Dell Dimension E510 desktop.
I dont know if I have malware, or software/hardware issues.
Got a Fatal Error message blue screen. Now every time I boot up, after a minute or two, the PC stalls and I get the Blue Screen "Detected an error and is shutting down." Tried a "restore" in safe mode but PC still stalled and got the bsod. Cant access USB ports.
I managed to download Rkill to see if I could run the diagnostics for Malware. I dont think it found anything unusual BUT the PC ran for about 30 minutes. I was hoping this meant rKill was stopping malware, but then I got the "Fatal Error" blue screen like the first time (which is different from the repeated "Detected an error and shut down" blue screen). Anyway, I ran the tests. I'm posting the (unrequested) rkill log first.
The DDS program said to zip it's two logs, so I'm attaching the zip file.
DDS.zip 9.56KB 221 downloads
===================================================================
Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 11/08/2013 03:41:18 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : cbeebeb899e31ef52b962cb31fc8ca5c [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys : 360,576 : 04/20/2006 07:18 AM : b2220c618b42a2212a59d91ebd6fc4b4 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys : 360,832 : 10/30/2007 11:53 AM : 64798ecfa43d78c7178375fcdd16d8c8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys : 360,960 : 06/20/2008 05:44 AM : 744e57c99232201ae98c49168b918f48 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 360,320 : 06/20/2008 05:45 AM : 2a5554fc5b1e04e131230e3ce035c3f9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/13/2008 02:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/08/2013 03:44:37 PM
Execution time: 0 hours(s), 3 minute(s), and 18 seconds(s)
===========================================================================
OTL LOG
OTL logfile created on: 11/8/2013 4:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.07 Mb Total Physical Memory | 330.49 Mb Available Physical Memory | 64.79% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 4.74 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Computer Name: DGL5F091 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Dave\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\SpywareGuard\spywareguard.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL ()
========== Services (SafeList) ==========
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (tfsnifs) -- system32\dla\tfsnifs.sys File not found
DRV - (SASKUTIL) -- C:\DOCUME~1\Dave\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- C:\DOCUME~1\Dave\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (CrystalSysInfo) -- C:\Program Files\AudioCoder\SysInfo.sys File not found
DRV - (Changer) -- File not found
DRV - (MpKsl0a2309af) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ABBBFF9-EDF9-4A95-A4DA-545CC5B1355F}\MpKsl0a2309af.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (tapoas) -- C:\WINDOWS\system32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (WsAudio_DeviceS(5) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\wibukey.sys (WIBU-SYSTEMS AG)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (KBCAM) -- C:\WINDOWS\system32\drivers\KBCAM.sys (LCS/Telegraphics)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {06632A5B-C6F4-45B7-A6C8-3862862CB56E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{06632A5B-C6F4-45B7-A6C8-3862862CB56E}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-00123FB46BCA}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {06632A5B-C6F4-45B7-A6C8-3862862CB56E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{06632A5B-C6F4-45B7-A6C8-3862862CB56E}: "URL" = http://www.google.co...1I7MXGB_enUS545
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DF-44A140054090
IE - HKCU\..\SearchScopes\{4747BCA0-1B7F-4416-8789-6ED2713BDD43}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-00123FB46BCA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519_yserp3tst"
FF - prefs.js..browser.search.selectedEngineInDialog: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: %7B3474c305-9dad-11d8-9207-00055d74c2e4%7D:0.4.11
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.0.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {b5fb4c8d-8220-4a63-8e0f-708cdd0f4c3d}:3.3.0.19
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files\Java\jre1.6.0_22\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/14 08:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ff [2011/02/26 14:45:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/25 17:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/12 10:40:01 | 000,000,000 | ---D | M]
[2010/06/19 23:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2010/06/19 23:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\MediaCoder
[2010/06/19 23:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2013/11/01 09:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions
[2012/02/13 16:33:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/13 16:33:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2013/11/01 09:07:22 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/27 07:48:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/12 12:04:15 | 000,003,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2013/06/06 11:44:53 | 000,031,960 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}.xpi
[2011/12/12 12:07:23 | 000,031,899 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi
[2013/10/09 18:18:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/06 08:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 08:14:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/05 08:16:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/10 09:13:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/09/25 17:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/25 17:03:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/26 14:45:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE1.6.0_22\LIB\DEPLOY\JQS\FF
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/02/26 13:09:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190818361731 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9324B3D8-E5C4-41D6-BDA3-9974DB603E2F}: NameServer = 192.168.1.1,192.168.1.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.444p - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.MP42 - mpg4c32.dll File not found
Drivers32: VIDC.MPG4 - mpg4c32.dll File not found
Drivers32: vidc.mpng - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: vidc.mvjp - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: VIDC.ULRA - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULRG - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULY0 - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULY2 - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.VIFP - C:\WINDOWS\System32\VFCodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/08 15:37:53 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/11/08 12:57:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:55:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 12:34:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/11/04 09:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
[2013/11/04 09:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2013/11/04 09:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/11/04 09:04:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/11/04 09:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/11/04 09:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/11/04 09:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/26 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\rage pics
[2013/10/15 11:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\ABBYY
[2013/10/15 10:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/10/15 09:43:57 | 000,000,000 | ---D | C] -- C:\abbyy
[2013/10/14 12:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SomePDF
[2013/10/14 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SomePDF
[2013/10/14 12:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\SomePDF
[2008/08/02 18:48:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dave\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/11/08 16:15:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/11/08 16:08:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/11/08 15:48:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/08 15:42:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3372268520-2825707008-1307184964-1005.job
[2013/11/08 15:40:50 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 15:34:50 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/11/08 12:57:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:56:49 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2013/11/08 12:55:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 12:52:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3372268520-2825707008-1307184964-1005.job
[2013/11/08 12:43:23 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbamgui.exe.lnk
[2013/11/08 12:43:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbam.exe.lnk
[2013/11/08 12:41:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/11/06 18:18:35 | 026,201,644 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.wav
[2013/11/06 18:17:30 | 006,208,354 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.mp3
[2013/11/06 18:01:47 | 007,823,816 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\72 .mp3
[2013/11/06 17:48:13 | 033,958,444 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\72.wav
[2013/11/04 17:11:15 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/11/04 17:11:09 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/04 17:09:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/11/04 17:09:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/11/04 09:28:10 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MPC-HC.lnk
[2013/11/04 09:00:20 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Temporary Internet Files.lnk
[2013/11/03 07:26:31 | 000,443,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/03 07:26:31 | 000,072,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/24 09:13:04 | 000,330,255 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\cbs_years.pdf
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavSR.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavSL.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavLFE.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavFR.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavFL.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavC.wav
[2013/10/15 20:38:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/10/15 07:14:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/15 07:14:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/10 07:04:09 | 000,280,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/10 03:50:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2013/11/08 12:56:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2013/11/08 12:43:23 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbamgui.exe.lnk
[2013/11/08 12:43:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbam.exe.lnk
[2013/11/08 10:41:32 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/06 18:17:44 | 026,201,644 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.wav
[2013/11/06 18:17:22 | 006,208,354 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.mp3
[2013/11/06 18:01:01 | 007,823,816 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\72 .mp3
[2013/11/06 17:47:11 | 033,958,444 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\72.wav
[2013/11/04 17:09:14 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/11/04 17:09:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2013/11/04 09:28:10 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MPC-HC.lnk
[2013/11/04 08:59:05 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Temporary Internet Files.lnk
[2013/10/24 09:13:10 | 000,330,255 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\cbs_years.pdf
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavSR.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavSL.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavLFE.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavFR.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavFL.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavC.wav
[2013/06/08 15:17:14 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2013/06/02 11:41:48 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2013/05/24 15:28:46 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2013/05/24 15:22:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2013/05/24 15:04:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\emcore.INI
[2013/05/24 11:49:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2013/02/15 10:52:29 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejoaa.ini
[2013/02/11 16:33:10 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejokg.ini
[2012/10/22 08:43:28 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejole.ini
[2012/10/22 08:40:22 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejoeh.ini
[2012/06/21 12:00:08 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin
[2012/05/02 18:28:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/05/02 10:21:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/05/02 10:21:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/05/02 10:21:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/05/02 10:21:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/05/02 10:21:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/05/02 10:21:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/05/02 10:21:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/05/02 10:21:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/05/02 10:21:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/05/02 10:21:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/05/02 10:21:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/05/02 10:21:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/05/02 10:21:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/05/02 10:21:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/05/02 10:21:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/05/02 10:21:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/05/02 10:20:47 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin
[2012/05/02 10:20:02 | 000,000,060 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2012/03/08 08:27:27 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejohb.ini
[2012/03/08 08:27:27 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejobg.ini
[2012/02/15 07:50:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/11 18:53:07 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2011/08/05 14:33:37 | 000,002,177 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/12/08 18:49:31 | 000,002,631 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\dvdae.config
[2010/07/09 18:57:33 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\AutoGK.ini
[2009/12/04 20:56:10 | 017,563,648 | ---- | C] () -- C:\Documents and Settings\Dave\ntuser.bak
[2009/10/29 16:24:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\prvlcl.dat
[2008/08/06 22:13:21 | 000,000,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/08/02 18:48:15 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\pcouffin.cat
[2008/08/02 18:48:15 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\pcouffin.inf
[2008/07/20 09:06:42 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Dave\Eudora.lnk
[2007/10/25 18:27:04 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\FixVTS.ini
[2007/10/09 08:45:41 | 000,001,345 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\DVDSubEdit.ini
[2007/09/28 11:14:32 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Dave\default.pls
[2007/09/26 20:20:39 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 00:04:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PFP120JPR.{PB
[2007/09/26 00:04:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PFP120JCM.{PB
[2007/09/25 23:59:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/10/26 09:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/12/04 21:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/08 10:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/10/26 09:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/05/02 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/06/08 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/06/20 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2007/09/26 09:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/10/13 11:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitachi GST
[2012/02/19 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/01/23 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/06/09 16:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/01/13 11:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/04 09:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2013/06/08 19:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro
[2011/03/03 11:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/07/05 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/08/06 22:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/05/15 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/01/28 16:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/01/16 19:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SurfAnonymousFree
[2013/08/27 17:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/12/14 20:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/11 17:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Arts
[2009/11/07 13:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/21 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\.BitTornado
[2010/09/04 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AnvSoft
[2009/01/11 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Any Video Converter
[2013/10/18 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Audacity
[2009/12/25 13:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Auslogics
[2011/03/03 01:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVG
[2012/02/13 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\avidemux
[2010/01/22 20:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVSEdit
[2013/11/04 05:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Azureus
[2013/05/24 15:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\BITS
[2012/07/02 18:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Broad Intelligence
[2009/07/19 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canneverbe_Limited
[2013/08/14 19:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2011/05/26 09:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/28 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CUE Tools
[2012/03/30 19:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CUERipper
[2013/05/24 11:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DonationCoder
[2013/06/08 19:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Downloaded Installations
[2012/10/29 13:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\dvdae
[2010/09/09 19:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDFab
[2010/01/18 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDforger
[2011/10/07 11:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EAC
[2013/09/18 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2012/05/02 10:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EPSON
[2013/06/08 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileOpen
[2013/05/24 15:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FlashgetSetup
[2013/05/24 19:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FLV Extract
[2013/11/07 10:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\foobar2000
[2012/07/19 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Full
[2010/08/17 18:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GeoVid
[2008/07/20 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Get Mail
[2013/06/08 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gimagereader
[2009/10/12 11:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GrabPro
[2012/07/18 23:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2011/10/13 20:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Hitachigst
[2011/10/25 16:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IObit
[2008/01/23 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iolo
[2012/07/29 13:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iZotope
[2012/01/16 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\JonDo
[2007/09/26 00:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2007/09/30 19:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\LEAPS
[2010/02/06 13:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Meda MP3 Joiner 1.2
[2008/09/10 18:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MenuShrink
[2010/06/19 21:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\mkvtoolnix
[2010/12/11 14:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MPEG Streamclip
[2012/12/24 16:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MSNInstaller
[2013/06/09 07:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nitro
[2013/06/09 12:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nitro PDF
[2012/03/12 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nullsoft
[2009/11/26 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\OpenOffice.org
[2011/01/25 17:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Orbit
[2011/03/03 11:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PCDr
[2011/03/25 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Pegasys Inc
[2012/06/05 22:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PgcEdit
[2012/05/15 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Publish Providers
[2008/07/20 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Qualcomm
[2010/11/08 11:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\R-TT
[2009/02/26 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\RipIt4Me
[2013/07/09 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Shareaza
[2007/09/27 11:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Snapfish
[2010/11/21 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Softplicity
[2013/10/14 12:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SomePDF
[2012/05/15 14:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sony
[2013/08/27 17:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SpiritON TV Software
[2013/07/07 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Subtitle Edit
[2013/10/04 20:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SuperNZB
[2012/01/16 23:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2013/10/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\VideoReDoPlus
[2011/03/15 11:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vso
[2011/11/10 17:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves
[2011/11/10 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Audio
[2011/11/10 17:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Preferences
[2012/12/09 14:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Winff
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.EX_ >
[2004/08/10 06:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: EXPLORER.SC_ >
[2004/08/10 06:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_
< MD5 for: EXPLORER.SCF >
[2004/08/10 06:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
< MD5 for: IEXPLORE.CHM >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/10 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\i386\iexplore.chm
[2004/08/10 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006/09/01 08:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm
< MD5 for: IEXPLORE.CHW >
[2010/06/18 18:12:02 | 000,153,185 | ---- | M] () MD5=2AABFEA7AC3B4740AF948B65F26E295D -- C:\WINDOWS\Help\iexplore.chw
< MD5 for: IEXPLORE.EX_ >
[2004/08/10 06:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\i386\IEXPLORE.EX_
< MD5 for: IEXPLORE.EXE >
[2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008/10/15 01:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2009/04/25 00:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=092A7F2B49A19ECCE5369D3CB2276148 -- C:\WINDOWS\ie8\iexplore.exe
[2008/12/19 00:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/04/22 03:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008/08/23 00:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008/04/22 02:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007/12/06 06:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2008/02/29 03:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2007/08/17 05:21:21 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3AC2BC667DA0AF2C968E96E1630F5AB5 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2007/08/17 05:12:49 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=5577D0E3AC2F9F035ACD81B44AF5F511 -- C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007/10/10 03:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2008/06/23 04:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008/02/22 04:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2007/12/06 03:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2008/10/15 02:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009/02/27 23:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie7updates\KB969897-IE7\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009/02/27 23:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2009/04/25 00:27:39 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=C0503FD8D163652735C1EE900672A75C -- C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[2008/06/23 03:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
[2004/08/10 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008/08/23 00:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007/10/10 05:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
< MD5 for: IEXPLORE.EXE.LNK >
[2012/03/07 12:34:17 | 000,000,755 | ---- | M] () MD5=D3326A4E6C3B61B1E5EB71B61CE1E6F0 -- C:\Documents and Settings\Dave\Desktop\iexplore.exe.lnk
< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007/08/13 18:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2013/11/04 19:14:45 | 000,108,400 | ---- | M] () MD5=B973D2307B23E8DA859FAC080D1C4A31 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
< MD5 for: IEXPLORE.HLP >
[2004/08/10 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\i386\iexplore.hlp
[2004/08/10 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
< MD5 for: SERVICES >
[2004/08/10 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/10 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >
[2013/09/03 08:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.CNF >
[2008/09/05 20:59:25 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Dave\My Documents\My Webs\_vti_pvt\services.cnf
[2008/09/05 20:59:25 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\HelpAssistant.DGL5F091\My Documents\My Webs\_vti_pvt\services.cnf
< MD5 for: SERVICES.CSS >
[2010/08/31 17:40:56 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
< MD5 for: SERVICES.HTML >
[2012/01/16 20:58:21 | 000,005,382 | ---- | M] () MD5=0B96A6345A16630AB1529FC34C6E6909 -- C:\Documents and Settings\Dave\Application Data\JonDo\help\de\help\services.html
[2012/01/16 20:58:12 | 000,003,131 | ---- | M] () MD5=52C196C547A80D6DFD034BBE436E4AA3 -- C:\Documents and Settings\Dave\Application Data\JonDo\help\en\help\services.html
< MD5 for: SERVICES.INI >
[2010/08/31 17:40:56 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
< MD5 for: SERVICES.LNK >
[2007/09/26 00:09:13 | 000,001,602 | ---- | M] () MD5=D44CE93DBF970329AF5C5B44556FC28B -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2004/08/10 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/10 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SERVICES.PNG >
[2010/11/17 19:36:00 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
< MD5 for: SERVICES.RDB >
[2009/08/19 09:24:20 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2009/08/19 09:23:28 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SERVICES.SBS >
[2007/09/25 06:30:12 | 000,040,039 | ---- | M] () MD5=EEDDBF903B1D53F941A446945784DCB4 -- C:\Software\Spyware\Spybot14 stuff October\Includes\Services.sbs
< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %SYSTEMDRIVE%\*.* >
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/25 16:57:05 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/12/14 20:33:22 | 000,006,049 | R--- | M] () -- C:\dell.sdr
[2008/10/16 19:39:48 | 000,001,446 | ---- | M] () -- C:\devicetable.log
[2010/03/26 05:43:03 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/11/08 10:39:50 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2013/11/08 15:40:50 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/26 10:54:51 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/01/27 12:02:36 | 000,000,052 | ---- | M] () -- C:\info.txt
[2008/06/07 19:12:24 | 000,000,121 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2005/12/14 20:55:19 | 000,000,839 | ---- | M] () -- C:\IPH.PH
[2009/04/26 09:00:08 | 000,006,543 | ---- | M] () -- C:\JavaRa.log
[2008/05/10 14:30:00 | 005,071,488 | ---- | M] () -- C:\JC3REVD_Revised_3.0_Program.exe
[2008/05/10 12:14:28 | 003,754,234 | ---- | M] () -- C:\JCAM3FUD_3.0_Driver_for_XP.zip
[2010/05/15 08:18:44 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2012/10/12 17:46:11 | 000,000,128 | ---- | M] () -- C:\muxman.log
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/20 14:22:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/11/08 15:40:48 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2005/12/14 20:55:28 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/02/04 12:23:39 | 000,039,432 | ---- | M] () -- C:\xlogo-debug.txt
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2005/08/16 05:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/05/12 14:02:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2004/05/12 14:52:24 | 000,417,792 | ---- | M] () -- C:\WINDOWS\Nero PhotoShow.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Local Disk
Volume Serial Number is D44D-A563
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/10/2013 03:55 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/10/2013 03:55 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 5,036,982,272 bytes free
< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Desktop\*.exe >
[2013/09/11 10:59:01 | 022,308,174 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Dave\Desktop\audacity-win-2.0.4.exe
[2013/07/08 10:08:03 | 000,584,600 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\cbsidlm-tr1_13-Torenkey-SEO-10812780.exe
[2013/11/08 12:57:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:55:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 15:34:50 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/06/13 07:46:00 | 009,918,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dave\Desktop\WMEncoder.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-10-16 01:38:30
