Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
Dell Dimension E510 desktop.
I dont know if I have malware, or software/hardware issues.
Got a Fatal Error message blue screen. Now every time I boot up, after a minute or two, the PC stalls and I get the Blue Screen "Detected an error and is shutting down." Tried a "restore" in safe mode but PC still stalled and got the bsod. Cant access USB ports.
I managed to download Rkill to see if I could run the diagnostics for Malware. I dont think it found anything unusual BUT the PC ran for about 30 minutes. I was hoping this meant rKill was stopping malware, but then I got the "Fatal Error" blue screen like the first time (which is different from the repeated "Detected an error and shut down" blue screen). Anyway, I ran the tests. I'm posting the (unrequested) rkill log first.
The DDS program said to zip it's two logs, so I'm attaching the zip file.
DDS.zip 9.56KB
221 downloads
===================================================================
Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 11/08/2013 03:41:18 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : cbeebeb899e31ef52b962cb31fc8ca5c [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys : 360,576 : 04/20/2006 07:18 AM : b2220c618b42a2212a59d91ebd6fc4b4 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys : 360,832 : 10/30/2007 11:53 AM : 64798ecfa43d78c7178375fcdd16d8c8 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys : 360,960 : 06/20/2008 05:44 AM : 744e57c99232201ae98c49168b918f48 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 360,320 : 06/20/2008 05:45 AM : 2a5554fc5b1e04e131230e3ce035c3f9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361,344 : 04/13/2008 02:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/08/2013 03:44:37 PM
Execution time: 0 hours(s), 3 minute(s), and 18 seconds(s)
===========================================================================
OTL LOG
OTL logfile created on: 11/8/2013 4:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.07 Mb Total Physical Memory | 330.49 Mb Available Physical Memory | 64.79% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 4.74 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Computer Name: DGL5F091 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Dave\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\SpywareGuard\spywareguard.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL ()
========== Services (SafeList) ==========
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (tfsnifs) -- system32\dla\tfsnifs.sys File not found
DRV - (SASKUTIL) -- C:\DOCUME~1\Dave\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- C:\DOCUME~1\Dave\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (CrystalSysInfo) -- C:\Program Files\AudioCoder\SysInfo.sys File not found
DRV - (Changer) -- File not found
DRV - (MpKsl0a2309af) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ABBBFF9-EDF9-4A95-A4DA-545CC5B1355F}\MpKsl0a2309af.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (tapoas) -- C:\WINDOWS\system32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (WsAudio_DeviceS(5) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\wibukey.sys (WIBU-SYSTEMS AG)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (KBCAM) -- C:\WINDOWS\system32\drivers\KBCAM.sys (LCS/Telegraphics)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {06632A5B-C6F4-45B7-A6C8-3862862CB56E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{06632A5B-C6F4-45B7-A6C8-3862862CB56E}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-00123FB46BCA}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {06632A5B-C6F4-45B7-A6C8-3862862CB56E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{06632A5B-C6F4-45B7-A6C8-3862862CB56E}: "URL" = http://www.google.co...1I7MXGB_enUS545
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...DF-44A140054090
IE - HKCU\..\SearchScopes\{4747BCA0-1B7F-4416-8789-6ED2713BDD43}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-00123FB46BCA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519_yserp3tst"
FF - prefs.js..browser.search.selectedEngineInDialog: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: %7B3474c305-9dad-11d8-9207-00055d74c2e4%7D:0.4.11
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.0.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {b5fb4c8d-8220-4a63-8e0f-708cdd0f4c3d}:3.3.0.19
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files\Java\jre1.6.0_22\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/14 08:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ff [2011/02/26 14:45:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/25 17:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/12 10:40:01 | 000,000,000 | ---D | M]
[2010/06/19 23:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2010/06/19 23:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\MediaCoder
[2010/06/19 23:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2013/11/01 09:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions
[2012/02/13 16:33:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/13 16:33:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2013/11/01 09:07:22 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/27 07:48:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/12 12:04:15 | 000,003,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2013/06/06 11:44:53 | 000,031,960 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}.xpi
[2011/12/12 12:07:23 | 000,031,899 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi
[2013/10/09 18:18:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\96u2iqfh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/06 08:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 08:14:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/05 08:16:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/10 09:13:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/09/25 17:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/25 17:03:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/26 14:45:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE1.6.0_22\LIB\DEPLOY\JQS\FF
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/02/26 13:09:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190818361731 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9324B3D8-E5C4-41D6-BDA3-9974DB603E2F}: NameServer = 192.168.1.1,192.168.1.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.444p - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.MP42 - mpg4c32.dll File not found
