Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD, No internet, "Host process for windows services stopped work

Started by unfriendly1 , Dec 10 2011 12:51 PM

  • Please log in to reply

#1
unfriendly1
Posted 10 December 2011 - 12:51 PM

unfriendly1

    New Member

  • Member
  • Pip
  • 1 posts
Argh! Been trying to fix this pc (Dell XPS 420) for 30+ hours now. No progress being made. Thanks for
any help or ideas!

OTL logfile created on: 12/10/2011 11:47:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cronos\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 78.54% Memory free
6.68 Gb Paging File | 6.12 Gb Available in Paging File | 91.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 270.77 Gb Free Space | 60.08% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 9.69 Gb Free Space | 99.22% Space Free | Partition Type: NTFS
Drive G: | 3.81 Gb Total Space | 0.14 Gb Free Space | 3.55% Space Free | Partition Type: FAT32

Computer Name: FOAD-PC | User Name: Cronos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 13:44:42 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/10/16 07:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cronos\Desktop\OTL.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/20 12:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe


========== Modules (No Company Name) ==========

MOD - [2008/06/03 02:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/06/07 19:22:16 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2010/12/23 12:58:08 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/24 13:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy US Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PhotoJoy US Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/09 14:55:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/09 14:55:26 | 000,000,000 | ---D | M]

[2009/08/17 23:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cronos\AppData\Roaming\Mozilla\Extensions
[2011/11/13 18:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cronos\AppData\Roaming\Mozilla\Firefox\Profiles\lt69femo.default\extensions
[2011/11/13 18:21:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Cronos\AppData\Roaming\Mozilla\Firefox\Profiles\lt69femo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/09 13:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/09 13:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2011/10/01 13:50:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2009/10/17 02:19:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/09 15:38:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/01 13:50:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 13:20:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/08 17:48:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 15:38:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Cronos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: No name found = C:\Users\Cronos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/26 21:44:10 | 000,435,011 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14974 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E0CC8C-297E-47AD-80CC-55517D2A8692}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94879FD5-893F-4F51-A967-AA67C1D7EA0D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/06/17 05:50:18 | 000,000,054 | ---- | M] () - G:\autorun.bat -- [ FAT32 ]
O32 - AutoRun File - [2003/02/22 23:23:20 | 000,000,045 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/05/01 17:35:56 | 000,000,967 | ---- | M] () - G:\autorun.pif -- [ FAT32 ]
O33 - MountPoints2\{0c6a04cc-22bc-11e1-b99b-001ec949a723}\Shell\AutoRun\command - "" = G:\autorun.bat -- [2001/06/17 05:50:18 | 000,000,054 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 11:47:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cronos\Desktop\OTL.exe
[2011/12/10 11:16:16 | 000,000,000 | ---D | C] -- C:\Users\Cronos\Desktop\backups
[2011/12/10 11:03:29 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Users\Cronos\Desktop\cwshredder.exe
[2011/12/10 11:03:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cronos\Desktop\HijackThis.exe
[2011/12/10 10:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 10:52:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/10 10:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/10 10:51:55 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cronos\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 18:17:34 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/12/09 17:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/12/09 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011/12/09 17:26:01 | 000,000,000 | ---D | C] -- C:\Users\Cronos\AppData\Roaming\Product_RM
[2011/12/09 17:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/09 17:21:46 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/12/09 17:21:46 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/12/09 17:21:46 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2011/12/09 17:21:46 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/12/09 17:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/09 17:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/12/09 17:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/09 17:15:55 | 004,734,424 | ---- | C] (PC Tools) -- C:\Users\Cronos\Desktop\rminstall.exe
[2011/12/09 17:06:08 | 000,000,000 | ---D | C] -- C:\Users\Cronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/12/09 17:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/12/09 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/12/09 17:04:45 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Cronos\Desktop\cnet2_RegpairSetup_exe.exe
[2011/12/09 16:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/12/09 16:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2011/12/09 16:41:50 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Users\Cronos\Desktop\msicuu2.exe
[2011/12/09 16:40:57 | 000,285,168 | ---- | C] (Microsoft Corporation) -- C:\Users\Cronos\Desktop\msicu.exe
[2011/12/09 13:54:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/09 13:54:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/09 13:54:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/09 13:48:06 | 000,000,000 | ---D | C] -- C:\dell
[2011/12/08 09:01:48 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Users\Cronos\Desktop\MicrosoftFixit.wu.Run(1).exe
[2011/12/08 00:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/08 00:45:48 | 000,000,000 | ---D | C] -- C:\Users\Cronos\AppData\Roaming\IObit
[2011/12/08 00:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/12/08 00:42:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/07 22:54:04 | 000,151,696 | ---- | C] (Symantec Corporation) -- C:\Users\Cronos\Desktop\fxsasser.exe
[2011/12/07 21:58:58 | 000,000,000 | ---D | C] -- C:\Users\Cronos\AppData\Local\Microsoft Corporation
[2011/12/07 21:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/12/07 19:04:45 | 000,000,000 | ---D | C] -- C:\9c64b24141224db9271ffc64db
[2011/12/07 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/07 18:33:11 | 000,000,000 | ---D | C] -- C:\Users\Cronos\Documents\VSAPI-NT-DLL-9.500-1008
[2011/12/07 18:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/07 08:49:14 | 000,000,000 | ---D | C] -- C:\77fe88f47c78d583db79319debd07df5
[2011/12/05 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\Cronos\Desktop\Fix it portable
[2011/12/05 21:25:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/29 19:10:13 | 000,000,000 | ---D | C] -- C:\Users\Cronos\Desktop\all my [bleep]

========== Files - Modified Within 30 Days ==========

[2011/12/10 11:44:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 11:44:41 | 000,002,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 11:44:41 | 000,002,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 11:44:33 | 001,505,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 11:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/10 11:44:16 | 3487,481,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 11:44:13 | 159,361,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/10 11:37:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/10 11:37:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/10 11:17:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 10:52:18 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 10:50:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cronos\Desktop\HijackThis.exe
[2011/12/10 10:50:04 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Users\Cronos\Desktop\cwshredder.exe
[2011/12/10 10:49:04 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cronos\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/10 10:46:40 | 000,595,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/10 10:46:40 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/09 17:54:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/09 17:54:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/09 17:27:45 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2011/12/09 17:06:09 | 000,000,840 | ---- | M] () -- C:\Users\Cronos\Desktop\Free Window Registry Repair.lnk
[2011/12/09 17:04:45 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Cronos\Desktop\cnet2_RegpairSetup_exe.exe
[2011/12/09 16:41:50 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Users\Cronos\Desktop\msicuu2.exe
[2011/12/09 16:40:57 | 000,285,168 | ---- | M] (Microsoft Corporation) -- C:\Users\Cronos\Desktop\msicu.exe
[2011/12/09 16:31:12 | 127,691,975 | ---- | M] () -- C:\Users\Cronos\Desktop\Windows6.0-KB947821-v15-x86.msu
[2011/12/08 09:01:48 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Cronos\Desktop\MicrosoftFixit.wu.Run(1).exe
[2011/12/08 08:59:21 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/12/08 08:59:21 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/12/08 08:59:21 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/12/07 22:54:05 | 000,151,696 | ---- | M] (Symantec Corporation) -- C:\Users\Cronos\Desktop\fxsasser.exe
[2011/12/07 22:30:27 | 000,000,883 | ---- | M] () -- C:\Users\Cronos\Desktop\Hosts
[2011/12/07 22:12:13 | 000,000,104 | ---- | M] () -- C:\Users\Cronos\Desktop\Computer - Shortcut.lnk
[2011/12/07 21:58:26 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/12/07 18:45:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/07 18:40:35 | 000,000,943 | ---- | M] () -- C:\Users\Cronos\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/05 22:39:19 | 072,646,864 | ---- | M] () -- C:\Users\Cronos\Desktop\msert.exe
[2011/12/05 21:46:58 | 000,000,114 | ---- | M] () -- C:\Users\Cronos\Desktop\autorun.inf
[2011/12/03 16:31:36 | 007,686,995 | ---- | M] () -- C:\Users\Cronos\Desktop\DEC - CALENDER.psd
[2011/12/03 14:13:04 | 002,011,302 | ---- | M] () -- C:\Users\Cronos\Desktop\decemberHB.jpg
[2011/12/03 14:08:56 | 002,613,374 | ---- | M] () -- C:\Users\Cronos\Desktop\December.jpg
[2011/12/02 20:26:53 | 000,821,718 | ---- | M] () -- C:\Users\Cronos\Desktop\december advance.jpg
[2011/12/01 19:26:27 | 001,433,078 | ---- | M] () -- C:\Users\Cronos\Desktop\december advance.psd
[2011/11/29 19:15:02 | 000,026,624 | ---- | M] () -- C:\Users\Cronos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/29 19:00:44 | 000,000,362 | ---- | M] () -- C:\Users\Cronos\Desktop\Music - Shortcut.lnk
[2011/11/27 12:15:44 | 000,000,538 | ---- | M] () -- C:\Users\Cronos\Documents\cc_20111127_121541.reg
[2011/11/26 21:44:10 | 000,435,011 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/26 21:18:37 | 000,001,640 | ---- | M] () -- C:\Users\Cronos\Documents\cc_20111126_211833.reg
[2011/11/15 14:29:56 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2011/12/10 11:37:46 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/10 11:37:46 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/10 10:52:18 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 10:35:45 | 000,699,388 | ---- | C] () -- C:\Users\Cronos\Desktop\XPS420-A07.EXE
[2011/12/10 10:03:54 | 3487,481,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/09 17:27:45 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2011/12/09 17:21:46 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/12/09 17:06:09 | 000,000,840 | ---- | C] () -- C:\Users\Cronos\Desktop\Free Window Registry Repair.lnk
[2011/12/09 16:42:30 | 000,001,872 | ---- | C] () -- C:\Users\Cronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/12/09 16:29:43 | 127,691,975 | ---- | C] () -- C:\Users\Cronos\Desktop\Windows6.0-KB947821-v15-x86.msu
[2011/12/08 08:39:59 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/12/08 00:53:23 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/12/07 22:30:27 | 000,000,883 | ---- | C] () -- C:\Users\Cronos\Desktop\Hosts
[2011/12/07 22:12:13 | 000,000,104 | ---- | C] () -- C:\Users\Cronos\Desktop\Computer - Shortcut.lnk
[2011/12/07 21:58:26 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/12/07 21:58:26 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/12/05 22:39:55 | 072,646,864 | ---- | C] () -- C:\Users\Cronos\Desktop\msert.exe
[2011/12/05 21:46:58 | 000,000,114 | ---- | C] () -- C:\Users\Cronos\Desktop\autorun.inf
[2011/12/05 21:45:21 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/12/05 21:45:21 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/12/05 21:45:21 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/12/03 14:12:57 | 002,011,302 | ---- | C] () -- C:\Users\Cronos\Desktop\decemberHB.jpg
[2011/12/03 14:08:55 | 002,613,374 | ---- | C] () -- C:\Users\Cronos\Desktop\December.jpg
[2011/12/01 19:26:26 | 001,433,078 | ---- | C] () -- C:\Users\Cronos\Desktop\december advance.psd
[2011/12/01 19:19:11 | 000,821,718 | ---- | C] () -- C:\Users\Cronos\Desktop\december advance.jpg
[2011/12/01 18:28:25 | 004,728,788 | ---- | C] () -- C:\Users\Cronos\Desktop\08-15-11.jpg
[2011/11/29 19:44:21 | 007,686,995 | ---- | C] () -- C:\Users\Cronos\Desktop\DEC - CALENDER.psd
[2011/11/29 19:00:44 | 000,000,362 | ---- | C] () -- C:\Users\Cronos\Desktop\Music - Shortcut.lnk
[2011/11/27 12:29:38 | 159,361,016 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/27 12:15:43 | 000,000,538 | ---- | C] () -- C:\Users\Cronos\Documents\cc_20111127_121541.reg
[2011/11/26 21:18:35 | 000,001,640 | ---- | C] () -- C:\Users\Cronos\Documents\cc_20111126_211833.reg
[2011/06/08 13:02:04 | 000,000,000 | ---- | C] () -- C:\Users\Cronos\AppData\Local\{D9B7D9BF-C93C-4A6C-9064-1C32B1F801E0}
[2011/06/07 19:22:39 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2011/06/07 19:22:39 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011/01/06 15:59:00 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/10/16 10:26:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/19 14:17:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/19 14:16:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/07 02:40:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/07 02:14:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/04 06:46:58 | 000,026,624 | ---- | C] () -- C:\Users\Cronos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 20:48:03 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/08/17 23:08:30 | 000,000,552 | ---- | C] () -- C:\Users\Cronos\AppData\Local\d3d8caps.dat
[2009/08/17 23:00:21 | 000,000,680 | ---- | C] () -- C:\Users\Cronos\AppData\Local\d3d9caps.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/06/03 02:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/03 02:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/04/28 20:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/05 23:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/08/21 20:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2007/08/21 18:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 001,505,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,595,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/07/05 08:12:06 | 000,027,136 | ---- | C] () -- C:\Windows\System32\authdvd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP