Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

XP, something is running slowing computer to a crawl


  • Please log in to reply
122 replies to this topic

#1 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 31 July 2014 - 08:04 PM

Computer keeps freezing as if it's waiting for something to get done before it can proceed.

I've noticed in task manager that cpu time is higher than normal, even if I just boot computer and don't open any programs the cpu usage is up around 25 to 40% but it used to drop to 0 or 1% after a couple of minutes.

Looking at processes it's usually one of the svchost that's using cpu.

 

I've also seen 2 or 3 iexplore's in processes using cpu even though I haven't opened internet.

Also getting some errors and some settings are changing on their own.

 

Errors: iexplore.exe aplication error, some instruction at some memory, memory could not be read

            dialup connection window has started popping up and it won't close, I have to use task manager to close it.

            try to open IE and get webpage is unavailable and find that work offline has been checked even after I unchecked it.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:24 PM, on 7/31/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\My Documents\Downloads\HiJackThis(1).exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\MIKE\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IsemhAwixp] regsvr32.exe "C:\Documents and Settings\All Users\Application Data\IsemhAwixp\IsemhAwixp.dat"
O4 - HKCU\..\Run: [IdeguXagqi] regsvr32.exe "C:\Documents and Settings\All Users\Application Data\IdeguXagqi\IdeguXagqi.dat"
O4 - HKCU\..\Run: [Vecevegaiksuax] "C:\Documents and Settings\MIKE\Application Data\Noimcifi\kimavya.exe"
O4 - S-1-5-21-1085031214-2000478354-839522115-1009 Startup: evuwyq.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: ifvai.exe (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} (NVIDIA GPU Reader Class) - http://www.geforce.c.../GPU_Reader.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.giga...bject/Dldrv.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...ols/pcmatic.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...102/CTSUEng.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://service.samsu...rustChecker.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - https://pbells.broad...otiveClient.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creat...015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...21022/CTPID.cab
O20 - Winlogon Notify: ciltadl - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll
O20 - Winlogon Notify: ohnmkie - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 7A2A25B2 - Unknown owner - C:\WINDOWS\system32\7A2A25B2.exe (file missing)
O23 - Service: 9938A174 - Unknown owner - C:\WINDOWS\system32\9938A174.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

--
End of file - 10427 bytes
 

 

 

 

 


    Advertisements

Register to Remove


#2 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 01 August 2014 - 01:17 AM

additional info, pc much worse already, couldn't get to this forum with it, had to use another one to get you this info.

ran microsoft security essentials, as it was running it said prelemenary results showed a problem.

as it was running screen went all white, taskbar showed 2 IE's open, then website poop muffin opened with no place to close it and right click would not work.

tried opening task manager, took a long time to open, only app it showed was security essentials even though that web page was still open.

then security essentials screen disappeared, used task manager to swith to security essentials again, took a long time but finally switched and website screen disappeared.

then screen went all white again and task bar showed 4 IE's open and web page called country search.com opened, task bar showed 6 IE's open.

if i right click on any IE in task bar security essentials would disappear.

security essentials finally finished and show 2 serious threats, sorry i don't remember names, i took screen shots but since i can't get pc on the forum I may not be able to get you the names.

security essentials tried to remove the two threats, removed one but had a problem removing the other.

pc now so slow i may not be able to use it, tried for about twenty minutes to get it on forum with no luck.



#3 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 01 August 2014 - 07:05 AM

Hi gcdi, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Download OTL to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Next

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
  • OTL.txt
  • Extra.txt
  • aswMBR log
  • MBR.dat (zipped and attached)

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#4 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 01 August 2014 - 08:39 PM

OTL logfile created on: 8/1/2014 1:16:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MIKE\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.12 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 69.57% Memory free
4.96 Gb Paging File | 4.11 Gb Available in Paging File | 82.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 805.74 Gb Free Space | 86.50% Space Free | Partition Type: NTFS
Drive D: | 7.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 69.23 Gb Total Space | 29.09 Gb Free Space | 42.01% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 175.56 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
 
Computer Name: GCDI | User Name: MIKE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\MIKE\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Documents and Settings\MIKE\Application Data\1396467839\graphicsserver.dll ()
MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll ()
MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
MOD - C:\Program Files\Gigabyte\EasySaver\ycc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe File not found
SRV - (9938A174) -- C:\WINDOWS\system32\9938A174.exe File not found
SRV - (7A2A25B2) -- C:\WINDOWS\system32\7A2A25B2.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe (SiSoftware)
SRV - (BCUService) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (pr2ah4nc) -- C:\WINDOWS\System32\pr2ah4nc.exe (CODEMASTERS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (mosuport) -- system32\DRIVERS\mosuport.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\MIKE\LOCALS~1\Temp\catchme.sys File not found
DRV - (AODDriver) -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys File not found
DRV - (MpKslb1621762) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EAF4220-BEDB-4DCF-A3A7-97E312F7A877}\MpKslb1621762.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (etdrv) -- C:\WINDOWS\etdrv.sys (Windows ® 2000 DDK provider)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLTEAMING) -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS (Realtek Semiconductor Corporation)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nusb3xhc) -- C:\WINDOWS\system32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\WINDOWS\system32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\sandra.sys (SiSoftware)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation                           )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RtNdPt5x) -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys (Realtek Semiconductor Corporation                           )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (MarkFun_NT) -- C:\Program Files\Gigabyte\ET5\MARKFUN.W32 (Windows ® 2000 DDK provider)
DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys (D-Link                              )
DRV - (pe3ah4nc) -- C:\WINDOWS\system32\drivers\pe3ah4nc.sys (CODEMASTERS)
DRV - (ps6ah4nc) -- C:\WINDOWS\system32\drivers\ps6ah4nc.sys (CODEMASTERS)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RemoteControl-USBLAN) -- C:\WINDOWS\system32\drivers\rcblan.sys (Belcarra Technologies)
DRV - (ET5Drv) -- C:\WINDOWS\system32\drivers\ET5Drv.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) -- C:\WINDOWS\system32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (LHidKE) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {3906D159-82FC-450d-A57A-92D10437A2F5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{3906D159-82FC-450d-A57A-92D10437A2F5}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{67D06BCF-9EF0-4D55-A736-5DBD0B58BABB}: "URL" = http://search.condui...8601233467&UM=2
IE - HKCU\..\SearchScopes\{69375861-28F5-4c72-B52E-5C6DA8270101}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6E8FEB12-4AFD-4c88-A16F-6EBD16138199}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.40.349
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\MIKE\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/03 09:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/19 03:51:35 | 000,000,000 | ---D | M]
 
[2010/03/27 01:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Extensions
[2014/03/06 00:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions
[2014/03/06 00:12:32 | 000,000,000 | ---D | M] (MaskMe) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions\idme@abine.com
[2013/06/26 12:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions\ftd@ftd.com.xpi
[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/06/19 03:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/19 03:52:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2013/09/12 03:18:29 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: KeyBar 2.5 = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej\10.31.4.510_0\
CHR - Extension: KeyBar 2.5 = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej\10.31.4.510_0\nativeMessaging\nmHost
 
O1 HOSTS File: ([2014/07/14 15:01:03 | 000,449,906 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5043442D-472D-5637-00A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe ()
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()
O4 - HKCU..\Run: [2211080937] c:\documents and settings\mike\application data\1396467839\graphicsserver.dll ()
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\MIKE\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [IdeguXagqi] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IsemhAwixp] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [Vecevegaiksuax] "C:\Documents and Settings\MIKE\Application Data\Noimcifi\kimavya.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: gigabyte.us ([www] https in Trusted sites)
O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} http://www.geforce.c.../GPU_Reader.cab (NVIDIA GPU Reader Class)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} http://service.samsu...rustChecker.cab (ACUBETrustChecker Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pbells.broad...otiveClient.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49581C7F-1CFC-4C55-B4EF-8588276CD04B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A58FF43-D0E1-4ABF-AF28-71D624F648EF}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ciltadl: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll ()
O20 - Winlogon\Notify\ohnmkie: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll ()
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/31 08:49:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/03/26 22:18:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/19 14:32:23 | 000,749,568 | R--- | M] (Codemasters Software Co.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/05/01 05:26:01 | 000,000,067 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/02/11 21:54:47 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/07/31 08:48:18 | 000,000,000 | ---D | M] - F:\AUTO -- [ NTFS ]
O32 - AutoRun File - [2006/02/11 21:54:47 | 000,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/28 12:44:10 | 008,188,928 | ---- | M] () - F:\Autotap 3.00.msi -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/01 12:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Desktop\OTL
[2014/08/01 00:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Desktop\screenshot
[2014/08/01 00:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\0c7610
[2014/08/01 00:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610
[2014/08/01 00:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\98132781
[2014/08/01 00:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\4073586247
[2014/08/01 00:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906
[2014/08/01 00:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\1396467839
[2014/07/31 09:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IdeguXagqi
[2014/07/31 08:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\Noimcifi
[2014/07/31 08:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsemhAwixp
[2014/07/31 08:46:48 | 000,000,000 | -H-D | C] -- C:\c088cf6
[2014/07/31 04:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Start Menu\Programs\NetSurveillance
[2014/07/31 04:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\NetSurveillance
[2014/07/27 14:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Start Menu\Programs\CMS
[2014/07/27 14:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\CMS
[2014/07/24 04:12:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}
[2014/07/20 22:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\My Documents\process
[2014/07/19 02:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\My Documents\process expl
[2014/07/14 03:14:24 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/14 03:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/14 03:12:44 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/07/14 03:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/01 14:02:27 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\2302247755
[2014/08/01 14:00:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/08/01 14:00:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1946099523
[2014/08/01 12:42:19 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\qtfv.idw
[2014/08/01 12:38:56 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/08/01 12:32:37 | 000,019,756 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2014/08/01 12:30:23 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1233740586
[2014/08/01 12:30:21 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/01 12:28:43 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2014/08/01 12:28:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/01 03:03:01 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx
[2014/08/01 03:03:01 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx
[2014/08/01 03:03:01 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx
[2014/08/01 01:12:52 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1131910924
[2014/07/31 12:33:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/07/31 12:33:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/07/31 09:49:07 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:07 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:06 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:06 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 08:49:10 | 000,000,280 | ---- | M] () -- C:\Boot.bak
[2014/07/29 23:43:29 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/27 14:01:39 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\CMS.lnk
[2014/07/26 01:25:18 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/24 02:16:19 | 000,000,358 | RHS- | M] () -- C:\boot.ini
[2014/07/20 17:09:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/07/18 13:35:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/07/15 02:30:31 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job
[2014/07/15 02:30:26 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/15 02:30:20 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/15 02:30:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:30:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:30:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:52 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:47 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:40 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:35 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/15 02:29:29 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/15 02:29:09 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2014/07/15 02:29:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job
[2014/07/15 02:28:53 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job
[2014/07/15 02:28:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/15 02:28:32 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/15 02:28:04 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/14 15:01:03 | 000,449,906 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/07/14 03:13:17 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/01 00:35:55 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\1131910924
[2014/08/01 00:35:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\1946099523
[2014/08/01 00:33:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\2302247755
[2014/08/01 00:22:41 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\1233740586
[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:07 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:07 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:06 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:06 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 06:58:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/07/27 14:01:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\CMS.lnk
[2014/07/14 03:13:17 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 18:14:02 | 000,179,377 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2013/10/30 01:55:30 | 000,000,289 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/06/13 00:47:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\$_hpcst$.hpc
[2012/10/03 06:41:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe
[2012/10/03 06:41:43 | 012,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2012/10/03 06:41:43 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2012/10/03 06:41:43 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2012/10/03 06:41:42 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2012/10/03 06:41:41 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2012/09/16 02:48:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/16 02:48:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/16 02:48:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/16 02:48:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/16 02:48:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/10 13:38:33 | 001,098,800 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/09/10 13:38:33 | 001,098,800 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/09/10 13:38:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/14 05:06:20 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\MIKE\default.pls
[2011/11/28 05:08:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MIKE\RoomEQWizardV5-Path
[2011/07/22 10:26:46 | 001,146,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-2000478354-839522115-1003-0.dat
[2011/07/22 10:26:45 | 000,145,058 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/24 02:47:44 | 010,964,992 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2010/03/29 07:58:51 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/03/27 18:47:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/09/20 21:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2012/12/05 03:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/12/05 03:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/08/08 01:10:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/04 14:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2013/10/29 05:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2012/09/29 08:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2014/07/31 09:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IdeguXagqi
[2014/07/31 08:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsemhAwixp
[2010/07/13 10:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MoTeC
[2010/05/08 11:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Music Coach
[2011/11/10 12:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2014/07/31 08:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2013/12/11 13:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/04/08 02:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2014/07/31 08:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/04/04 13:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2014/07/31 09:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/07/24 04:12:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}
[2014/08/01 00:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\0c7610
[2014/08/01 01:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\1396467839
[2014/08/01 00:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\4073586247
[2014/08/01 00:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\98132781
[2012/12/05 03:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Autodesk
[2014/01/15 22:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\bizarre creations
[2011/06/25 17:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/19 00:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Disney Interactive Studios
[2013/03/17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\ElevatedDiagnostics
[2010/12/08 04:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\FUEL
[2014/07/31 09:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Image Zone Express
[2011/01/19 00:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Leadertech
[2014/06/18 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Music Coach
[2014/07/31 17:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Noimcifi
[2014/02/01 02:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Origin
[2011/05/24 00:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Sammsoft
[2011/10/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Singlesnet
[2013/03/11 06:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Visan
[2011/11/03 01:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\vmntemplate
[2013/01/12 00:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Zeon
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< In the window under Custom Scans/Fixes copy and paste the following >
Invalid Switch: Fixes copy and paste the following
 
<  >
[2010/03/26 22:17:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2010/03/26 22:22:39 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011/10/14 18:13:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2011/10/14 18:13:19 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2011/10/19 00:38:34 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job
[2011/10/19 00:38:35 | 000,000,974 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job
[2012/01/03 02:55:34 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job
[2012/02/12 15:15:53 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 15:15:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/03/11 06:46:40 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
[2013/04/16 23:47:31 | 000,000,324 | ---- | C] () -- C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2013/04/16 23:47:33 | 000,000,298 | ---- | C] () -- C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2013/04/16 23:47:33 | 000,000,306 | ---- | C] () -- C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2013/08/30 04:24:26 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
[2013/10/17 23:15:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2013/10/17 23:15:32 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2013/10/29 23:46:52 | 000,000,644 | ---- | C] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2013/10/29 23:46:53 | 000,000,446 | ---- | C] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2013/10/29 23:46:53 | 000,000,616 | ---- | C] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/03/27 04:38:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/27 04:38:38 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
 
<  >
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2013/09/20 10:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: EXPLORER.EXE-082F38A9.PF  >
[2014/08/01 02:44:44 | 000,088,068 | ---- | M] () MD5=5BBEEA58C05E9F1C37A7A0F6B652731C -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
 
< MD5 for: EXPLORER.SCF  >
[2004/08/04 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
 
< MD5 for: IEXPLORE.CHM  >
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/04 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006/09/01 08:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm
 
< MD5 for: IEXPLORE.CHW  >
[2010/10/21 05:22:47 | 000,157,092 | ---- | M] () MD5=0C7430741204FB68EAD612AD88A5E92C -- C:\WINDOWS\Help\iexplore.chw
 
< MD5 for: IEXPLORE.EXE  >
[2010/12/20 06:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=091D358EFC9D22901BD879EF37F0DAC4 -- C:\WINDOWS\ie7updates\KB2497640-IE7\iexplore.exe
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2010/06/17 10:12:57 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=203E897F843D56496E2CC101DFF6CE34 -- C:\WINDOWS\ie7updates\KB2360131-IE7\iexplore.exe
[2011/04/21 05:34:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=3E23DBEBE1020D52C63235E4189FAC03 -- C:\WINDOWS\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe
[2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\ie7updates\KB980182-IE7\iexplore.exe
[2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\SoftwareDistribution\Download\88c63804b5f0c64f6faa724a1c0c9991\SP3GDR\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2010/10/18 06:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=72D1F43C4146D312B0DB6AB98C21340E -- C:\WINDOWS\ie7updates\KB2482017-IE7\iexplore.exe
[2010/06/17 09:45:15 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B0BC6DC9C9277250C5C8F7B7A48A02CC -- C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe
[2010/04/16 06:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[2010/02/23 00:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B5116340B84824DDD0A641E36B126194 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2011/04/21 05:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B6E13F9C120C776A89D783E26D6C15C5 -- C:\WINDOWS\ie8\iexplore.exe
[2010/12/20 05:49:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B74CBEBA34E3CAA2CCACC87FEE8A16C0 -- C:\WINDOWS\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe
[2010/04/16 06:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie7updates\KB2183461-IE7\iexplore.exe
[2010/02/23 00:19:59 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=C8DDA4028065D5CE39CBE7A156B72AB9 -- C:\WINDOWS\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[2009/12/18 02:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
[2009/12/18 02:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\SoftwareDistribution\Download\88c63804b5f0c64f6faa724a1c0c9991\SP3QFE\iexplore.exe
[2010/10/18 05:36:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=DA6E1F0F1932B62DD2F6ED05541C555C -- C:\WINDOWS\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
[2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB978207-IE7\iexplore.exe
[2011/02/14 06:36:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E3CC8CCF21BFDC954255BB17083FB9F0 -- C:\WINDOWS\$hf_mig$\KB2497640-IE7\SP3QFE\iexplore.exe
[2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E4A798DFDE7FE6E79F23548F0EF0F844 -- C:\WINDOWS\ie7updates\KB2530548-IE7\iexplore.exe
[2010/08/25 06:30:33 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E5412ED9E07C42C20C48D3FF71E6B1E8 -- C:\WINDOWS\ie7updates\KB2416400-IE7\iexplore.exe
[2004/08/04 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2010/08/25 06:07:58 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=F047BEB9771E45A05F425499A30F9BBA -- C:\WINDOWS\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007/08/13 18:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-27122324.PF  >
[2014/08/01 14:51:31 | 000,050,150 | ---- | M] () MD5=43DAF0FD8E380D557A0CE7D36D919B90 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
 
< MD5 for: IEXPLORE.HLP  >
[2004/08/04 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
 
< MD5 for: SERVICES  >
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.CFG  >
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2014/05/08 06:21:20 | 000,559,489 | ---- | M] () MD5=E829329E4886E9A3540C62114FC8E145 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.CSS  >
[2013/12/13 16:07:18 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
 
< MD5 for: SERVICES.EXE.LNK  >
[2014/07/21 02:31:13 | 000,000,681 | ---- | M] () MD5=FA6CA830AF51B617BDDB98E19C412FCA -- C:\Documents and Settings\MIKE\Recent\services.exe.lnk
 
< MD5 for: SERVICES.EXE.TXT  >
[2014/07/21 02:31:08 | 000,005,276 | ---- | M] () MD5=031F798EEECAF6E44271908565F523E5 -- C:\Documents and Settings\MIKE\My Documents\Downloads\services.exe.txt
 
< MD5 for: SERVICES.EXE-2F433351.PF  >
[2014/08/01 12:28:34 | 000,015,012 | ---- | M] () MD5=0BCFE9AAE8B310FA1859E722C0B9618F -- C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf
 
< MD5 for: SERVICES.INI  >
[2013/12/13 16:07:18 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
 
< MD5 for: SERVICES.LNK  >
[2013/10/19 23:28:11 | 000,001,602 | ---- | M] () MD5=CB825F5924BCCFCCF4620BE935441117 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 01:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 02:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs
 
< MD5 for: SERVICES.SBS-20110301.CAB  >
[2013/12/04 04:33:15 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WINLOGON.EXE-32C57D49.PF  >
[2014/08/01 12:28:34 | 000,066,946 | ---- | M] () MD5=B3EDEDEDFEDBB9D7C70CB7285CA651E7 -- C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf
 
< %SYSTEMDRIVE%\*.* >
[2014/07/31 08:48:26 | 000,004,376 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2010/03/26 22:18:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2014/07/31 08:49:10 | 000,000,280 | ---- | M] () -- C:\Boot.bak
[2014/07/24 02:16:19 | 000,000,358 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2014/07/31 08:49:12 | 000,408,088 | ---- | M] () -- C:\ComboFix.txt
[2010/03/26 22:18:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2014/01/20 06:04:13 | 000,000,000 | ---- | M] () -- C:\END
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/03/26 23:56:45 | 000,000,197 | ---- | M] () -- C:\Install.log
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/03/26 22:18:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/07/31 18:43:25 | 000,003,858 | ---- | M] () -- C:\LGSInst.Log
[2013/10/17 10:44:03 | 000,002,212 | ---- | M] () -- C:\logFileUI.txt
[2010/03/26 22:18:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/30 12:53:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/08/01 12:27:27 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/03/26 23:54:18 | 000,002,834 | ---- | M] () -- C:\RHDSetup.log
[2010/04/02 13:48:57 | 000,005,694 | ---- | M] () -- C:\Sdicon32.ico
[2014/08/01 12:30:25 | 000,000,144 | ---- | M] () -- C:\service.log
[2012/03/04 03:53:42 | 000,921,624 | ---- | M] () -- C:\snp2sxp-001.raw
[2010/08/15 23:41:37 | 000,921,624 | ---- | M] () -- C:\snp2sxp-002.raw
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2010/03/26 22:18:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/05 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8O.DLL
[2006/11/05 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8O.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2014/07/31 09:49:30 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:30 | 000,004,144 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\DECRYPT_INSTRUCTION.TXT
[2014/07/31 09:49:30 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\DECRYPT_INSTRUCTION.URL
[2013/06/23 22:45:02 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2014/07/27 14:02:01 | 000,033,768 | ---- | M] () -- C:\Program Files\CMS Setup Log.txt
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/12/2014  04:19 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/12/2014  04:19 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/12/2014  04:21 AM    <JUNCTION>     v4.0_4.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/12/2014  04:16 AM    <JUNCTION>     v4.0_4.0.0.0__31bf3856ad364e35
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               4 Dir(s)  864,938,004,480 bytes free
 
< %systemroot%\System32\config\*.sav >
[2010/03/26 15:31:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/03/26 15:31:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/03/26 15:31:39 | 000,933,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\bak. /s >
[2011/01/18 23:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive Studios\Pure\Data\UI\HUD\bak
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/30 12:57:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/26 22:24:29 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/26 22:24:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
[2004/12/09 17:23:46 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2std.src
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
[2002/05/08 11:00:22 | 000,026,060 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{70af630e-2e1b-470f-b600-9ae48f0b94d0}.sdb
[2011/12/19 03:04:46 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-07-11 18:19:41
 
< End of report >
 

OTL Extras logfile created on: 8/1/2014 1:16:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MIKE\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.12 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 69.57% Memory free
4.96 Gb Paging File | 4.11 Gb Available in Paging File | 82.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 805.74 Gb Free Space | 86.50% Space Free | Partition Type: NTFS
Drive D: | 7.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 69.23 Gb Total Space | 29.09 Gb Free Space | 42.01% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 175.56 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
 
Computer Name: GCDI | User Name: MIKE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3074:TCP" = 3074:TCP:*:Enabled:fuel
"3074:UDP" = 3074:UDP:*:Enabled:fuel
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"E:\Program Files\TmUnitedForever\TmForever.exe" = E:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Codemasters\GRID\GRID.exe" = C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID -- (Codemasters)
"C:\Program Files\Codemasters\DiRT\DiRT.exe" = C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable -- (Codemasters)
"E:\Program Files\Activision Value\Baja 1000\Baja.exe" = E:\Program Files\Activision Value\Baja 1000\Baja.exe:*:Disabled:Baja -- ()
"C:\Program Files\real\realplayer\realplay.exe" = C:\Program Files\real\realplayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Codemasters\FUEL\FUEL.exe" = C:\Program Files\Codemasters\FUEL\FUEL.exe:*:Enabled:FUEL -- (Codemasters)
"F:\GCDI\GCDI TECH\GCDI-TECH-INFO\PATTERN GENERATOR\PatGen.exe" = F:\GCDI\GCDI TECH\GCDI-TECH-INFO\PATTERN GENERATOR\PatGen.exe:*:Disabled:CalMAN Pattern Generator
"C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe" = C:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe:*:Enabled:nfs -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Atari\TDU2\_UpLauncher.exe" = C:\Program Files\Atari\TDU2\_UpLauncher.exe:*:Enabled:UpLauncher
"C:\Program Files\Atari\TDU2\UpLauncher.exe" = C:\Program Files\Atari\TDU2\UpLauncher.exe:*:Enabled:UpLauncher -- (Eden Games)
"C:\Program Files\Atari\TDU2\TestDrive2.exe" = C:\Program Files\Atari\TDU2\TestDrive2.exe:*:Enabled:Test Drive Unlimited 2 -- (Eden Games)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\Program Files\Steam\steamapps\common\xpand rally\xpandrally.exe" = E:\Program Files\Steam\steamapps\common\xpand rally\xpandrally.exe:*:Enabled:Xpand Rally
"E:\Program Files\Steam\steamapps\common\xpand rally\ChromEd.exe" = E:\Program Files\Steam\steamapps\common\xpand rally\ChromEd.exe:*:Enabled:Xpand Rally
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe" = C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:GBTFlash -- (TODO: <Company name>)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Gigabyte\ET5\update.exe" = C:\Program Files\Gigabyte\ET5\update.exe:*:Enabled:ftptest -- ()
"C:\Documents and Settings\MIKE\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\MIKE\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\Common Files\Motive\pcServiceHost.exe" = C:\Program Files\Common Files\Motive\pcServiceHost.exe:*:Enabled:pcServiceHost
"E:\Program Files\steam\Steam.exe" = E:\Program Files\steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Program Files\steam\SteamApps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exe" = E:\Program Files\steam\SteamApps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exe:*:Enabled:RIDGE RACER™ Driftopia -- ()
"E:\Program Files\steam\SteamApps\common\GTI Racing\GTIRacing.exe" = E:\Program Files\steam\SteamApps\common\GTI Racing\GTIRacing.exe:*:Enabled:GTI Racing -- (Techland)
"C:\Program Files\Activision\Blur™\Blur.exe" = C:\Program Files\Activision\Blur™\Blur.exe:*:Enabled:Blur -- ()
"C:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe" = C:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe:*:Enabled:SHIFT 2 UNLEASHED™ -- (Electronic Arts Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"\??\C:\WINDOWS\system32\winlogon.exe" = \??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\Program Files\CMS\CMS.exe" = C:\Program Files\CMS\CMS.exe:*:Enabled:CMS -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B68109-F196-49A7-9286-C3DA440E4690}}_is1" = netKar PRO v1.3
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1 
"{07AC0CAF-F5A2-4FFB-A2F6-DB4E059BE678}" = Music Coach Player
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1" = GT Legends 1.1.0.0
"{1619204B-7F8C-4293-B342-5345721F4A1F}_is1" = GTR 2 1.0.0.0
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D6A5BD9-FE4B-49CD-8D96-2C4746302A82}" = D-Link DFE-530TX+
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{310609F9-5F1C-475C-A49D-8A2AC3D53022}" = Instant Play Electric Guitar 4 CD-ROM
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}" = FlatOut 2
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision®
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70af630e-2e1b-470f-b600-9ae48f0b94d0}.sdb" = Disney Interactive Compatibility Update May 2002
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A7DBB4-D82B-4BC4-9FD4-0C1833E34784}" = CodeAxNew
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Digital Viewer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84C4714D-E6D2-4409-AE5C-F35F178C3F09}" = Forecaster HD
"{86076752-37A4-41E6-BFC4-73186683AF7B}" = Sprint Cars - Road to Knoxville
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA56678-A0C9-4D0F-90C5-3BCB2466BE5C}" = Instant Play Blues Guitar
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 140.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B762B2A5-883B-454B-A586-1DF6C4528262}" = MX-950 Editor
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4a
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreet
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D672018C-BCC5-4994-94FD-BF2EF24865F4}" = Autodesk Download Manager
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E33956B7-301C-429D-9E6C-2C12EACB8A62}" = NWZ-E340 WALKMAN Guide
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F51FF206-2273-4B3E-A90A-4752AE288C12}" = FUEL
"{FAC36425-4266-4DE4-9CB5-68FB4FB9385A}" = CalMAN Pattern Generator
"{FBF1656D-56D9-4507-BD67-D1DC8B90EC62}" = RadioTuna
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCS" = Creative Audio Control Panel
"AutoTap 3.1" = AutoTap 3.1
"Baja 1000" = SCORE International: Baja 1000
"CMS" = CMS
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EasyTune5" = EasyTune5
"Google Chrome" = Google Chrome
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"HiDef Media Player" = HiDef Media Player 1.1.12
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2D6A5BD9-FE4B-49CD-8D96-2C4746302A82}" = D-Link DFE-530TX+
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur™
"InstallShield_{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetSurveillance" = NetSurveillance
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Origin" = Origin
"RACE 07 Offline_1.0_is1" = RACE 07 Offline
"RealPlayer 16.0" = RealPlayer
"rFactor" = rFactor (remove only)
"RoomEQWizardV5" = Room EQ Wizard V5
"SFBM" = SoundFont Bank Manager
"Speed Dreams" = Speed Dreams 1.4.0-r2307
"Steam" = Steam
"Steam App 226410" = RIDGE RACER™ Driftopia
"Steam App 3000" = GTI Racing
"SysInfo" = Creative System Information
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"USB Compound Device" = USB Compound Device
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"WaveStudio 7" = Creative WaveStudio 7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"036a0e4fc6a247ec" = MyHarmony
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/14/2014 6:07:07 AM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10701.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 7/14/2014 2:11:43 PM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
 4.3.215.0, P5 1.1.10701.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
 NIL, P9 NIL, P10 NIL.
 
Error - 7/14/2014 2:11:50 PM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
 4.3.215.0, P5 1.1.10701.0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 
NIL.
 
Error - 7/14/2014 2:25:00 PM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80501403, P2 moac, P3 cachedisabled, P4
 4.3.215.0, P5 1.1.10701.0, P6 setorvalidatechangejournalid#1, P7 unspecified, P8
 NIL, P9 NIL, P10 NIL.
 
Error - 7/15/2014 4:35:43 AM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10701.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 7/29/2014 2:10:16 AM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 1.1.10802.0, P3 1.179.1461.0, P4 1.179.1461.0, P5 trojandropper_win32_bunitu.c,
 P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 7/31/2014 7:55:05 AM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 1.1.10802.0, P3 1.179.1697.0, P4 1.179.1697.0, P5 exploit_java_obfuscator.w,
 P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 7/31/2014 10:04:19 AM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10802.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 8/1/2014 1:08:24 AM | Computer Name = GCDI | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 1.1.10802.0, P3 1.179.1796.0, P4 1.179.1796.0, P5 behavior_win32_mptampersrp.a,
 P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 8/1/2014 3:52:37 AM | Computer Name = GCDI | Source = Microsoft Management Console | ID = 1000
Description = 
 
[ System Events ]
Error - 7/26/2014 5:33:48 PM | Computer Name = GCDI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 7/26/2014 5:33:48 PM | Computer Name = GCDI | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 7/27/2014 2:54:09 PM | Computer Name = GCDI | Source = ps6ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
 the customer support service.
 
Error - 7/27/2014 2:54:36 PM | Computer Name = GCDI | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 7/27/2014 2:54:36 PM | Computer Name = GCDI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 7/27/2014 2:54:36 PM | Computer Name = GCDI | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 7/29/2014 12:50:47 AM | Computer Name = GCDI | Source = ps6ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
 the customer support service.
 
Error - 7/29/2014 12:51:16 AM | Computer Name = GCDI | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 7/29/2014 12:51:16 AM | Computer Name = GCDI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 7/29/2014 12:51:16 AM | Computer Name = GCDI | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
 
< End of report >
 


#5 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 01 August 2014 - 08:41 PM

Attached File  MBR.zip   498bytes   60 downloads



#6 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 01 August 2014 - 10:50 PM

Hi gcdi,

Do you have the aswMBR log? It should have been saved to the desktop or the location that aswMBR was ran from.

I also see that you used Combofix. While ths tool can be very helpfull in cleaning a computer it is unadvisable to use it unless you have been trained in it's usage. This is for the safety of your computer in the event that something should go wrong. A log was saved to the C:\ drive. It will simply be named Combofix.txt. Please post it in your next reply as I will need the information contained in the log.

Please post back with
  • aswMBR log
  • Combofix.txt

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#7 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 02 August 2014 - 02:20 PM

thanks for the info on combofix.

i haven't used it for a long time and the last time was supervised.

so i'm not including the combofix.txt

i think the following is the asw log?

it was the only one i found but it doesn't look right to me.

also having a hard time getting this to post so i hope it works.

 

 

ÀŠ·
¦J•            Õ©q8ƒqÞ<l瘳“dðØ¡Ù
Œ›S<ïÞtÙ ¬R©BKz´?KËÓ0R\ %€u-JIV?RC¡ƒâ…òp Zê +ÿü™!SÂÄ}Õö> ˆ›òW•Åð>-N§Óˆ/½ƒßÌ3¸¯{ó‘Æ ¡ÔS¶Á……ý=²T2½…Œqs]òù^Óâ#NkQ•„i(Ëî¥ólí°Æy˜žEuZçzJŽW-x ··²øVJ%™cå#¡cEWíئÁÓù¤k’¬Äù#“æÂÛJw:xb}Yÿpµ«ö
öK¶#&w‡\Ë}á¹QªX¸KqûÀPŒ…Ó^)3Hòú±ú5ð„kÔSF=7TGÇ”zÇìÔ†8ñ@ÔƯ#ɦ­w¿Œ/ùËœÞâp…¸F2Ët)ê±4z¹w{‹`zyâ"Æ9É!òm9¹]©ÉáE²~Ô€é?ôíÙïj>æ%¾Ïî5b±ÇÄw²«»HÂ:A'ÕÝõRJ¨¬ø‹ÃÓ¦/ñðØvÇj}Irål}ÉBùˆE&rÓ…’¤@k¦´€*}SÙÄOÐËñ9«cÈïeX5ˆ þ_H°wFO5}¸¶oêŽNpqDdÞŒkÿ£Ø])ã—M…Dï¦i÷S•”uÎB)óÒ­d¹eüLÅZ‡ÿËckK^?ut±ïv‹ysPýI¸j„qý®$Äk¾uHßûÊžˆãY,æî[*‡‡Ô4¿³ªYR)§^¾NîÅï4LfF½ŽúyáSSÞe3 8òÊFî3»´Khëùßõåô¸¯Í˜É8Ê‘8nEl·%øñ—OIá´ @Û6~ìH}ë~ÅÌñO»^øìβöã<§Düd‹&‘ŸèB |¯€q¢ƒÕ*È„ œ#´ømÒNS°pÓ¯„ ÌXò¯pm=¾;8x@Î 6HƒQg{׊5A÷°î¬cìÿíĉ‚‰¯˜£Œó—`QsÓ`a³&€hoomŸÄDt½ÑTv¶†Š’[÷*O&ä=q b¾Ô¸S˜‰$iòFçú…ÔîC@:ìÅoáTÜÒjl¤’Xk>í‚hÌøê-èÁ}Ú ¸î~1µ•€‡ Žƒ'‡zÁ5v%Òu<)¯r9~mÜz”ÁuW
檆réq=-9ô!gÿ÷7~Ð97‚ÓÈ¥<¨+Øcûk4­áƒv¸n¶á×êm›§Œßa¾æèÿCN£=|*uñbk ¯ñ0ÒyZÍ“Yá¡J õƪtÝ^úüE¹Èljã«hkˆµ—‹~}Ým’;ʧý¨-P&;Î~”;/qšKÉ_ Ôù4æ§~B>7ÆKf®[|
æ6ÁS>ó`]o„é#
úÁ²ë¼è¥ý©ŽšÝFîÿzù‰aý(!à6Ø£Ûï„&‰P[Úmy¨ÈšS—A“þâC1$à%þ.§<‘õ\dÁ¤=­šEDµ?ê!:
· •ÿ‡äc &FxA‹ÆÜcC øÌj9›ED,3±Õô†¸¨;¨ÆSw[³Zœ¾Ü¬B·¦Å<¼¾ñ§Œ±¡3Äí‹ÿErˆJv<+lÒQðå^Þá¾I‰bÑ‘oT£¦Ý9ÌצšÇ.wõ†+VëA²:ìßì€M°‘ý—ÔD›@ë] q¬F
Ý“ý™C`ö)»(4¼9¦ôŽ&§dt¤"SGØ«|¤”ÊÉôà O‡]ǃ/fÀ® œðúmÎÉñ-tŠõ #ÎUûpE,·bКû½i¤2±ûhq2ý¢È®öÂE“ùx·BmΦã¢7SSŽLžr¤.\µì
îˆ_h¤>.ÍxYà,ÎÚib|ÓCvƒåÆ4ÃL
t¨š·‘/镵çÔðª)œŽ¿Jðƒ|)‹ÍÛ>|kçyO’ÑclNywö¿chv•#V£/Cܦø“þ´6|ÔûAª*ðNב|slZD-9>è.™ÊèfÞÜ d¿y–P1²2A%fž³Z×–µI€“¥¢ð _¦zV^TÖî’+–±¸˜—9ü…˜n$ø…LÛ¬_º[ìoYvì4<ïoŒXn³E6R/gèÓB0¤¦7ÑÎyü÷¨Æi›
ZÀÃgBÂïî„^(¬8’!!¼V’.hG?£~ØS5¢Æm!üŒinüûÍ[j¡FšSTuø®d¢ôá"BƒÕt…í¦U‡g|7Ob8Çâ&v¾*̬µUâ"Qzl›[ø!r!rj•™¡ÖˆŒ


#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 02 August 2014 - 08:14 PM

Hi gcdi,

Not sure what that is.

Let's see if we can get the computer settled down a bit.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Services

:OTL
MOD - c:\Documents and Settings\MIKE\Application Data\1396467839\graphicsserver.dll ()
MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll ()
MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe File not found
SRV - (9938A174) -- C:\WINDOWS\system32\9938A174.exe File not found
SRV - (7A2A25B2) -- C:\WINDOWS\system32\7A2A25B2.exe File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
O4 - HKCU..\Run: [2211080937] c:\documents and settings\mike\application data\1396467839\graphicsserver.dll ()
O4 - HKCU..\Run: [Vecevegaiksuax] "C:\Documents and Settings\MIKE\Application Data\Noimcifi\kimavya.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - Winlogon\Notify\ciltadl: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll ()
O20 - Winlogon\Notify\ohnmkie: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll ()

:Files
dir /s "C:\Documents and Settings\MIKE\Application Data\0c7610" /c
dir /s "C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610" /c
dir /s "C:\Documents and Settings\MIKE\Application Data\98132781" /c
dir /s "C:\Documents and Settings\MIKE\Application Data\4073586247" /c
dir /s "C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906" /c
dir /s "C:\Documents and Settings\MIKE\Application Data\1396467839" /c
dir /s "C:\c088cf6" /c
C:\Documents and Settings\MIKE\Application Data\1131910924
C:\Documents and Settings\MIKE\Application Data\1946099523
C:\Documents and Settings\MIKE\Application Data\2302247755
C:\Documents and Settings\MIKE\Application Data\1233740586
C:\Documents and Settings\MIKE\Application Data\Noimcifi
C:\Documents and Settings\All Users\Application Data\IdeguXagqi
C:\Documents and Settings\All Users\Application Data\IsemhAwixp 
ipconfig /flushdns /c

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IdeguXagqi"=-
"IsemhAwixp"=-

:Commands
[purity]
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#9 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 02 August 2014 - 11:42 PM

ii sure hope we can get it settled down as each of these tasks ends up taking hours

i didn't understand don't copy the word code as i couldn't find the word code anywhere.

here's the log

 

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
File  C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe File not found not found.
Service 9938A174 stopped successfully!
Service 9938A174 deleted successfully!
File  C:\WINDOWS\system32\9938A174.exe File not found not found.
Service 7A2A25B2 stopped successfully!
Service 7A2A25B2 deleted successfully!
File  C:\WINDOWS\system32\7A2A25B2.exe File not found not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\2211080937 deleted successfully.
c:\Documents and Settings\MIKE\Application Data\1396467839\graphicsserver.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vecevegaiksuax deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ciltadl\ deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ciltadl.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ohnmkie\ deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ohnmkie.dll moved successfully.
========== FILES ==========
< dir /s "C:\Documents and Settings\MIKE\Application Data\0c7610" /c >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\Documents and Settings\MIKE\Application Data\0c7610
08/01/2014  12:35 AM    <DIR>          .
08/01/2014  12:35 AM    <DIR>          ..
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  864,771,727,360 bytes free
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
< dir /s "C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610" /c >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/02/2014  11:44 PM    <DIR>          Google
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610\Google
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/02/2014  11:44 PM    <DIR>          Chrome
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/02/2014  11:44 PM    <DIR>          User Data
               0 File(s)              0 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/02/2014  11:44 PM    <DIR>          Default
08/02/2014  11:44 PM                 0 First Run
08/02/2014  11:44 PM             9,642 Local State
08/02/2014  11:44 PM                 0 lockfile
08/02/2014  11:44 PM             6,144 Safe Browsing Cookies
08/02/2014  11:44 PM             1,544 Safe Browsing Cookies-journal
               5 File(s)         17,330 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/02/2014  11:44 PM    <DIR>          Cache
08/02/2014  11:44 PM             6,144 Cookies
08/02/2014  11:44 PM             1,544 Cookies-journal
08/02/2014  11:44 PM    <DIR>          Extension Rules
08/02/2014  11:44 PM           181,623 Google Profile.ico
08/02/2014  11:44 PM            94,208 History
08/02/2014  11:44 PM               512 History-journal
08/02/2014  11:44 PM            25,358 Preferences
08/02/2014  11:44 PM            20,480 Top Sites
08/02/2014  11:44 PM            12,824 Top Sites-journal
08/02/2014  11:44 PM            71,680 Web Data
08/02/2014  11:44 PM             1,024 Web Data-journal
              10 File(s)        415,397 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cache
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/02/2014  11:44 PM             8,192 data_0
08/02/2014  11:44 PM           270,336 data_1
08/02/2014  11:44 PM             8,192 data_2
08/02/2014  11:44 PM             8,192 data_3
08/02/2014  11:44 PM           524,656 index
               5 File(s)        819,568 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Extension Rules
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/02/2014  11:44 PM                 0 000003.log
08/02/2014  11:44 PM                16 CURRENT
08/02/2014  11:44 PM                 0 LOCK
08/02/2014  11:44 PM                47 LOG
08/02/2014  11:44 PM                50 MANIFEST-000002
               5 File(s)            113 bytes
     Total Files Listed:
              25 File(s)      1,252,408 bytes
              20 Dir(s)  864,771,670,016 bytes free
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
< dir /s "C:\Documents and Settings\MIKE\Application Data\98132781" /c >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\Documents and Settings\MIKE\Application Data\98132781
08/01/2014  12:33 AM    <DIR>          .
08/01/2014  12:33 AM    <DIR>          ..
08/02/2014  11:44 PM             8,002 1272530492.js
08/02/2014  11:44 PM            27,147 210351943.js
08/02/2014  11:44 PM               469 manifest.json
               3 File(s)         35,618 bytes
     Total Files Listed:
               3 File(s)         35,618 bytes
               2 Dir(s)  864,769,835,008 bytes free
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
< dir /s "C:\Documents and Settings\MIKE\Application Data\4073586247" /c >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\Documents and Settings\MIKE\Application Data\4073586247
08/01/2014  12:33 AM    <DIR>          .
08/01/2014  12:33 AM    <DIR>          ..
08/02/2014  11:42 PM             9,026 1272530492.js
08/02/2014  11:42 PM            28,171 210351943.js
08/02/2014  11:42 PM             1,493 manifest.json
               3 File(s)         38,690 bytes
     Total Files Listed:
               3 File(s)         38,690 bytes
               2 Dir(s)  864,769,863,680 bytes free
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
< dir /s "C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906" /c >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906
08/01/2014  12:33 AM    <DIR>          .
08/01/2014  12:33 AM    <DIR>          ..
08/01/2014  12:26 AM    <DIR>          35.0.1916.153
08/01/2014  12:33 AM    <DIR>          36.0.1985.125
07/15/2014  04:24 AM           860,488 browser.exe
07/15/2014  04:24 AM           860,488 chrome.exe
08/02/2014  11:43 PM            22,506 debug.log
08/01/2014  12:33 AM    <DIR>          Dictionaries
07/18/2014  01:35 PM               399 VisualElementsManifest.xml
               4 File(s)      1,743,881 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153
08/01/2014  12:26 AM    <DIR>          .
08/01/2014  12:26 AM    <DIR>          ..
06/04/2014  07:28 PM               224 35.0.1916.153.manifest
06/05/2014  08:58 AM        29,488,456 chrome.dll
06/04/2014  07:28 PM         1,192,975 chrome_100_percent.pak
06/04/2014  07:28 PM         1,723,676 chrome_200_percent.pak
06/05/2014  08:58 AM        33,475,400 chrome_child.dll
06/05/2014  08:58 AM           131,912 chrome_elf.dll
06/04/2014  07:28 PM         2,106,216 d3dcompiler_43.dll
06/04/2014  07:28 PM         3,231,688 d3dcompiler_46.dll
08/01/2014  12:24 AM    <DIR>          default_apps
06/05/2014  08:58 AM         1,879,368 delegate_execute.exe
08/01/2014  12:24 AM    <DIR>          Extensions
06/05/2014  08:58 AM         1,732,424 ffmpegsumo.dll
06/04/2014  07:28 PM         9,980,368 icudtl.dat
08/01/2014  12:24 AM    <DIR>          Installer
06/05/2014  08:58 AM           126,280 libegl.dll
06/05/2014  08:58 AM           716,616 libglesv2.dll
06/05/2014  08:58 AM         2,405,192 libpeerconnection.dll
08/01/2014  12:25 AM    <DIR>          Locales
06/05/2014  08:58 AM           490,312 metro_driver.dll
06/04/2014  07:28 PM               751 mksnapshot.ia32.exe.assert.manifest
06/05/2014  08:58 AM         1,934,664 nacl64.exe
06/04/2014  07:28 PM         4,981,896 nacl_irt_x86_32.nexe
06/04/2014  07:28 PM         3,727,144 nacl_irt_x86_64.nexe
06/05/2014  08:58 AM         4,217,672 pdf.dll
08/01/2014  12:26 AM    <DIR>          PepperFlash
06/05/2014  08:58 AM           414,536 ppgooglenaclpluginchrome.dll
06/04/2014  07:28 PM        11,655,065 resources.pak
06/04/2014  07:28 PM               637 secondarytile.png
08/01/2014  12:26 AM    <DIR>          VisualElements
06/05/2014  08:58 AM           138,056 widevinecdmadapter.dll
06/04/2014  07:28 PM            81,768 xinput1_3.dll
              25 File(s)    115,833,296 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\default_apps
08/01/2014  12:24 AM    <DIR>          .
08/01/2014  12:24 AM    <DIR>          ..
06/04/2014  07:28 PM             4,578 docs.crx
06/04/2014  07:28 PM            25,561 drive.crx
06/04/2014  07:28 PM               982 external_extensions.json
06/04/2014  07:28 PM            24,040 gmail.crx
06/04/2014  07:28 PM            26,392 search.crx
06/04/2014  07:28 PM            23,668 youtube.crx
               6 File(s)        105,221 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Extensions
08/01/2014  12:24 AM    <DIR>          .
08/01/2014  12:24 AM    <DIR>          ..
06/04/2014  07:28 PM                99 external_extensions.json
               1 File(s)             99 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Installer
08/01/2014  12:24 AM    <DIR>          .
08/01/2014  12:24 AM    <DIR>          ..
06/14/2014  01:09 AM         1,091,912 chrmstp.exe
06/14/2014  01:09 AM         1,091,912 setup.exe
               2 File(s)      2,183,824 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales
08/01/2014  12:25 AM    <DIR>          .
08/01/2014  12:25 AM    <DIR>          ..
06/04/2014  07:28 PM           393,614 am.pak
06/04/2014  07:28 PM           381,281 ar.pak
06/04/2014  07:28 PM           473,778 bg.pak
06/04/2014  07:28 PM           600,151 bn.pak
06/04/2014  07:28 PM           286,274 ca.pak
06/04/2014  07:28 PM           286,356 cs.pak
06/04/2014  07:28 PM           260,869 da.pak
06/04/2014  07:28 PM           247,415 de.pak
06/04/2014  07:28 PM           516,422 el.pak
06/04/2014  07:28 PM           240,133 en-GB.pak
06/04/2014  07:28 PM           240,078 en-US.pak
06/04/2014  07:28 PM           287,419 es-419.pak
06/04/2014  07:28 PM           292,502 es.pak
06/04/2014  07:28 PM           251,190 et.pak
06/04/2014  07:28 PM           405,675 fa.pak
06/04/2014  07:28 PM           269,554 fi.pak
06/04/2014  07:28 PM           292,035 fil.pak
06/04/2014  07:28 PM           303,730 fr.pak
06/04/2014  07:28 PM           567,206 gu.pak
06/04/2014  07:28 PM           326,707 he.pak
06/04/2014  07:28 PM           583,190 hi.pak
06/04/2014  07:28 PM           268,616 hr.pak
06/04/2014  07:28 PM           301,051 hu.pak
06/04/2014  07:28 PM           258,405 id.pak
06/04/2014  07:28 PM           279,961 it.pak
06/04/2014  07:28 PM           341,430 ja.pak
06/04/2014  07:28 PM           650,048 kn.pak
06/04/2014  07:28 PM           289,454 ko.pak
06/04/2014  07:28 PM           281,441 lt.pak
06/04/2014  07:28 PM           286,590 lv.pak
06/04/2014  07:28 PM           754,354 ml.pak
06/04/2014  07:28 PM           574,809 mr.pak
06/04/2014  07:28 PM           215,787 ms.pak
06/04/2014  07:28 PM           259,644 nb.pak
06/04/2014  07:28 PM           277,731 nl.pak
06/04/2014  07:28 PM           282,759 pl.pak
06/04/2014  07:28 PM           277,240 pt-BR.pak
06/04/2014  07:28 PM           282,869 pt-PT.pak
06/04/2014  07:28 PM           295,429 ro.pak
06/04/2014  07:28 PM           448,427 ru.pak
06/04/2014  07:28 PM           297,620 sk.pak
06/04/2014  07:28 PM           263,477 sl.pak
06/04/2014  07:28 PM           433,426 sr.pak
06/04/2014  07:28 PM           262,687 sv.pak
06/04/2014  07:28 PM           240,087 sw.pak
06/04/2014  07:28 PM           682,145 ta.pak
06/04/2014  07:28 PM           634,822 te.pak
06/04/2014  07:28 PM           577,472 th.pak
06/04/2014  07:28 PM           284,559 tr.pak
06/04/2014  07:28 PM           448,120 uk.pak
06/04/2014  07:28 PM           328,172 vi.pak
06/04/2014  07:28 PM           232,181 zh-CN.pak
06/04/2014  07:28 PM           233,339 zh-TW.pak
              53 File(s)     19,049,731 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\PepperFlash
08/01/2014  12:26 AM    <DIR>          .
08/01/2014  12:26 AM    <DIR>          ..
06/04/2014  07:28 PM             2,047 manifest.json
06/05/2014  08:58 AM        14,612,296 pepflashplayer.dll
               2 File(s)     14,614,343 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\VisualElements
08/01/2014  12:26 AM    <DIR>          .
08/01/2014  12:26 AM    <DIR>          ..
06/04/2014  07:28 PM             3,970 logo.png
06/04/2014  07:28 PM             9,285 smalllogo.png
06/04/2014  07:28 PM            10,185 splash-620x300.png
               3 File(s)         23,440 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125
08/01/2014  12:33 AM    <DIR>          .
08/01/2014  12:33 AM    <DIR>          ..
07/15/2014  03:12 AM               224 36.0.1985.125.manifest
07/15/2014  04:24 AM        30,082,888 chrome.dll
07/15/2014  03:12 AM         1,174,209 chrome_100_percent.pak
07/15/2014  03:12 AM         1,699,827 chrome_200_percent.pak
07/15/2014  04:24 AM        33,833,800 chrome_child.dll
07/15/2014  04:24 AM           131,912 chrome_elf.dll
07/15/2014  03:12 AM         2,106,216 d3dcompiler_43.dll
07/15/2014  03:12 AM         3,231,688 d3dcompiler_46.dll
08/01/2014  12:28 AM    <DIR>          default_apps
07/15/2014  04:24 AM         1,912,136 delegate_execute.exe
08/01/2014  12:28 AM    <DIR>          Extensions
07/15/2014  04:24 AM         1,732,936 ffmpegsumo.dll
07/15/2014  03:12 AM         9,980,368 icudtl.dat
08/01/2014  12:32 AM    <DIR>          Installer
07/15/2014  04:24 AM           126,280 libegl.dll
07/15/2014  04:24 AM           310,088 libexif.dll
07/15/2014  04:24 AM           718,664 libglesv2.dll
07/15/2014  04:24 AM         2,401,096 libpeerconnection.dll
08/01/2014  12:32 AM    <DIR>          Locales
07/15/2014  04:24 AM           491,336 metro_driver.dll
07/15/2014  03:12 AM               751 mksnapshot.ia32.exe.assert.manifest
07/15/2014  04:24 AM         1,936,712 nacl64.exe
07/15/2014  03:12 AM         4,916,360 nacl_irt_x86_32.nexe
07/15/2014  03:12 AM         3,709,704 nacl_irt_x86_64.nexe
07/15/2014  04:24 AM         8,537,928 pdf.dll
08/01/2014  12:33 AM    <DIR>          PepperFlash
07/15/2014  04:24 AM           353,096 ppgooglenaclpluginchrome.dll
07/15/2014  03:12 AM        12,197,143 resources.pak
07/15/2014  03:12 AM               637 secondarytile.png
08/01/2014  12:33 AM    <DIR>          VisualElements
07/15/2014  04:24 AM           132,424 widevinecdmadapter.dll
07/15/2014  03:12 AM            81,768 xinput1_3.dll
              26 File(s)    121,800,191 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\default_apps
08/01/2014  12:28 AM    <DIR>          .
08/01/2014  12:28 AM    <DIR>          ..
07/15/2014  03:12 AM             4,578 docs.crx
07/15/2014  03:12 AM            25,561 drive.crx
07/15/2014  03:12 AM               982 external_extensions.json
07/15/2014  03:12 AM            24,040 gmail.crx
07/15/2014  03:12 AM            26,392 search.crx
07/15/2014  03:12 AM            23,668 youtube.crx
               6 File(s)        105,221 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Extensions
08/01/2014  12:28 AM    <DIR>          .
08/01/2014  12:28 AM    <DIR>          ..
07/15/2014  03:12 AM                99 external_extensions.json
               1 File(s)             99 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Installer
08/01/2014  12:32 AM    <DIR>          .
08/01/2014  12:32 AM    <DIR>          ..
07/18/2014  01:31 PM         1,104,200 chrmstp.exe
07/18/2014  01:35 PM       156,030,171 chrome.7z
07/18/2014  01:31 PM         1,104,200 setup.exe
               3 File(s)    158,238,571 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales
08/01/2014  12:32 AM    <DIR>          .
08/01/2014  12:32 AM    <DIR>          ..
07/15/2014  03:12 AM           382,743 am.pak
07/15/2014  03:12 AM           369,638 ar.pak
07/15/2014  03:12 AM           460,815 bg.pak
07/15/2014  03:12 AM           586,789 bn.pak
07/15/2014  03:12 AM           277,892 ca.pak
07/15/2014  03:12 AM           277,381 cs.pak
07/15/2014  03:12 AM           252,446 da.pak
07/15/2014  03:12 AM           238,559 de.pak
07/15/2014  03:12 AM           503,766 el.pak
07/15/2014  03:12 AM           232,020 en-GB.pak
07/15/2014  03:12 AM           231,965 en-US.pak
07/15/2014  03:12 AM           277,670 es-419.pak
07/15/2014  03:12 AM           282,975 es.pak
07/15/2014  03:12 AM           243,143 et.pak
07/15/2014  03:12 AM           393,804 fa.pak
07/15/2014  03:12 AM           260,948 fi.pak
07/15/2014  03:12 AM           282,874 fil.pak
07/15/2014  03:12 AM           293,787 fr.pak
07/15/2014  03:12 AM           553,105 gu.pak
07/15/2014  03:12 AM           317,354 he.pak
07/15/2014  03:12 AM           569,058 hi.pak
07/15/2014  03:12 AM           259,945 hr.pak
07/15/2014  03:12 AM           291,283 hu.pak
07/15/2014  03:12 AM           250,333 id.pak
07/15/2014  03:12 AM           271,041 it.pak
07/15/2014  03:12 AM           332,198 ja.pak
07/15/2014  03:12 AM           633,922 kn.pak
07/15/2014  03:12 AM           280,463 ko.pak
07/15/2014  03:12 AM           272,427 lt.pak
07/15/2014  03:12 AM           277,809 lv.pak
07/15/2014  03:12 AM           734,361 ml.pak
07/15/2014  03:12 AM           561,588 mr.pak
07/15/2014  03:12 AM           207,391 ms.pak
07/15/2014  03:12 AM           251,817 nb.pak
07/15/2014  03:12 AM           269,001 nl.pak
07/15/2014  03:12 AM           273,903 pl.pak
07/15/2014  03:12 AM           268,693 pt-BR.pak
07/15/2014  03:12 AM           273,807 pt-PT.pak
07/15/2014  03:12 AM           285,990 ro.pak
07/15/2014  03:12 AM           436,983 ru.pak
07/15/2014  03:12 AM           288,053 sk.pak
07/15/2014  03:12 AM           255,131 sl.pak
07/15/2014  03:12 AM           422,027 sr.pak
07/15/2014  03:12 AM           254,242 sv.pak
07/15/2014  03:12 AM           231,786 sw.pak
07/15/2014  03:12 AM           664,943 ta.pak
07/15/2014  03:12 AM           618,411 te.pak
07/15/2014  03:12 AM           563,322 th.pak
07/15/2014  03:12 AM           275,467 tr.pak
07/15/2014  03:12 AM           435,741 uk.pak
07/15/2014  03:12 AM           318,827 vi.pak
07/15/2014  03:12 AM           224,278 zh-CN.pak
07/15/2014  03:12 AM           225,522 zh-TW.pak
              53 File(s)     18,499,437 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\PepperFlash
08/01/2014  12:33 AM    <DIR>          .
08/01/2014  12:33 AM    <DIR>          ..
07/15/2014  03:12 AM             2,047 manifest.json
07/15/2014  04:24 AM        14,664,008 pepflashplayer.dll
               2 File(s)     14,666,055 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\VisualElements
08/01/2014  12:33 AM    <DIR>          .
08/01/2014  12:33 AM    <DIR>          ..
07/15/2014  03:12 AM             3,970 logo.png
07/15/2014  03:12 AM             9,285 smalllogo.png
07/15/2014  03:12 AM            10,185 splash-620x300.png
               3 File(s)         23,440 bytes
 Directory of C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906\Dictionaries
08/01/2014  12:33 AM    <DIR>          .
08/01/2014  12:33 AM    <DIR>          ..
05/10/2013  11:38 AM           440,949 en-US-3-0.bdic
               1 File(s)        440,949 bytes
     Total Files Listed:
             191 File(s)    467,327,798 bytes
              47 Dir(s)  864,769,155,072 bytes free
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
< dir /s "C:\Documents and Settings\MIKE\Application Data\1396467839" /c >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\Documents and Settings\MIKE\Application Data\1396467839
08/02/2014  11:44 PM    <DIR>          .
08/02/2014  11:44 PM    <DIR>          ..
08/01/2014  12:22 AM           290,816 sysservice.dll
               1 File(s)        290,816 bytes
     Total Files Listed:
               1 File(s)        290,816 bytes
               2 Dir(s)  864,768,974,848 bytes free
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
< dir /s "C:\c088cf6" /c >
 Volume in drive C has no label.
 Volume Serial Number is 0C76-10E0
 Directory of C:\c088cf6
07/31/2014  08:46 AM           122,368 c088cf6.exe
               1 File(s)        122,368 bytes
     Total Files Listed:
               1 File(s)        122,368 bytes
               0 Dir(s)  864,768,499,712 bytes free
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
C:\Documents and Settings\MIKE\Application Data\1131910924 moved successfully.
C:\Documents and Settings\MIKE\Application Data\1946099523 moved successfully.
C:\Documents and Settings\MIKE\Application Data\2302247755 moved successfully.
C:\Documents and Settings\MIKE\Application Data\1233740586 moved successfully.
C:\Documents and Settings\MIKE\Application Data\Noimcifi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IdeguXagqi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IsemhAwixp folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\MIKE\Desktop\OTL\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IdeguXagqi deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IsemhAwixp deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: MIKE
->Temp folder emptied: 609880980 bytes
->Temporary Internet Files folder emptied: 174815820 bytes
->Java cache emptied: 930433 bytes
->FireFox cache emptied: 25969472 bytes
->Google Chrome cache emptied: 432472525 bytes
->Flash cache emptied: 61735 bytes
 
User: NetworkService
->Temp folder emptied: 322200 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 2836 bytes
 
User: UpdatusUser.GCDI-F7150E40D8
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: UpdatusUser.GCDI-F7150E40D8.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: UpdatusUser.GCDI-F7150E40D8.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 17641571 bytes
%systemroot%\System32 .tmp files removed: 1078513 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 314937802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 593595832 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 429034711 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,481.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 08022014_234359
 
Files\Folders moved on Reboot...
C:\Documents and Settings\MIKE\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\WINDOWS\temp\flaFD.tmp not found!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNBY9E2G\ODelI1aHBYDBqgeIAH2zlN0tugusXa58UbOrParLRF0[1].eot moved successfully.
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IVX4M1EV\-WzdRTzRa5k6HlJK6-dK9Q[1].eot not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IVX4M1EV\oDB-fAAStWy[1].js not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IVX4M1EV\oDB-fAAStWy[2].js not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 03 August 2014 - 02:32 AM

Hi gcdi,

Before the forum software update the word "code" appeared above the code box. With the software update the word does not appear any more. The canned I used was one I use on other forums. Sorry for the mix up.

Sorry aobut the length of time the fixes are taking to run but you ddi have several nasties running at startup. We also did quite a bit in the last fix.

How's the computer? The same, better or worse?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#11 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 03 August 2014 - 04:30 AM

the computer seems to be a little worse.



#12 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 03 August 2014 - 10:58 AM

Hi gcdi,

Are any of the original symptoms still present? What are the symptoms you are currently experiencing?

Let's see if any of what we have tried to fix has respwned. This scan should be quicker as there won't be a Custom scan and only one log will be prduced.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UnCheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
When the scan completes, it will opena notepad window. OTL.Txt

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#13 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 04 August 2014 - 12:29 AM

the computer just runs very slow and seems to pause a lot as it's trying to get something done.

it was easier getting to this area to reply today but as i was typing this there was about a 10 minute pause with the hour glass popping up and i could not enter any typing during this time, then the screen went all white then i could see this page again and continue.

also i don't know a typical time for the OTL scan with today's settings but this one took an hour and thirty five minutes.

 

here's the log

 

OTL logfile created on: 8/3/2014 11:34:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MIKE\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.12 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 76.83% Memory free
4.96 Gb Paging File | 4.41 Gb Available in Paging File | 88.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 807.73 Gb Free Space | 86.71% Space Free | Partition Type: NTFS
Drive D: | 7.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 69.23 Gb Total Space | 29.06 Gb Free Space | 41.98% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 175.53 Gb Free Space | 75.37% Space Free | Partition Type: NTFS
 
Computer Name: GCDI | User Name: MIKE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\MIKE\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\rckonne.dll ()
MOD - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
MOD - C:\Program Files\Gigabyte\EasySaver\ycc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe (SiSoftware)
SRV - (BCUService) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (pr2ah4nc) -- C:\WINDOWS\System32\pr2ah4nc.exe (CODEMASTERS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (mosuport) -- system32\DRIVERS\mosuport.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (gfmnidzs) -- C:\WINDOWS\system32\drivers\gfmnidzs.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\MIKE\LOCALS~1\Temp\catchme.sys File not found
DRV - (AODDriver) -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys File not found
DRV - (MpKslb9697988) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EAF4220-BEDB-4DCF-A3A7-97E312F7A877}\MpKslb9697988.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (etdrv) -- C:\WINDOWS\etdrv.sys (Windows ® 2000 DDK provider)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLTEAMING) -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS (Realtek Semiconductor Corporation)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nusb3xhc) -- C:\WINDOWS\system32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\WINDOWS\system32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\sandra.sys (SiSoftware)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation                           )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RtNdPt5x) -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys (Realtek Semiconductor Corporation                           )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (MarkFun_NT) -- C:\Program Files\Gigabyte\ET5\MARKFUN.W32 (Windows ® 2000 DDK provider)
DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys (D-Link                              )
DRV - (pe3ah4nc) -- C:\WINDOWS\system32\drivers\pe3ah4nc.sys (CODEMASTERS)
DRV - (ps6ah4nc) -- C:\WINDOWS\system32\drivers\ps6ah4nc.sys (CODEMASTERS)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RemoteControl-USBLAN) -- C:\WINDOWS\system32\drivers\rcblan.sys (Belcarra Technologies)
DRV - (ET5Drv) -- C:\WINDOWS\system32\drivers\ET5Drv.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) -- C:\WINDOWS\system32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (LHidKE) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {3906D159-82FC-450d-A57A-92D10437A2F5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{3906D159-82FC-450d-A57A-92D10437A2F5}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{67D06BCF-9EF0-4D55-A736-5DBD0B58BABB}: "URL" = http://search.condui...8601233467&UM=2
IE - HKCU\..\SearchScopes\{69375861-28F5-4c72-B52E-5C6DA8270101}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6E8FEB12-4AFD-4c88-A16F-6EBD16138199}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.40.349
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\MIKE\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/02 15:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/03 09:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/06/19 03:51:35 | 000,000,000 | ---D | M]
 
[2010/03/27 01:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Extensions
[2014/08/02 14:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions
[2014/08/02 14:49:46 | 000,000,000 | ---D | M] (MaskMe) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions\idme@abine.com
[2013/06/26 12:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions\ftd@ftd.com.xpi
[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/06/19 03:51:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/06/19 03:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/19 03:52:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2013/09/12 03:18:29 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: KeyBar 2.5 = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej\10.31.4.510_0\
CHR - Extension: KeyBar 2.5 = C:\Documents and Settings\MIKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej\10.31.4.510_0\nativeMessaging\nmHost
 
O1 HOSTS File: ([2014/07/14 15:01:03 | 000,449,906 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5043442D-472D-5637-00A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe ()
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\MIKE\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [UhocMimp] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: gigabyte.us ([www] https in Trusted sites)
O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} http://www.geforce.c.../GPU_Reader.cab (NVIDIA GPU Reader Class)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} http://service.samsu...rustChecker.cab (ACUBETrustChecker Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pbells.broad...otiveClient.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49581C7F-1CFC-4C55-B4EF-8588276CD04B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A58FF43-D0E1-4ABF-AF28-71D624F648EF}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\rckonne: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\rckonne.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\rckonne.dll ()
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/31 08:49:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/03/26 22:18:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/19 14:32:23 | 000,749,568 | R--- | M] (Codemasters Software Co.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/05/01 05:26:01 | 000,000,067 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/02/11 21:54:47 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2014/07/31 08:48:18 | 000,000,000 | ---D | M] - F:\AUTO -- [ NTFS ]
O32 - AutoRun File - [2006/02/11 21:54:47 | 000,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/28 12:44:10 | 008,188,928 | ---- | M] () - F:\Autotap 3.00.msi -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/04 00:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EderMevif
[2014/08/04 00:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnaqVawci
[2014/08/02 23:43:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/02 15:09:44 | 000,049,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrckvjsi.sys
[2014/08/02 14:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\Nuhiveu
[2014/08/02 14:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UhocMimp
[2014/08/01 16:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Desktop\ASWMBR
[2014/08/01 12:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Desktop\OTL
[2014/08/01 00:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Desktop\screenshot
[2014/08/01 00:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\0c7610
[2014/08/01 00:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610
[2014/08/01 00:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\98132781
[2014/08/01 00:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\4073586247
[2014/08/01 00:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906
[2014/08/01 00:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Application Data\1396467839
[2014/07/31 08:46:48 | 000,000,000 | -H-D | C] -- C:\c088cf6
[2014/07/31 04:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Start Menu\Programs\NetSurveillance
[2014/07/31 04:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\NetSurveillance
[2014/07/27 14:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\Start Menu\Programs\CMS
[2014/07/27 14:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\CMS
[2014/07/24 04:12:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}
[2014/07/20 22:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\My Documents\process
[2014/07/19 02:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIKE\My Documents\process expl
[2014/07/14 03:14:24 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/14 03:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/14 03:12:44 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/07/14 03:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/04 01:08:14 | 000,019,756 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2014/08/04 00:48:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/08/04 00:00:10 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/08/03 23:44:46 | 000,000,083 | ---- | M] () -- C:\WINDOWS\System32\qtfv.idw
[2014/08/03 23:34:40 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/03 23:31:39 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2014/08/03 23:30:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/03 00:56:47 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx
[2014/08/03 00:56:47 | 000,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx
[2014/08/03 00:56:47 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000006-00001102-00000005-00231102}.rfx
[2014/08/02 23:54:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1233740586
[2014/08/02 23:54:07 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\2302247755
[2014/08/02 15:09:46 | 000,049,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrckvjsi.sys
[2014/08/02 15:05:01 | 002,629,142 | ---- | M] () -- C:\Documents and Settings\MIKE\My Documents\2012Vette12-22-11.1[1].jpg
[2014/08/02 15:04:56 | 000,653,336 | ---- | M] () -- C:\Documents and Settings\MIKE\My Documents\20120906_175932[1].jpg
[2014/08/02 15:04:39 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/08/02 15:04:39 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
[2014/08/02 15:01:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/08/02 14:52:49 | 000,051,480 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\KUV REAR SUSPENSION 016.JPG
[2014/08/02 14:52:48 | 000,061,720 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\How to Restore Your Harley Davidson Motorcycle Motorbooks Workshop by Bruce Palmer III - 5 Star Book Review.pdf
[2014/08/02 14:50:27 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/08/02 14:50:27 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 12:33:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/07/31 12:33:29 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/07/31 09:49:07 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:07 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:06 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:06 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 08:49:10 | 000,000,280 | ---- | M] () -- C:\Boot.bak
[2014/07/29 23:43:29 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/27 14:01:39 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\CMS.lnk
[2014/07/26 01:25:18 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/07/24 02:16:19 | 000,000,358 | RHS- | M] () -- C:\boot.ini
[2014/07/18 13:35:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/07/15 02:30:31 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job
[2014/07/15 02:30:26 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/07/15 02:30:20 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/07/15 02:30:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:30:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:30:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:52 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:47 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:40 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
[2014/07/15 02:29:35 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/15 02:29:29 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/15 02:29:09 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2014/07/15 02:29:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job
[2014/07/15 02:28:53 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job
[2014/07/15 02:28:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/15 02:28:32 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/15 02:28:04 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/07/14 15:01:03 | 000,449,906 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/07/14 03:13:17 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2014/08/02 23:54:43 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\1233740586
[2014/08/02 15:04:39 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/08/02 15:04:39 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
[2014/08/02 14:50:27 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/08/02 14:50:27 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\DECRYPT_INSTRUCTION.URL
[2014/08/01 00:33:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\2302247755
[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:07 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:07 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:06 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:06 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 06:58:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/07/27 14:01:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\CMS.lnk
[2014/07/14 03:13:17 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/20 18:14:02 | 000,179,377 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2013/10/30 01:55:30 | 000,000,289 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/06/13 00:47:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\$_hpcst$.hpc
[2012/10/03 06:41:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe
[2012/10/03 06:41:43 | 012,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2012/10/03 06:41:43 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2012/10/03 06:41:43 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2012/10/03 06:41:42 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2012/10/03 06:41:41 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2012/09/16 02:48:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/16 02:48:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/16 02:48:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/16 02:48:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/16 02:48:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/10 13:38:33 | 001,098,800 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/09/10 13:38:33 | 001,098,800 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/09/10 13:38:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/14 05:06:20 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\MIKE\default.pls
[2011/11/28 05:08:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MIKE\RoomEQWizardV5-Path
[2011/07/22 10:26:46 | 001,146,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-2000478354-839522115-1003-0.dat
[2011/07/22 10:26:45 | 000,145,058 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/24 02:47:44 | 010,964,992 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2010/03/29 07:58:51 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/03/27 18:47:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1472 bytes -> C:\WINDOWS\System32\drivers\mrckvjsi.sys:changelist
 
< End of report >


#14 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 August 2014 - 01:57 AM

Hi gcdi,

 

Given your computer spec that scan time was a bit exessive. However there is some malware still active which could account for the symptoms you describe.

 

If you are a Google Chrome user please do not use it at this time. Use either IE or FireFox as the file path for Chrome does not seem right.

 

You are/where infected with CryptoWall. I suspect at one point you were informed that unless you paid a fee of X$ your files would be encrypted. Unfortunately at this time if the files become encrypted there is very ittle hope in unencrypting them. We can remove the infection though.

 

Hopefully this will be quicker.

 

Next, Double click on OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • please note the fix starts with the :
:Services :OTL
MOD - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\rckonne.dll ()
DRV - (gfmnidzs) -- C:\WINDOWS\system32\drivers\gfmnidzs.sys File not found
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{67D06BCF-9EF0-4D55-A736-5DBD0B58BABB}: "URL" = http://search.condui...8601233467&UM=2
IE - HKLM\..\SearchScopes,DefaultScope = {1D0C0448-EB8B-4bc6-943B-AAC32A1C7BFC}
IE - HKCU\..\SearchScopes,DefaultScope = {3906D159-82FC-450d-A57A-92D10437A2F5}
[2013/06/26 12:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\sywhhfyw.default-1368204256093\extensions\ftd@ftd.com.xpi
O20 - Winlogon\Notify\rckonne: DllName - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\rckonne.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\rckonne.dll ()
[2014/08/04 00:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EderMevif
[2014/08/04 00:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnaqVawci
[2014/08/02 15:04:39 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/08/02 15:04:39 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
[2014/08/02 23:54:43 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\1233740586
[2014/08/02 23:54:07 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\MIKE\Application Data\2302247755
[2014/07/31 09:49:07 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:07 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:06 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
[2014 /07/31 09:49:06 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
[2014/08/02 15:04:39 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/08/02 15:04:39 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
[2014/08/02 14:50:27 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/08/02 14:50:27 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\DECRYPT_INSTRUCTION.URL
[2014/08/01 00:33:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\2302247755
[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:12 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.HTML
[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
[2014/07/31 09:49:12 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\DECRYPT_INSTRUCTION.URL :Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UhocMimp"=- :Files
ipconfig /flushdns /c :Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top


  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer

Please post the  OTL log.

 

 

Any improvement?

 


Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#15 gcdi

gcdi

    Authentic Member

  • Authentic Member
  • PipPip
  • 119 posts

Posted 04 August 2014 - 11:53 PM

Well unfortunately I can't get the computer to do much at all now.

I did get it to forum this morning and copied the file to put in OTL but now can't get OTL to open.

It starts to open, I can see the outlines but the buttons like scan or run are blank and I can't paste to the lower area.

I have tried several times and left it for hours to see if it would finally open.

Other things I've noticed, if I look at task manager at the bottom it shows cpu usage to be 100% but when I look at proceses they all show session id's as 0 and show cpu usage to be 0.

Also noticed that the light on the modem/router that coresponds to the pc connection is always on steady or blinking fast as if there a lot of data being exchanged..

This reply came from another pc but as I was writing this the pc in question finally got on internet after about thirty minutes of letting it try.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users