Drivers32: VIDC.MPG4 - mpg4c32.dll File not found
Drivers32: vidc.mpng - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: vidc.mvjp - C:\Program Files\t@b\0.958\686\tabdec.dll File not found
Drivers32: VIDC.ULRA - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULRG - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULY0 - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.ULY2 - C:\WINDOWS\system32\utv_vcm.dll ()
Drivers32: VIDC.VIFP - C:\WINDOWS\System32\VFCodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/08 15:37:53 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/11/08 12:57:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:55:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 12:34:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/11/04 09:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
[2013/11/04 09:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2013/11/04 09:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/11/04 09:04:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/11/04 09:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/11/04 09:04:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/11/04 09:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/26 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\rage pics
[2013/10/15 11:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\ABBYY
[2013/10/15 10:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/10/15 09:43:57 | 000,000,000 | ---D | C] -- C:\abbyy
[2013/10/14 12:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SomePDF
[2013/10/14 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SomePDF
[2013/10/14 12:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\SomePDF
[2008/08/02 18:48:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dave\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/11/08 16:15:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/11/08 16:08:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/11/08 15:48:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/08 15:42:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3372268520-2825707008-1307184964-1005.job
[2013/11/08 15:40:50 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 15:34:50 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/11/08 12:57:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:56:49 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2013/11/08 12:55:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 12:52:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3372268520-2825707008-1307184964-1005.job
[2013/11/08 12:43:23 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbamgui.exe.lnk
[2013/11/08 12:43:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbam.exe.lnk
[2013/11/08 12:41:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/11/06 18:18:35 | 026,201,644 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.wav
[2013/11/06 18:17:30 | 006,208,354 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.mp3
[2013/11/06 18:01:47 | 007,823,816 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\72 .mp3
[2013/11/06 17:48:13 | 033,958,444 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\72.wav
[2013/11/04 17:11:15 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/11/04 17:11:09 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/04 17:09:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/11/04 17:09:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/11/04 09:28:10 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MPC-HC.lnk
[2013/11/04 09:00:20 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Temporary Internet Files.lnk
[2013/11/03 07:26:31 | 000,443,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/03 07:26:31 | 000,072,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/24 09:13:04 | 000,330,255 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\cbs_years.pdf
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavSR.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavSL.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavLFE.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavFR.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavFL.wav
[2013/10/18 11:45:27 | 040,927,670 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\test.wavC.wav
[2013/10/15 20:38:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/10/15 07:14:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/15 07:14:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/10 07:04:09 | 000,280,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/10 03:50:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2013/11/08 12:56:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2013/11/08 12:43:23 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbamgui.exe.lnk
[2013/11/08 12:43:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to mbam.exe.lnk
[2013/11/08 10:41:32 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/06 18:17:44 | 026,201,644 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.wav
[2013/11/06 18:17:22 | 006,208,354 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\01 RS002 Spider Baby-1.mp3
[2013/11/06 18:01:01 | 007,823,816 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\72 .mp3
[2013/11/06 17:47:11 | 033,958,444 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\72.wav
[2013/11/04 17:09:14 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/11/04 17:09:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2013/11/04 09:28:10 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MPC-HC.lnk
[2013/11/04 08:59:05 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Temporary Internet Files.lnk
[2013/10/24 09:13:10 | 000,330,255 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\cbs_years.pdf
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavSR.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavSL.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavLFE.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavFR.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavFL.wav
[2013/10/18 11:44:00 | 040,927,670 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\test.wavC.wav
[2013/06/08 15:17:14 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2013/06/02 11:41:48 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2013/05/24 15:28:46 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2013/05/24 15:22:17 | 000,000,598 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2013/05/24 15:04:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\emcore.INI
[2013/05/24 11:49:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2013/02/15 10:52:29 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejoaa.ini
[2013/02/11 16:33:10 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejokg.ini
[2012/10/22 08:43:28 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejole.ini
[2012/10/22 08:40:22 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejoeh.ini
[2012/06/21 12:00:08 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin
[2012/05/02 18:28:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/05/02 10:21:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/05/02 10:21:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/05/02 10:21:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/05/02 10:21:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/05/02 10:21:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/05/02 10:21:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/05/02 10:21:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/05/02 10:21:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/05/02 10:21:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/05/02 10:21:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/05/02 10:21:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/05/02 10:21:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/05/02 10:21:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/05/02 10:21:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/05/02 10:21:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/05/02 10:21:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/05/02 10:20:47 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin
[2012/05/02 10:20:02 | 000,000,060 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2012/03/08 08:27:27 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejohb.ini
[2012/03/08 08:27:27 | 000,000,005 | ---- | C] () -- C:\WINDOWS\igaejobg.ini
[2012/02/15 07:50:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/11 18:53:07 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2011/08/05 14:33:37 | 000,002,177 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/12/08 18:49:31 | 000,002,631 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\dvdae.config
[2010/07/09 18:57:33 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\AutoGK.ini
[2009/12/04 20:56:10 | 017,563,648 | ---- | C] () -- C:\Documents and Settings\Dave\ntuser.bak
[2009/10/29 16:24:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\prvlcl.dat
[2008/08/06 22:13:21 | 000,000,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/08/02 18:48:15 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\pcouffin.cat
[2008/08/02 18:48:15 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\pcouffin.inf
[2008/07/20 09:06:42 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Dave\Eudora.lnk
[2007/10/25 18:27:04 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\FixVTS.ini
[2007/10/09 08:45:41 | 000,001,345 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\DVDSubEdit.ini
[2007/09/28 11:14:32 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Dave\default.pls
[2007/09/26 20:20:39 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/26 00:04:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PFP120JPR.{PB
[2007/09/26 00:04:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\PFP120JCM.{PB
[2007/09/25 23:59:44 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/10/26 09:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/12/04 21:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/08 10:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/10/26 09:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/05/02 10:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/06/08 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/06/20 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2007/09/26 09:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/10/13 11:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitachi GST
[2012/02/19 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/01/23 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/06/09 16:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/01/13 11:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/04 09:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2013/06/08 19:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro
[2011/03/03 11:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/07/05 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/08/06 22:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/05/15 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/01/28 16:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/01/16 19:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SurfAnonymousFree
[2013/08/27 17:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/12/14 20:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/11 17:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Arts
[2009/11/07 13:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/21 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\.BitTornado
[2010/09/04 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AnvSoft
[2009/01/11 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Any Video Converter
[2013/10/18 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Audacity
[2009/12/25 13:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Auslogics
[2011/03/03 01:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVG
[2012/02/13 16:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\avidemux
[2010/01/22 20:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVSEdit
[2013/11/04 05:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Azureus
[2013/05/24 15:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\BITS
[2012/07/02 18:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Broad Intelligence
[2009/07/19 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canneverbe_Limited
[2013/08/14 19:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Canon
[2011/05/26 09:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/28 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CUE Tools
[2012/03/30 19:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CUERipper
[2013/05/24 11:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DonationCoder
[2013/06/08 19:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Downloaded Installations
[2012/10/29 13:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\dvdae
[2010/09/09 19:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDFab
[2010/01/18 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDforger
[2011/10/07 11:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EAC
[2013/09/18 17:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\ElevatedDiagnostics
[2012/05/02 10:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EPSON
[2013/06/08 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FileOpen
[2013/05/24 15:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FlashgetSetup
[2013/05/24 19:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FLV Extract
[2013/11/07 10:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\foobar2000
[2012/07/19 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Full
[2010/08/17 18:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GeoVid
[2008/07/20 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Get Mail
[2013/06/08 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gimagereader
[2009/10/12 11:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\GrabPro
[2012/07/18 23:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\gtk-2.0
[2011/10/13 20:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Hitachigst
[2011/10/25 16:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IObit
[2008/01/23 11:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iolo
[2012/07/29 13:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\iZotope
[2012/01/16 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\JonDo
[2007/09/26 00:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Leadertech
[2007/09/30 19:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\LEAPS
[2010/02/06 13:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Meda MP3 Joiner 1.2
[2008/09/10 18:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MenuShrink
[2010/06/19 21:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\mkvtoolnix
[2010/12/11 14:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MPEG Streamclip
[2012/12/24 16:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MSNInstaller
[2013/06/09 07:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nitro
[2013/06/09 12:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nitro PDF
[2012/03/12 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nullsoft
[2009/11/26 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\OpenOffice.org
[2011/01/25 17:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Orbit
[2011/03/03 11:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PCDr
[2011/03/25 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Pegasys Inc
[2012/06/05 22:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PgcEdit
[2012/05/15 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Publish Providers
[2008/07/20 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Qualcomm
[2010/11/08 11:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\R-TT
[2009/02/26 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\RipIt4Me
[2013/07/09 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Shareaza
[2007/09/27 11:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Snapfish
[2010/11/21 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Softplicity
[2013/10/14 12:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SomePDF
[2012/05/15 14:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Sony
[2013/08/27 17:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SpiritON TV Software
[2013/07/07 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Subtitle Edit
[2013/10/04 20:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SuperNZB
[2012/01/16 23:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2013/10/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\VideoReDoPlus
[2011/03/15 11:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vso
[2011/11/10 17:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves
[2011/11/10 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Audio
[2011/11/10 17:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Waves Preferences
[2012/12/09 14:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Winff
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.EX_ >
[2004/08/10 06:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: EXPLORER.SC_ >
[2004/08/10 06:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_
< MD5 for: EXPLORER.SCF >
[2004/08/10 06:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
< MD5 for: IEXPLORE.CHM >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/10 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\i386\iexplore.chm
[2004/08/10 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006/09/01 08:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm
< MD5 for: IEXPLORE.CHW >
[2010/06/18 18:12:02 | 000,153,185 | ---- | M] () MD5=2AABFEA7AC3B4740AF948B65F26E295D -- C:\WINDOWS\Help\iexplore.chw
< MD5 for: IEXPLORE.EX_ >
[2004/08/10 06:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\i386\IEXPLORE.EX_
< MD5 for: IEXPLORE.EXE >
[2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008/10/15 01:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2009/04/25 00:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=092A7F2B49A19ECCE5369D3CB2276148 -- C:\WINDOWS\ie8\iexplore.exe
[2008/12/19 00:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/04/22 03:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008/08/23 00:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008/04/22 02:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007/12/06 06:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2008/02/29 03:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2007/08/17 05:21:21 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3AC2BC667DA0AF2C968E96E1630F5AB5 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2007/08/17 05:12:49 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=5577D0E3AC2F9F035ACD81B44AF5F511 -- C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007/10/10 03:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2008/06/23 04:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008/02/22 04:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2007/12/06 03:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2008/10/15 02:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009/02/27 23:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie7updates\KB969897-IE7\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009/02/27 23:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2009/04/25 00:27:39 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=C0503FD8D163652735C1EE900672A75C -- C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[2008/06/23 03:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
[2004/08/10 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008/08/23 00:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007/10/10 05:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
< MD5 for: IEXPLORE.EXE.LNK >
[2012/03/07 12:34:17 | 000,000,755 | ---- | M] () MD5=D3326A4E6C3B61B1E5EB71B61CE1E6F0 -- C:\Documents and Settings\Dave\Desktop\iexplore.exe.lnk
< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007/08/13 18:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2013/11/04 19:14:45 | 000,108,400 | ---- | M] () MD5=B973D2307B23E8DA859FAC080D1C4A31 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
< MD5 for: IEXPLORE.HLP >
[2004/08/10 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\i386\iexplore.hlp
[2004/08/10 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
< MD5 for: SERVICES >
[2004/08/10 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/10 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >
[2013/09/03 08:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.CNF >
[2008/09/05 20:59:25 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Dave\My Documents\My Webs\_vti_pvt\services.cnf
[2008/09/05 20:59:25 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\HelpAssistant.DGL5F091\My Documents\My Webs\_vti_pvt\services.cnf
< MD5 for: SERVICES.CSS >
[2010/08/31 17:40:56 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
< MD5 for: SERVICES.HTML >
[2012/01/16 20:58:21 | 000,005,382 | ---- | M] () MD5=0B96A6345A16630AB1529FC34C6E6909 -- C:\Documents and Settings\Dave\Application Data\JonDo\help\de\help\services.html
[2012/01/16 20:58:12 | 000,003,131 | ---- | M] () MD5=52C196C547A80D6DFD034BBE436E4AA3 -- C:\Documents and Settings\Dave\Application Data\JonDo\help\en\help\services.html
< MD5 for: SERVICES.INI >
[2010/08/31 17:40:56 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
< MD5 for: SERVICES.LNK >
[2007/09/26 00:09:13 | 000,001,602 | ---- | M] () MD5=D44CE93DBF970329AF5C5B44556FC28B -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2004/08/10 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/10 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SERVICES.PNG >
[2010/11/17 19:36:00 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png
< MD5 for: SERVICES.RDB >
[2009/08/19 09:24:20 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2009/08/19 09:23:28 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SERVICES.SBS >
[2007/09/25 06:30:12 | 000,040,039 | ---- | M] () MD5=EEDDBF903B1D53F941A446945784DCB4 -- C:\Software\Spyware\Spybot14 stuff October\Includes\Services.sbs
< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %SYSTEMDRIVE%\*.* >
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/25 16:57:05 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/12/14 20:33:22 | 000,006,049 | R--- | M] () -- C:\dell.sdr
[2008/10/16 19:39:48 | 000,001,446 | ---- | M] () -- C:\devicetable.log
[2010/03/26 05:43:03 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/11/08 10:39:50 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2013/11/08 15:40:50 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/26 10:54:51 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/01/27 12:02:36 | 000,000,052 | ---- | M] () -- C:\info.txt
[2008/06/07 19:12:24 | 000,000,121 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2005/12/14 20:55:19 | 000,000,839 | ---- | M] () -- C:\IPH.PH
[2009/04/26 09:00:08 | 000,006,543 | ---- | M] () -- C:\JavaRa.log
[2008/05/10 14:30:00 | 005,071,488 | ---- | M] () -- C:\JC3REVD_Revised_3.0_Program.exe
[2008/05/10 12:14:28 | 003,754,234 | ---- | M] () -- C:\JCAM3FUD_3.0_Driver_for_XP.zip
[2010/05/15 08:18:44 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2012/10/12 17:46:11 | 000,000,128 | ---- | M] () -- C:\muxman.log
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/20 14:22:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/11/08 15:40:48 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2005/12/14 20:55:28 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/02/04 12:23:39 | 000,039,432 | ---- | M] () -- C:\xlogo-debug.txt
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2005/08/16 05:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/05/12 14:02:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2004/05/12 14:52:24 | 000,417,792 | ---- | M] () -- C:\WINDOWS\Nero PhotoShow.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Local Disk
Volume Serial Number is D44D-A563
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/10/2013 03:55 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/10/2013 03:55 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 5,036,982,272 bytes free
< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Desktop\*.exe >
[2013/09/11 10:59:01 | 022,308,174 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Dave\Desktop\audacity-win-2.0.4.exe
[2013/07/08 10:08:03 | 000,584,600 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\cbsidlm-tr1_13-Torenkey-SEO-10812780.exe
[2013/11/08 12:57:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
[2013/11/08 12:55:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2013/11/08 15:34:50 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Dave\Desktop\rkill.exe
[2013/06/13 07:46:00 | 009,918,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dave\Desktop\WMEncoder.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-10-16 01:38:30
========== Alternate Data Streams ==========
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Dave\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7D0F96D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEDA5B17
< End of report >
===========================================================================
OTL EXTRAS LOG
OTL Extras logfile created on: 11/8/2013 4:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.07 Mb Total Physical Memory | 330.49 Mb Available Physical Memory | 64.79% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 4.74 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Computer Name: DGL5F091 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"49152:TCP" = 49152:TCP:*:Disabled:utorrent
"65535:UDP" = 65535:UDP:*:Disabled:utorrent
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"443:TCP" = 443:TCP:*:Disabled:OpenVPN
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"50000:TCP" = 50000:TCP:*:Enabled:Vuze
"60000:UDP" = 60000:UDP:*:Enabled:Vuze
"50005:TCP" = 50005:TCP:*:Enabled:Vuze
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\Simple Port Forwarding\spf.exe" = C:\Program Files\Simple Port Forwarding\spf.exe:*:Enabled:Simple Port Forwarding By PcWinTech.com
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Azureus Software, Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3645514F-7A8F-11E1-8AC3-001676AB6D60}" = MSVCRT Redists
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V33/V330 Photo Scanner Driver Update
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3467C3-C18F-4A9E-9A15-975199795D59}" = Ut Video Codec Suite x86
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD89DD7-234A-4801-9D87-3DE352E146A0}" = TMPGEnc DVD Author 1.6
"{9E912C47-345C-4306-9272-36DC42E06B01}" = UScreenCapture (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AB212B59-FF45-4C18-B369-F630CB268DAF}" = TMPGEnc 4.0 XPress
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1" = Hard Disk Scrubber 3.4 (Remove Only)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration 3.6
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.24)
"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF8455A9-21E8-457D-AC64-510A705D53B3}" = ArcSoft Scan-n-Stitch Deluxe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3 Splitter_is1" = AC3 Splitter version 1.1
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Algorithmix Plugin Bundle 1.3" = Algorithmix Plugin Bundle 1.3
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0.3
"AudibleDownloadManager" = Audible Download Manager
"AudioShell_is1" = AudioShell 1.3.5
"AviSynth" = AviSynth 2.5
"AVSLib_1-1-0(beta)" = AVSLib 1-1-0(beta)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Support Center" = Dell Support Center
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"File & Folder List Maker1.1.0" = File & Folder List Maker
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.2.3
"GoldWave v5.55" = GoldWave v5.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"iZotope RX 2_is1" = iZotope RX 2
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MediaInfo" = MediaInfo 0.7.63
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroVision!UninstallKey" = Nero Digital
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Polipo" = Polipo 1.0.4.1
"PROSet" = Intel® PRO Network Connections Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SpywareGuard_is1" = SpywareGuard v2.2
"TagScanner_is1" = TagScanner 5.0 build 530
"Tor" = Tor 0.2.2.35
"uTorrent" = µTorrent
"Verizon Online DSL_is1" = Verizon Online DSL
"Vidalia" = Vidalia 0.2.17
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.5.512
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.6
"Wave Arts Master Restoration" = Wave Arts Master Restoration
"Waves Znoise v1.0" = Waves Znoise v1.0
"Wibu Emu driver v1.0" = Wibu Emu driver v1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"webmdshow" = WebM Project Directshow Filters
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/19/2013 4:17:18 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Error - 10/20/2013 4:46:50 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 10/20/2013 6:56:45 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 10/20/2013 10:56:48 PM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 10/26/2013 2:13:14 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application vobblanker.exe, version 2.1.3.0, faulting module
shell32.dll, version 6.0.2900.6242, fault address 0x00091c7b.
Error - 10/28/2013 11:05:20 AM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 10/28/2013 6:30:35 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 11/2/2013 3:41:22 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00011129.
Error - 11/8/2013 9:20:33 AM | Computer Name = DGL5F091 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 11/8/2013 4:37:27 PM | Computer Name = DGL5F091 | Source = Application Error | ID = 1000
Description = Faulting application mbamgui.exe, version 1.70.0.0, faulting module
mbamgui.exe, version 1.70.0.0, fault address 0x0003b525.
[ System Events ]
Error - 11/8/2013 4:47:33 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:47:44 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:47:54 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:05 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:15 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:25 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:48:36 PM | Computer Name = DGL5F091 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 11/8/2013 4:56:43 PM | Computer Name = DGL5F091 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 11/8/2013 4:56:43 PM | Computer Name = DGL5F091 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 11/8/2013 4:57:42 PM | Computer Name = DGL5F091 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1547.0 Update Source: %%859 Update Stage:
%%852 Source Path: Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
< End of report >
===========================================================================
Hijackthis LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:19 PM, on 11/8/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dave\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Epson scanner Registration.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.168
O15 - ESC Trusted IP range: http://192.168.1.168
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190818361731
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9324B3D8-E5C4-41D6-BDA3-9974DB603E2F}: NameServer = 192.168.1.1,192.168.1.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre1.6.0_22\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 6132 bytes
Edited by dave e, 08 November 2013 - 04:06 PM.
