Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browers (both Firefox & IE)are EXTREMELY slow

Started by jsaklas , Oct 01 2011 10:35 AM

  • Please log in to reply

#151
jsaklas
Posted 27 January 2012 - 08:20 PM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I could not get the screen dump to paste into this reply, so I copied it into Wordpad, saved it, converted it to a PDF (in Word it was 6 Megs) and then attached it.


I now have what may be a more serious problem, but not on this computer, rather it is on my new computer. I will describe it briefly and then I would appreciate it if you could then tell me what to do. We could continue with this thread, or you may want me to start a new thread.

After working perfectly for one month, yesterday, Firefox crashed. I assumed a virus, I tried to run Kaspersky, but it would not run, it started then the computer completely shut down. I rebooted. I got messages that K was not current (Impossible, I loaded K Internet Security 2012 about 5 weeks ago and have been updating it. I tried to update it but I kept getting errors from K, e.g."Kapersky Anti-Virus has encountered a problem an needs to close. Sorry for the inconvenience." I used Revo to uninstall it, Revo defauted to K's Uninstall program. Once uninstalled I reloaded it, but it still would not run. Moreover, sometimes the machine would shut down. I ran Lavasofts AD-ware, the computer shut down before it was finished. I tried a second time and this time it ran, but found only two small problems which were removed. I tried to run Malwarebytes and although the computer did not shut down, it did freeze before Malware finished.

How do you suggest I proceed? (I am writing this from the old computer, but I think the new one will stay on long enough to address the problem.

js

Attached Files


  • 0

Advertisements

#152
CompCav
Posted 27 January 2012 - 08:47 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Well you have Avira and so you should only have one antivirus at a time.

Multiple installed antivirus products can lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.


So make sure you have only one antivirus and MalwareBytes' active and resident.


Step 1.

then run RogueKiller

  • Download on the desktop RogueKiller (by tigzy)
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Delete. Click on Report and copy/paste the content of the notepad


Step 2.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3.

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under Extra Registry click Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please Post:

both RkReport.txt
aswMBR log
OTL.txt
Extras.txt
  • 0

#153
jsaklas
Posted 27 January 2012 - 09:48 PM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I do not have multiple anti-viruses on my new computer. On my old machine I have AVIRA, and on the new one I have only Kapersky. I also have Malwarebytes and Ad-Aware, but they are not active (I don't think.) I only use them manually. Of course, now, since I uninstalled Kapersky a second time,I have no Anti-virus on the new computer. Do you recommend uninstalling Lavasoft product? if so I will do so.

I forgot to tell you in the previous reply that when I tried to load K the last time I got some errors about Application Memory Dumps. Also it appears that Windows only shuts down when there is a scan involved - but I am not 100% sure about this.

Lastly, does any of this change any of your suggestions? If not, I will proceed as you directed.

Did the Revo pdf file attached have anything info that would lead to a faster startup? If NOT, then let's put the original work we did on the old computer to rest since the problems were solved and concentrate on this problem with the new computer.


js
  • 0

#154
CompCav
Posted 27 January 2012 - 11:31 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts

I do not have multiple anti-viruses on my new computer.

I misunderstood. You are fine.

New Machine

Make sure Kaspersky is totally removed first and then try to reinstall it or one of the free ones listed below.

Go here and download kavremover.exe.

Follow the directions to remove the Kaspersky product you had installed and that shows up listed in the remover window.

Once you are done then reboot the computer and either reinstall Kaspersky or one of the free ones listed below.


You do need an antivirus on the new machine so if Kaspersky is having issues then you can try the free Avira(just make sure you do not let it install the Ask Toolbar portion) or Microsoft Security Essentials.

Please uninstall LavaSoft's Ad-Aware.

Now run the steps that I gave you in Post #152.



Old Machine


There are some things to uncheck in the autoruns list so reopen RevoUninstaller and go to Tools and Autorun Manager


Some items are already unchecked and just leave them unchecked.

Uncheck only the following items:

ctfmon.exe
nwiz
Quicktime Task
TkBell.exe
Adobe ARM
NswUiTray
SunJavaUpdateSched
DivXUpdate
OpwareSE2

Then close RevoUninstaller and reboot to see if it is faster.


Next Post:

Please post the logs I requested in Post #152 for the new computer and let me know which AV you installed.

If the problem does not look like malware I will have you start a new topic in the Windows XP forum for the new machine.


For the old computer please let me know how it started up.
  • 0

#155
jsaklas
Posted 28 January 2012 - 10:59 PM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

Here are the scan files:

RogueKiller V7.0.1 [01/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Baba [Admin rights]
Mode: Scan -- Date : 01/28/2012 14:10:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost




¤¤¤ MBR Check: ¤¤¤


+++++ PhysicalDrive0: WDC WD15EARS-00MVWB0 +++++
--- User ---
[MBR] b4cb8689ded4067f11a69d5eac91205c
[BSP] c315e2eeff8dcc5b86003ff3dac45feb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 393217 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 768003390 | Size: 1107073 Mo

