    51    N/A    DGL5F091
Error    11/8/2013    4:59:46 PM    atapi    None    9    N/A    DGL5F091
Warning    11/8/2013    4:59:36 PM    disk    None    51    N/A    DGL5F091
Error    11/8/2013    4:59:36 PM    atapi    None    9    N/A    DGL5F091
Warning    11/8/2013    4:59:24 PM    disk    None    51    N/A    DGL5F091
Error    11/8/2013    4:59:24 PM    atapi    None    9    N/A    DGL5F091

 

 

 

I followed your instructions for new results:

 

STOP: c000021a Fatal System Error
The Windows subsystem system process terminated unexpectedly with a status of 0xc0000006
(0x75b7b08b 0x0139fbb8).
The system has been shut down.

Continues about memory dump


Edited by dave e, 15 November 2013 - 06:42 PM.


#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 18 November 2013 - 02:33 AM

The events witrhin your log show a defective hard drive or hard drive controller.

I would recommend to have the machine repaired at the local technician´s.


Proud Member of UNITE & TB
 

#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 November 2013 - 03:47 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users