========== Alternate Data Streams ==========
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Dave\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7D0F96D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEDA5B17
< End of report >
===========================================================================
OTL EXTRAS LOG
OTL Extras logfile created on: 11/8/2013 4:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.07 Mb Total Physical Memory | 330.49 Mb Available Physical Memory | 64.79% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 4.74 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Computer Name: DGL5F091 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"49152:TCP" = 49152:TCP:*:Disabled:utorrent
"65535:UDP" = 65535:UDP:*:Disabled:utorrent
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"443:TCP" = 443:TCP:*:Disabled:OpenVPN
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"50000:TCP" = 50000:TCP:*:Enabled:Vuze
"60000:UDP" = 60000:UDP:*:Enabled:Vuze
"50005:TCP" = 50005:TCP:*:Enabled:Vuze
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Azureus Software, Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3645514F-7A8F-11E1-8AC3-001676AB6D60}" = MSVCRT Redists
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V33/V330 Photo Scanner Driver Update
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3467C3-C18F-4A9E-9A15-975199795D59}" = Ut Video Codec Suite x86
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD89DD7-234A-4801-9D87-3DE352E146A0}" = TMPGEnc DVD Author 1.6
"{9E912C47-345C-4306-9272-36DC42E06B01}" = UScreenCapture (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AB212B59-FF45-4C18-B369-F630CB268DAF}" = TMPGEnc 4.0 XPress
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1" = Hard Disk Scrubber 3.4 (Remove Only)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration 3.6
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.24)
"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF8455A9-21E8-457D-AC64-510A705D53B3}" = ArcSoft Scan-n-Stitch Deluxe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3 Splitter_is1" = AC3 Splitter version 1.1
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Algorithmix Plugin Bundle 1.3" = Algorithmix Plugin Bundle 1.3
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0.3
"AudibleDownloadManager" = Audible Download Manager
"AudioShell_is1" = AudioShell 1.3.5
"AviSynth" = AviSynth 2.5
"AVSLib_1-1-0(beta)" = AVSLib 1-1-0(beta)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Support Center" = Dell Support Center
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"File & Folder List Maker1.1.0" = File & Folder List Maker
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.2.3
"GoldWave v5.55" = GoldWave v5.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"iZotope RX 2_is1" = iZotope RX 2
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MediaInfo" = MediaInfo 0.7.63
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroVision!UninstallKey" = Nero Digital
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Polipo" = Polipo 1.0.4.1
"PROSet" = Intel® PRO Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SpywareGuard_is1" = SpywareGuard v2.2
"TagScanner_is1" = TagScanner 5.0 build 530
"Tor" = Tor 0.2.2.35
"uTorrent" = µTorrent
"Verizon Online DSL_is1" = Verizon Online DSL
"Vidalia" = Vidalia 0.2.17
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.5.512
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.6
"Wave Arts Master Restoration" = Wave Arts Master Restoration
"Waves Znoise v1.0" = Waves Znoise v1.0
"Wibu Emu driver v1.0" = Wibu Emu driver v1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"webmdshow" = WebM Project Directshow Filters
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2013 4:17:18 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Error - 10/20/2013 4:46:50 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 10/20/2013 6:56:45 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 10/20/2013 10:56:48 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 10/26/2013 2:13:14 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application vobblanker.exe, version 2.1.3.0, faulting module
shell32.dll, version 6.0.2900.6242, fault address 0x00091c7b.
Error - 10/28/2013 11:05:20 AM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 10/28/2013 6:30:35 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 11/2/2013 3:41:22 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011129.
Error - 11/8/2013 9:20:33 AM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 11/8/2013 4:37:27 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application mbamgui.exe, version 1.70.0.0, faulting module
mbamgui.exe, version 1.70.0.0, fault address 0x0003b525.
[ System Events ]
Error - 11/8/2013 4:47:33 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:47:44 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:47:54 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:05 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:15 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:25 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:36 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:56:43 PM | Computer Name = DGL5F091 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 11/8/2013 4:56:43 PM | Computer Name = DGL5F091 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 11/8/2013 4:57:42 PM | Computer Name = DGL5F091 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1547.0 Update Source: %%859 Update Stage:
%%852 Source Path: Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
< End of report >
===========================================================================
Hijackthis LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:19 PM, on 11/8/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Epson scanner Registration.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.168
O15 - ESC Trusted IP range: http://192.168.1.168
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190818361731
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9324B3D8-E5C4-41D6-BDA3-9974DB603E2F}: NameServer = 192.168.1.1,192.168.1.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 6132 bytes
Edited by dave e, 08 November 2013 - 04:06 PM.