User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 16:17:43
-----------------------------
16:17:43.515 OS Version: Windows 5.1.2600 Service Pack 3
16:17:43.515 Number of processors: 2 586 0x2A07
16:17:43.515 ComputerName: FIRSTFLOOROFFIC UserName: Baba
16:17:44.156 Initialize success
16:20:28.250 AVAST engine defs: 12012800
16:43:46.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:43:46.375 Disk 0 Vendor: WDC_WD15EARS-00MVWB0 51.0AB51 Size: 1430799MB BusType: 3
16:43:46.390 Disk 0 MBR read successfully
16:43:46.390 Disk 0 MBR scan
16:43:46.437 Disk 0 Windows XP default MBR code
16:43:46.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 375001 MB offset 63
16:43:46.437 Disk 0 Partition - 00 0F Extended LBA 1055787 MB offset 768003390
16:43:46.437 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 524999 MB offset 768003453
16:43:46.437 Disk 0 Partition - 00 05 Extended 530788 MB offset 1843201710
16:43:46.468 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 530788 MB offset 1843201773
16:43:46.468 Disk 0 scanning sectors +2930256000
16:43:46.515 Disk 0 scanning C:\WINDOWS\system32\drivers
16:43:51.640 Service scanning
16:43:52.656 Modules scanning
16:43:55.609 Disk 0 trace - called modules:
16:43:55.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:43:55.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a390ab8]
16:43:55.687 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005b[0x8a3c1828]
16:43:55.687 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a371940]
16:43:56.796 AVAST engine scan C:\WINDOWS
16:44:10.562 AVAST engine scan C:\WINDOWS\system32
16:46:12.015 AVAST engine scan C:\WINDOWS\system32\drivers
16:46:26.203 AVAST engine scan C:\Documents and Settings\Baba
16:47:55.718 AVAST engine scan C:\Documents and Settings\All Users
16:48:05.953 Scan finished successfully
23:38:51.468 Disk 0 MBR has been saved successfully to "D:\ComputerNew\MBR.dat"
23:38:51.468 The log file has been saved successfully to "D:\ComputerNew\aswMBR-01-28.txt"


OTL logfile created on: 1/28/2012 11:49:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 87.67% Memory free
4.83 Gb Paging File | 4.49 Gb Available in Paging File | 93.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 366.21 Gb Total Space | 343.90 Gb Free Space | 93.91% Space Free | Partition Type: NTFS
Drive D: | 512.69 Gb Total Space | 505.10 Gb Free Space | 98.52% Space Free | Partition Type: NTFS
Drive E: | 518.35 Gb Total Space | 514.04 Gb Free Space | 99.17% Space Free | Partition Type: NTFS

Computer Name: FIRSTFLOOROFFIC | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 23:46:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2011/02/01 14:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 14:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/08 13:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/01 14:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 14:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/01/27 19:51:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/10 05:12:04 | 006,281,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/10/19 17:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) Intel®
DRV - [2010/10/14 11:29:14 | 000,260,864 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/08/24 04:56:01 | 000,063,088 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-484763869-602162358-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-484763869-602162358-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {58D4392A-842E-11DE-B51A-C7B855D89593}:1.2.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Mozilla Firefox\components [2011/12/26 16:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Mozilla Thunderbird\components [2011/12/26 21:42:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Mozilla Thunderbird\plugins

[2011/12/26 16:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2012/01/25 16:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\fmoo84x0.default\extensions
[2012/01/25 16:36:09 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\fmoo84x0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BABA\APPLICATION DATA\THUNDERBIRD\PROFILES\L80VH81O.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-602162358-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1321758810609 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1888274-80D5-45AA-BA57-00F07619EB56}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\faris1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\faris1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/19 16:21:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/28 14:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\RK_Quarantine
[2012/01/28 13:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/01/27 19:51:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/27 09:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/25 16:17:03 | 000,000,000 | ---D | C] -- C:\HD Tune
[2012/01/25 16:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HD Tune
[2012/01/25 10:45:29 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/25 10:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/01/18 15:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\Microsoft Help
[2012/01/17 00:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Malwarebytes
[2012/01/17 00:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/17 00:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/17 00:16:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/17 00:15:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/01/11 10:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\My Documents\My Albums
[2012/01/11 10:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\ArcSoft
[2012/01/11 01:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2012/01/11 01:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\UBitMenu
[2012/01/11 01:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/11 01:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/11 00:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/11 00:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Revo Uninstaller
[2012/01/11 00:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Windows Search
[2012/01/10 21:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Programs
[2012/01/09 15:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\PrimoPDF
[2012/01/09 15:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrimoPDF
[2012/01/09 15:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2012/01/09 00:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/01/08 17:06:07 | 000,563,712 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\vdk32116.dll
[2012/01/08 17:06:04 | 000,389,120 | ---- | C] (Criterion Software Ltd.) -- C:\WINDOWS\System32\Rwl21.dll
[2012/01/08 17:06:03 | 000,621,056 | ---- | C] (Criterion Software Ltd.) -- C:\WINDOWS\System32\Rwdlmb21.dll
[2012/01/08 17:06:02 | 000,558,080 | ---- | C] (Criterion Software Ltd.) -- C:\WINDOWS\System32\Rwdl8b21.dll
[2012/01/08 17:06:01 | 000,576,000 | ---- | C] (Criterion Software Ltd.) -- C:\WINDOWS\System32\Rwdl6b21.dll
[2012/01/08 17:05:54 | 000,022,528 | ---- | C] (Netscape Communications) -- C:\WINDOWS\System32\nsmlaw32.dll
[2012/01/08 17:05:51 | 000,264,192 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\npacrx.dll
[2012/01/08 17:05:50 | 000,076,800 | ---- | C] (Netscape Communications) -- C:\WINDOWS\System32\mcilma32.dll
[2012/01/08 17:05:49 | 000,131,584 | ---- | C] (Netscape ) -- C:\WINDOWS\System32\mcilau32.dll
[2012/01/08 17:05:49 | 000,095,296 | ---- | C] (Netscape ) -- C:\WINDOWS\System32\mcilau.dll
[2012/01/08 17:05:49 | 000,037,856 | ---- | C] (Netscape Communications) -- C:\WINDOWS\System32\mcilma.dll
[2012/01/08 17:05:48 | 000,071,168 | ---- | C] (Netscape Communications) -- C:\WINDOWS\System32\lmactl32.dll
[2012/01/08 17:05:46 | 000,067,936 | ---- | C] (InSoft, Inc.) -- C:\WINDOWS\System32\isprsht.dll
[2012/01/08 17:05:39 | 000,063,488 | ---- | C] (Voxware) -- C:\WINDOWS\System32\vdk32118.acm
[2012/01/08 17:05:39 | 000,055,808 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\nsx83p32.acm
[2012/01/08 17:05:39 | 000,030,208 | ---- | C] (Netscape Communications) -- C:\WINDOWS\System32\nspac32.acm
[2012/01/08 17:01:13 | 000,018,944 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\verscpl.cpl
[2012/01/08 17:00:20 | 000,011,296 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\Baren.DLL
[2012/01/08 17:00:20 | 000,009,216 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\Barmven.exe
[2012/01/08 17:00:19 | 000,277,520 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\Barista.DRV
[2012/01/08 16:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 12
[2012/01/08 16:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2012/01/08 16:20:56 | 000,000,000 | ---D | C] -- C:\WordPerfect Office 12
[2012/01/08 14:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\My Documents\HTML
[2012/01/08 14:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Corel WordPerfect Suite 8
[2012/01/08 14:01:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Corel
[2012/01/08 14:01:28 | 000,123,904 | ---- | C] (Nexal Corporation) -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2012/01/08 14:01:26 | 000,286,208 | ---- | C] (Nexal Corporation) -- C:\WINDOWS\System32\NCSPI832.DLL
[2012/01/08 14:01:08 | 000,064,000 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\PFAUTO8.DLL
[2012/01/08 14:01:03 | 000,125,952 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\SHELLWP.DLL
[2012/01/08 14:01:03 | 000,007,680 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\SHLWP8EN.DLL
[2012/01/08 14:00:25 | 000,068,096 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\PRAUTO8.DLL
[2012/01/08 14:00:18 | 000,000,000 | ---D | C] -- C:\MyFiles
[2012/01/08 14:00:16 | 000,000,000 | ---D | C] -- C:\Corel
[2012/01/06 17:13:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/06 16:44:52 | 000,000,000 | ---D | C] -- C:\PDF Fix
[2012/01/06 11:10:13 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/01/06 11:10:10 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/01/06 11:10:00 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/01/06 11:09:57 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/01/06 11:09:37 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/01/06 11:09:35 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/01/06 11:09:27 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/01/06 11:09:13 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/01/06 11:09:03 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/01/06 11:09:01 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/01/06 11:08:58 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/01/06 11:08:55 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/01/06 11:08:51 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/01/06 11:08:48 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/01/06 11:08:45 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/01/06 11:08:34 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/01/06 11:08:22 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/01/06 11:08:20 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/01/06 11:08:17 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/01/06 11:08:12 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/01/06 11:07:56 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/01/06 11:07:46 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/01/06 11:07:43 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/01/06 11:07:33 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/01/06 11:07:30 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/01/06 11:07:27 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/01/06 11:07:25 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/01/06 11:07:22 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/01/06 11:07:19 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/01/06 11:06:55 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/01/06 11:06:51 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/01/06 11:06:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/01/06 11:06:48 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/01/06 11:06:44 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/01/06 11:06:41 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/01/06 11:06:32 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/01/06 11:06:29 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/01/06 11:05:57 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/01/06 11:05:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/01/06 11:05:52 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/01/06 11:05:49 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/01/06 11:05:45 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/01/06 11:05:30 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/01/06 11:05:07 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/01/06 11:05:04 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/01/06 11:05:02 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/01/06 11:04:59 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/01/06 11:04:57 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/01/06 11:04:39 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/01/06 11:04:36 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/01/06 11:04:34 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/01/06 11:04:29 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/01/06 11:04:07 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/01/06 11:04:05 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/01/06 11:04:03 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/01/06 11:04:00 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/01/06 11:03:42 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/01/06 11:03:37 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/01/06 11:03:34 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/01/06 11:03:23 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/01/06 11:03:21 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/01/06 11:03:18 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/01/06 11:03:16 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/01/06 11:03:14 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/01/06 11:03:11 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/01/06 11:03:09 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/01/06 11:03:06 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/01/06 11:03:04 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/01/06 11:02:59 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/01/06 11:02:56 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/01/06 11:02:55 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/01/06 11:02:55 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/01/06 11:02:45 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/01/06 11:02:41 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/01/06 11:02:38 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/01/06 11:02:35 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/01/06 11:02:25 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/01/06 11:02:23 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/01/06 11:02:01 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/01/06 11:01:59 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/01/06 11:01:57 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/01/06 11:01:48 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/01/06 11:01:10 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/01/06 11:01:01 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/01/06 11:01:00 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/01/06 11:00:58 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/01/06 11:00:30 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/01/06 11:00:27 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/01/06 11:00:25 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/01/06 11:00:23 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/01/06 11:00:08 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/01/06 11:00:00 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/01/06 10:59:57 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/01/06 10:59:54 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/01/06 10:59:48 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/01/06 10:59:45 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/01/06 10:59:39 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/01/06 10:59:37 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/01/06 10:59:35 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/01/06 10:59:33 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/01/06 10:59:30 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/01/06 10:59:28 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/01/06 10:59:22 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/01/06 10:59:20 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/01/06 10:59:18 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/01/06 10:59:16 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/01/06 10:59:13 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/01/06 10:58:41 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/01/06 10:58:17 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/01/06 10:58:03 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/01/06 10:58:01 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/01/06 10:58:00 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/01/06 10:57:58 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/01/06 10:57:58 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/01/06 10:57:56 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/01/06 10:57:50 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/01/06 10:57:48 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/01/06 10:57:46 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/01/06 10:57:44 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/01/06 10:57:41 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/01/06 10:57:39 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/01/06 10:56:58 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/01/06 10:56:31 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/01/06 10:55:16 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/01/06 10:55:09 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/01/06 10:54:51 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/01/06 10:54:49 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/01/06 10:54:48 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/01/06 10:54:38 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/01/06 10:54:31 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/01/06 10:54:30 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/01/06 10:54:27 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/01/06 10:54:26 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/01/06 10:54:24 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/01/06 10:54:24 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/01/06 10:54:13 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/01/06 10:54:10 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/01/06 10:54:08 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/01/06 10:53:10 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/01/06 10:53:06 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/01/06 10:53:00 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/01/06 10:52:59 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/01/06 10:52:58 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/01/06 10:52:55 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/01/06 10:52:54 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/01/06 10:52:53 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/01/06 10:52:52 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/01/06 10:52:50 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/01/06 10:52:36 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/01/06 10:52:36 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/01/06 10:52:33 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/01/06 10:52:17 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/01/06 10:52:16 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/01/06 10:52:15 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/01/06 10:52:14 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/01/06 10:52:14 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/01/06 10:52:13 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/01/06 10:52:12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/01/06 10:52:11 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/01/06 10:52:05 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/01/06 10:51:56 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/01/06 10:51:51 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/01/06 10:51:46 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/01/06 10:51:46 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/01/06 10:51:45 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/01/06 10:51:45 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/01/06 10:51:44 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/01/06 10:51:41 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/01/06 10:51:41 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/01/06 10:51:41 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/01/06 10:51:40 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/01/06 10:51:39 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/01/06 10:51:38 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/01/06 10:51:18 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/01/06 10:51:18 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/01/06 10:51:17 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/01/06 10:51:17 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/01/06 10:51:17 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/01/06 10:51:16 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/01/06 10:51:15 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/01/06 10:51:15 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/01/06 10:51:14 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/01/06 10:51:14 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/01/06 10:51:14 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/01/06 10:51:13 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/01/06 10:51:12 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/01/06 10:51:12 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/01/06 10:51:12 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/01/06 10:51:11 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/01/06 10:51:11 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/01/06 10:51:11 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/01/06 10:51:08 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/01/06 10:51:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/01/06 10:51:05 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/01/06 10:51:05 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/01/06 10:51:05 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/01/06 10:51:04 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/01/06 10:51:04 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/01/06 10:51:03 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/01/06 10:50:50 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/01/06 10:50:47 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/01/06 10:48:59 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/01/06 10:48:59 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/01/06 10:48:57 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/01/06 10:48:57 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/01/06 10:48:57 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/01/06 10:48:55 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/01/06 10:48:54 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/01/06 10:48:54 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/01/06 10:48:53 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/01/06 10:48:53 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/01/06 10:48:53 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/01/06 01:55:39 | 000,000,000 | ---D | C] -- C:\ENGECON
[2012/01/06 01:43:25 | 000,112,992 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\g2m_download.exe
[2012/01/04 18:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Canon
[2012/01/04 18:21:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Baba\My Documents\My PageManager
[2012/01/04 18:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\NewSoft
[2012/01/04 18:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\Adobe
[2012/01/04 18:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Local Settings\Application Data\Temp
[2012/01/04 17:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon
[2012/01/04 17:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\ScanSoft
[2012/01/04 17:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2012/01/04 17:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/01/04 17:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 2.0
[2012/01/04 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012/01/04 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2012/01/04 17:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\WINDOWS
[2012/01/04 17:40:25 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2012/01/04 17:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/01/04 17:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\NewSoft
[2012/01/04 12:00:49 | 000,389,180 | ---- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL
[2012/01/04 12:00:45 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2012/01/04 10:45:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\My Documents\My Videos
[2012/01/04 00:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Thunderbird-L
[2012/01/03 23:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Thunderbird
[2012/01/01 18:44:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/01 18:43:35 | 000,000,000 | ---D | C] -- C:\NC
[2012/01/01 18:39:58 | 000,000,000 | ---D | C] -- C:\Metric Conv
[2012/01/01 18:39:15 | 000,000,000 | ---D | C] -- C:\BENCOST
[2012/01/01 18:39:15 | 000,000,000 | ---D | C] -- C:\ABSTAT
[2011/11/20 18:43:26 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/28 23:52:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EEEFEBAC-534A-400B-A9B0-44A1FF6AEA11}.job
[2012/01/28 23:23:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/28 23:23:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/28 14:01:25 | 000,505,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/28 14:01:25 | 000,087,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/28 13:49:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/27 19:51:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/27 18:20:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/27 18:14:41 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 19:14:21 | 000,000,175 | ---- | M] () -- C:\WINDOWS\prestopm.INI
[2012/01/25 19:12:19 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2012/01/25 11:35:13 | 001,045,474 | ---- | M] () -- C:\WINDOWS\farmer2.bmp
[2012/01/25 11:33:52 | 001,045,558 | ---- | M] () -- C:\WINDOWS\farmer1.bmp
[2012/01/25 11:27:45 | 001,045,558 | ---- | M] () -- C:\WINDOWS\faris2.bmp
[2012/01/25 11:26:37 | 001,045,422 | ---- | M] () -- C:\WINDOWS\faris1.bmp
[2012/01/25 10:45:29 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/13 15:36:29 | 001,045,558 | ---- | M] () -- C:\WINDOWS\fairchild2.bmp
[2012/01/13 15:36:29 | 001,045,558 | ---- | M] () -- C:\WINDOWS\fairchild2
[2012/01/13 15:34:50 | 001,045,558 | ---- | M] () -- C:\WINDOWS\fairchild1.bmp
[2012/01/13 15:30:05 | 001,045,442 | ---- | M] () -- C:\WINDOWS\evans-madge2.bmp
[2012/01/13 15:27:59 | 001,045,558 | ---- | M] () -- C:\WINDOWS\evans-madge1.bmp
[2012/01/11 16:06:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 10:52:30 | 001,045,558 | ---- | M] () -- C:\WINDOWS\Ari-Stella1.bmp
[2012/01/11 01:13:27 | 000,000,532 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2012/01/11 01:12:00 | 000,151,566 | ---- | M] () -- C:\WINDOWS\System32\UninstIPP.isu
[2012/01/11 01:11:59 | 000,000,105 | ---- | M] () -- C:\WINDOWS\UMXADDIN.INI
[2012/01/11 00:13:07 | 000,036,291 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2012/01/09 15:14:44 | 000,009,347 | ---- | M] () -- C:\Documents and Settings\Baba\My Documents\testPrimo.pdf
[2012/01/09 15:10:30 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini
[2012/01/09 11:28:28 | 000,787,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/09 00:41:57 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\PAA Server.RDP
[2012/01/09 00:38:25 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Baba\My Documents\Default.rdp
[2012/01/09 00:36:32 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Baba\g2mdlhlpx.exe
[2012/01/09 00:30:20 | 001,045,558 | ---- | M] () -- C:\WINDOWS\Elizabeth1.bmp
[2012/01/08 17:43:19 | 001,045,558 | ---- | M] () -- C:\WINDOWS\Elizabeth2.bmp
[2012/01/08 17:06:54 | 000,000,484 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/01/08 15:17:17 | 001,045,558 | ---- | M] () -- C:\WINDOWS\albatest1.bmp
[2012/01/06 17:14:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/01/06 11:40:55 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Norton Commander.pif
[2012/01/06 11:16:27 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 16:32:41 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\ATF-Cleaner.lnk
[2012/01/25 11:35:12 | 001,045,474 | ---- | C] () -- C:\WINDOWS\farmer2.bmp
[2012/01/25 11:33:50 | 001,045,558 | ---- | C] () -- C:\WINDOWS\farmer1.bmp
[2012/01/25 11:27:43 | 001,045,558 | ---- | C] () -- C:\WINDOWS\faris2.bmp
[2012/01/25 11:26:35 | 001,045,422 | ---- | C] () -- C:\WINDOWS\faris1.bmp
[2012/01/25 10:42:30 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/21 09:58:13 | 001,045,558 | ---- | C] () -- C:\WINDOWS\fairchild2.bmp
[2012/01/18 15:50:15 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\MS WORD.lnk
[2012/01/13 15:39:24 | 001,045,558 | ---- | C] () -- C:\WINDOWS\fairchild2
[2012/01/13 15:39:24 | 001,045,558 | ---- | C] () -- C:\WINDOWS\fairchild1.bmp
[2012/01/13 15:39:24 | 001,045,442 | ---- | C] () -- C:\WINDOWS\evans-madge2.bmp
[2012/01/13 15:27:56 | 001,045,558 | ---- | C] () -- C:\WINDOWS\evans-madge1.bmp
[2012/01/13 15:23:00 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\PhotoStudio.lnk
[2012/01/11 10:52:28 | 001,045,558 | ---- | C] () -- C:\WINDOWS\Ari-Stella1.bmp
[2012/01/11 01:11:59 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2012/01/11 01:09:47 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2012/01/11 00:13:07 | 000,036,291 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012/01/10 21:40:09 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Canon Tool Box.lnk
[2012/01/09 15:14:43 | 000,009,347 | ---- | C] () -- C:\Documents and Settings\Baba\My Documents\testPrimo.pdf
[2012/01/09 15:10:32 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/01/09 00:57:54 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\GO2Meeting.lnk
[2012/01/09 00:39:23 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\PAA Server.RDP
[2012/01/09 00:38:25 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Baba\My Documents\Default.rdp
[2012/01/09 00:36:32 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Baba\g2mdlhlpx.exe
[2012/01/08 17:33:42 | 001,045,558 | ---- | C] () -- C:\WINDOWS\Elizabeth1.bmp
[2012/01/08 17:32:19 | 001,045,558 | ---- | C] () -- C:\WINDOWS\Elizabeth2.bmp
[2012/01/08 17:06:27 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini
[2012/01/08 17:06:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll
[2012/01/08 14:58:19 | 001,045,558 | ---- | C] () -- C:\WINDOWS\albatest1.bmp
[2012/01/08 14:05:31 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/01/08 14:03:52 | 000,003,044 | ---- | C] () -- C:\WINDOWS\System32\PXDocExp.TTF
[2012/01/08 14:01:13 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2012/01/08 14:01:13 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2012/01/08 14:01:09 | 000,003,268 | ---- | C] () -- C:\WINDOWS\System32\PFAUTO8.TLB
[2012/01/06 11:40:55 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Norton Commander.pif
[2012/01/06 11:16:27 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/01/06 11:10:10 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/01/06 11:10:07 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/01/06 11:01:53 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/01/06 11:01:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/01/06 10:58:46 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/01/06 10:55:14 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/01/06 10:55:10 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/01/06 10:55:07 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/01/06 10:55:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/01/06 10:55:00 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/01/06 10:52:57 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/01/06 10:52:56 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/01/06 10:52:55 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/01/06 10:50:59 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/01/06 10:50:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/01/06 10:50:58 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/01/06 10:50:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/01/06 10:50:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/01/06 10:50:58 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/01/06 10:50:57 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/01/06 10:50:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/01/06 10:50:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/01/06 10:50:52 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/01/04 18:24:42 | 000,000,175 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2012/01/04 18:21:01 | 000,000,051 | ---- | C] () -- C:\NsScanforTest.ini
[2012/01/04 17:46:36 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/01/04 17:42:41 | 000,151,566 | ---- | C] () -- C:\WINDOWS\System32\UninstIPP.isu
[2012/01/04 17:42:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2012/01/04 17:42:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2011/12/20 00:20:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\WebpageIcons.db
[2011/12/19 14:50:25 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2011/12/19 14:50:25 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2011/11/20 19:14:43 | 000,062,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/20 18:47:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/11/20 18:46:55 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/11/20 18:43:26 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/11/20 18:43:25 | 000,783,644 | R--- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2011/11/20 18:43:25 | 000,201,496 | R--- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2011/11/20 18:43:25 | 000,145,804 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2011/11/19 23:59:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/19 23:58:45 | 000,787,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/19 22:00:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011/11/19 16:23:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/19 16:18:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,087,442 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/12/19 14:24:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/19 14:40:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/12/19 14:40:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/12/19 14:32:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2011/12/19 14:40:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/01/03 02:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/12/19 14:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/12/19 14:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/01/04 17:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/01/04 17:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2012/01/25 19:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Canon
[2011/12/26 21:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\FREDThunderbird
[2012/01/04 17:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\NewSoft
[2012/01/09 15:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\PrimoPDF
[2012/01/04 17:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\ScanSoft
[2012/01/03 23:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Thunderbird
[2012/01/04 00:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Thunderbird-L
[2012/01/11 01:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\UBitMenu
[2011/12/19 10:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Windows Desktop Search
[2012/01/11 00:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Windows Search
[2011/12/20 00:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baba\Application Data\Zim Technologies International Inc
[2012/01/04 00:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LULI\Application Data\FREDAThunderbird
[2012/01/04 21:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LULI\Application Data\NewSoft
[2012/01/04 00:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LULI\Application Data\Thunderbird
[2012/01/25 15:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LULI\Application Data\UBitMenu
[2012/01/04 00:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LULI\Application Data\Windows Desktop Search
[2012/01/27 18:20:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/28 23:52:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EEEFEBAC-534A-400B-A9B0-44A1FF6AEA11}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{634EE78B-CD01-4EC9-9ABB-764C36C9EB0D}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{76A017F7-863A-4FEC-9733-445FB0FC5425}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B1888274-80D5-45AA-BA57-00F07619EB56}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >



OTL Extras logfile created on: 1/28/2012 11:49:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 87.67% Memory free
4.83 Gb Paging File | 4.49 Gb Available in Paging File | 93.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 366.21 Gb Total Space | 343.90 Gb Free Space | 93.91% Space Free | Partition Type: NTFS
Drive D: | 512.69 Gb Total Space | 505.10 Gb Free Space | 98.52% Space Free | Partition Type: NTFS
Drive E: | 518.35 Gb Total Space | 514.04 Gb Free Space | 99.17% Space Free | Partition Type: NTFS

Computer Name: FIRSTFLOOROFFIC | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = jsfile] -- c:\Corel\Suite8\Programs\CCWin\CSCAPE.EXE (Netscape Communications Corporation)

[HKEY_USERS\S-1-5-21-484763869-602162358-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- c:\Corel\Suite8\Programs\CCWin\Cscape.exe (Netscape Communications Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ENCORE\ENCORE Wireless Manager - USB Adapter\RtWLan.exe" = C:\Program Files\ENCORE\ENCORE Wireless Manager - USB Adapter\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Documents and Settings\Baba\Local Settings\Temp\nszF.tmp\setup.exe" = C:\Documents and Settings\Baba\Local Settings\Temp\nszF.tmp\setup.exe:*:Enabled:Kaspersky Internet Security 2012 [12.0.0.374.0.395.0]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = ENCORE Wireless Manager - USB Adapter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1" = UBitMenu UK
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gyula's Navigator_is1" = Gyula's Navigator 1.28b
"HD Tune_is1" = HD Tune 2.53
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Mozilla Thunderbird 9.0.1 (x86 en-US)" = Mozilla Thunderbird 9.0.1 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Revo Uninstaller" = Revo Uninstaller 1.93
"RSX2Uninst" = Intel RSX 3D
"Speed Dial Utility" = Canon Speed Dial Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-602162358-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2012 4:24:25 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1001
Description = Fault bucket -1486517853.

Error - 1/27/2012 4:40:53 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 12.0.0.374, faulting module
klavasyswatch.dll.8656a9d71373595044cd317c14b4a298, version 2.3.3.247, fault address
0x0000d899.

Error - 1/27/2012 4:41:56 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1001
Description = Fault bucket -1504972847.

Error - 1/27/2012 4:43:16 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 12.0.0.374, faulting module
kas_filtration.dll, version 1.5.0.1, fault address 0x0004bab5.

Error - 1/27/2012 4:43:21 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1001
Description = Fault bucket -1698785620.

Error - 1/27/2012 5:15:31 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 12.0.0.374, faulting module
qtscript4.dll, version 4.7.2.0, fault address 0x00065a33.

Error - 1/27/2012 5:15:37 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1001
Description = Fault bucket -1765583354.

Error - 1/28/2012 1:24:05 PM | Computer Name = FIRSTFLOOROFFIC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ole32.dll, version 5.1.2600.6168, fault address 0x0002a653.

Error - 1/28/2012 2:21:45 PM | Computer Name = FIRSTFLOOROFFIC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 1/28/2012 2:21:45 PM | Computer Name = FIRSTFLOOROFFIC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ OSession Events ]
Error - 1/27/2012 12:01:52 AM | Computer Name = FIRSTFLOOROFFIC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 685
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/27/2012 7:03:02 PM | Computer Name = FIRSTFLOOROFFIC | Source = System Error | ID = 1003
Description = Error code 00000024, parameter1 001902fe, parameter2 a6b68760, parameter3
a6b6845c, parameter4 804f56d4.

Error - 1/27/2012 7:18:22 PM | Computer Name = FIRSTFLOOROFFIC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 1/27/2012 8:14:06 PM | Computer Name = FIRSTFLOOROFFIC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/27/2012 10:07:27 PM | Computer Name = FIRSTFLOOROFFIC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
33825034

Error - 1/27/2012 10:09:10 PM | Computer Name = FIRSTFLOOROFFIC | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 1/28/2012 1:22:10 PM | Computer Name = FIRSTFLOOROFFIC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
33825034

Error - 1/28/2012 1:22:12 PM | Computer Name = FIRSTFLOOROFFIC | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 1/28/2012 1:22:40 PM | Computer Name = FIRSTFLOOROFFIC | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 1/28/2012 2:49:27 PM | Computer Name = FIRSTFLOOROFFIC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
33825034

Error - 1/28/2012 2:50:18 PM | Computer Name = FIRSTFLOOROFFIC | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.


< End of report >
  • 0

#156
CompCav
Posted 29 January 2012 - 01:29 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Tell me how the start up of the OLD computer went unchecking the items I gave you in my previous post.



New Computer

Which antivirus did you install? You need one. Did you use the Kaspersky remover?


You have symptoms of a memory issue with the new computer.

Please run thsi memory test. Run this on the new computer for a minimum of 8 full cycles.
http://www.geekstogo...sing-memtest86/
The guide is comprehensive with images.


If you get evidence of a bad memory stick remove all but one and test them one at a time for 8 full cycles.
  • 0

#157
jsaklas
Posted 29 January 2012 - 09:50 PM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

The problem may have something to do with Kaspersky. It is not working properly. I keep getting Kaspersky error messages about not being up to date (Despite loading the updates.), problems with memory dumps and others. I purchased K Internet 2012 and use the CD to load it. HOwever, now I used the K uninstall program to remove it. Once removed the system is more stable. THe computer has not shut down once (Note, the compter was shutting down or rebooting; it was not giving me the "blue screen." Once this evening Firefox did crash.

I will now run the memtest.

OLD COMPUTER: It appears to "fire up" a little faster. IT is hard to tell, since it depends on how many AVIRA update files are downloaded. AVIRA dumps these at start-up. If there are many files, it takes several minutes, if only one, then it takes less than a minute. Overall I am happy with the machine's performance, so I think we can put that problem "to bed."
  • 0

#158
CompCav
Posted 29 January 2012 - 09:56 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the update and please make sure you have an AntiVirus installed and resident.

If it is a Kaspersky issue just use a free one like I suggested.

CompCav
  • 0

#159
jsaklas
Posted 30 January 2012 - 01:16 AM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I ran the memtest on the all the Ram together; I let it run for 2+ hours. I don't understand the results. In the summary portion there are about ten columns. If I read this correctly it says I've got 932,608 Errors! :wacko: That hardly seems possible. The computer appears to be working OK (so far) as long as I don't have Kaspersky loaded. Clearly something happened, because for more than a month all worked perfectly WITH Kaspersky Internet Security 2012 loaded and running.

Should I try to run the memtest on each memory stick?

ALso, until we discover and fix the problem I will load the free AVIRA, but I liked Kaspersky and I would like to get to where I was a week ago. Can a virus attack and destroy hardware (the Memory), if not, and if indeed one or more memory sticks are bad, what could have caused it.

js
  • 0

#160
jsaklas
Posted 30 January 2012 - 01:50 AM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I could not load the free AVIRA. While it was downloading I got several errors. The first said (more or less) "Avgard has encountered a problem and must close, sorry for the inconvenience." The downloading continued and then I got: "Could not load all updates" Also: "While loading the module (alcore.dll) the following error occurred. Definition file .VDF is destroyed." [NOTE: All quotes are approximate.]

The AVIRA umbrella in the bottom tray was not open. I tried to rerun the load program with the repair option and I got another error: "The validation of the engine and the virus definition file failed. No files copied."

I now have two unopened AVIRA umbrellas in the tray.


js
  • 0

Advertisements

#161
CompCav
Posted 30 January 2012 - 06:56 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Disconnect this machine from the internet. Without a resident AV it can be a huge target for malware.

Should I try to run the memtest on each memory stick?


Yes the errors indicate a bad memory stick so test them one at a time and see which one is bad. Or if all are bad. This is now your primary problem.

Memory can fail for many reasons that have nothing to do with anything you did.

So please follow the directions on the memtest page and remove all but one stick, then run the test. If the stick gives errors it is bad, set it aside and run the next one until you have tested them all. If you find a stick that has no errors set it aside in the "good pile" then continue testing if you have more than two. If all of your memory tests bad, please note which stick has the least errors.The number of errors you have is indicative of bad memory stick(s).


Now a few questions:

Did you buy the computer new?

Does it have a warranty?

What brand and model number is it?
  • 0

#162
jsaklas
Posted 30 January 2012 - 11:15 AM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I did buy it new via ebay (I know everyone says not do so, but I've bought dozens of stuff, including my computers, via ebay and have never had a problem.). It is custom made (probably by a high schooler in his dad's garage). I've bought all my computers that way and never had a problem. I know the motherboard is a ASRock HS61M-GE. The processor is a Intel Celeron. It uses the ASRock XFast USB user interface (whatever that is). IF you need more information that I can access, please guide me on how to access it. I will contact the seller to see what he will do for me.

Also, the two closed AVIRA umbrellas are gone, and now there is one and it is opened. HOwever, although it now sees Real Time protection is active, it is also telling me that the last update was not performed. Moreover, if I try to update it, I get "The updater GUI could not be started."

I will now take it apart and try the memtest on each memory stick - I'm interested in seeing where there are 900,000+ errors.


js

Edited by jsaklas, 30 January 2012 - 11:15 AM.

  • 0

#163
CompCav
Posted 30 January 2012 - 11:43 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
At least one memory stick is bad. If you have a warranty with this person/company you need to have them replace the stick or sticks of memory that are bad.

If you have no warranty then do this:

For the memory I would recommend that you run the Crucial scanner as that will give you full details about the RAM that your system will accept. It may not run online so if it does not just accept the download and run it. The specs for your memory will show and you can purchase it from them or elsewhere but the specs are very specific to your machine.

CompCav
  • 0

#164
jsaklas
Posted 30 January 2012 - 05:30 PM

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

My computer had two cards. I ran memtest on the first and after many tests (1.5+ hours) it had no errors. The second card was a disaster - it showed errors right from the first test.

I'm now using the machine with the one good card. AVIRA loaded its update with no problem. So far there are no problems whatsoever. I have emailed the seller to see if he will honor the warranty on the bad card. I will keep you informed.

Also I would like to uninstall the free AVIRA and go back to my purchased Kaspersky - do you recommend using REVO or some other method to remove the AVIRA?


js

Edited by jsaklas, 30 January 2012 - 05:31 PM.

  • 0

#165
CompCav
Posted 30 January 2012 - 05:32 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
First how much memory do you have installed with just the one card? I need to know if you will have enough to run Kaspersky.

Second I will post a removal tool for Avira shortly.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP