Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Won't Boot: Error ' Kernel data inpage error' [Cl


  • This topic is locked This topic is locked

#31
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ComboFix 12-12-14.01 - timothy 12/15/2012 9:13.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1070 [GMT 4:00]
Running from: c:\documents and settings\timothy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\timothy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\flvDX.dll"
"c:\windows\system32\msfDX.dll"
"c:\windows\system32\nbDX.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\tender
c:\tender\InterPol\DeSKtOp.InI
c:\tender\InterPol\NkeY.exe
c:\windows\system32\flvDX.dll
c:\windows\system32\msfDX.dll
c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-08 16:06 . 2012-12-08 16:06 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-06-30 07:21 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2009-08-04 23:31 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-08-04 23:31 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-08-04 23:31 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-08-04 23:31 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-08-04 23:31 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-08-04 23:31 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-08-04 23:31 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-11-01 13:02 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2009-08-04 23:31 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-17 21:54 . 2012-10-17 21:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-17 21:54 . 2010-07-21 19:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 15:54 . 2011-09-13 04:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 11:22 . 2011-09-21 05:05 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-03 10:15 . 2010-07-03 10:15 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\timothy\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\timothy\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\timothy\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\timothy\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-28 273544]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-27 41032304]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\timothy\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\timothy\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-11-7 1512720]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-1-29 192512]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-2-18 66864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-2-9 49220]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility .lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility .lnk
backup=c:\windows\pss\Wireless Configuration Utility .lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 -c----r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-04-23 06:59 174104 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-04-23 07:00 141848 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 10:52 2072576 -c--a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-04-23 06:59 144920 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-13 06:31 16857600 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMCService"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"LVPrcSrv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\timothy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\timothy\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/15/2012 09:13 PM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/30/2011 11:21 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/5/2009 03:31 AM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2009 03:31 AM 21256]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [8/3/2012 05:10 AM 476016]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [8/3/2012 05:12 AM 387440]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [11/8/2011 04:15 PM 88688]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/10/2012 06:14 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/13/2011 08:16 AM 676936]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [1/29/2009 02:45 PM 28160]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11/8/2011 04:14 PM 61552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/13/2011 08:16 AM 22856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/8/2011 04:15 PM 2804720]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 01:28 PM 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/3/2010 02:15 PM 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 04:49 PM 227232]
S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [1/29/2009 02:45 PM 56320]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2/14/2009 09:31 PM 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2/14/2009 09:31 PM 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2/14/2009 09:31 PM 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2/14/2009 09:35 PM 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2/14/2009 09:36 PM 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2/14/2009 09:31 PM 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2/14/2009 09:36 PM 90800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 04:06 PM 11520]
S4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 02:52 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 13:57]
.
2012-12-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 22:50]
.
2011-02-22 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-02-11 10:28]
.
2011-02-14 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-02-11 10:28]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500Core.job
- c:\documents and settings\timothy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-28 17:41]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500UA.job
- c:\documents and settings\timothy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-28 17:41]
.
2011-02-22 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-02-11 10:28]
.
2012-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1390067357-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 10:25]
.
2012-12-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1390067357-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 10:25]
.
2011-02-14 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-02-11 10:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.132.63.25 80.227.2.4
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\
FF - prefs.js: browser.search.defaulturl -
FF - ExtSQL: !HIDDEN! 2009-09-22 10:52; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-30351873.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-15 09:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1220945662-1390067357-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,ea,3e,fe,7e,14,bd,41,a4,b4,f2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,fb,2b,fe,9b,4f,d5,43,aa,77,79,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,ea,3e,fe,7e,14,bd,41,a4,b4,f2,\
.
Completion time: 2012-12-15 09:19:43
ComboFix-quarantined-files.txt 2012-12-15 05:19
ComboFix2.txt 2012-12-12 11:04
ComboFix3.txt 2011-09-13 22:22
.
Pre-Run: 6,491,463,680 bytes free
Post-Run: 6,465,601,536 bytes free
.
- - End Of File - - 88EF5A6A47990B634C52BFB3AD58AB57
  • 0

Advertisements


#32
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Step 1.

Rerun OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    C:\tender\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 2.

Please post:

OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

#33
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 12/16/2012 10:43:38 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\timothy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.28% Memory free
3.81 Gb Paging File | 2.80 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 5.89 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive E: | 436.46 Gb Total Space | 20.79 Gb Free Space | 4.76% Space Free | Partition Type: NTFS

Computer Name: TIM | User Name: timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/10 19:27:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\timothy\Desktop\OTL.exe
PRC - [2012/10/31 02:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/03 05:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/05/24 22:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/11 04:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/28 19:23:46 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/22 17:21:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe
PRC - [2009/02/18 01:45:19 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/13 15:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 15:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 15:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 20:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/12/13 18:36:46 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2007/06/25 10:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 10:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 10:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/17 18:50:03 | 002,040,320 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12121701\algo.dll
MOD - [2012/12/16 11:25:22 | 002,040,320 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12121600\algo.dll
MOD - [2012/08/03 05:19:06 | 000,009,584 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
MOD - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MOD - [2012/08/03 05:08:20 | 000,658,800 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\af_proxy.dll
MOD - [2012/04/11 04:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/07/29 03:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/03 14:15:39 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/02/18 01:45:18 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2008/04/14 04:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/13 15:13:48 | 000,108,816 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/02/13 15:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/02/13 15:04:40 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/02/13 15:04:18 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/02/13 15:04:06 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/02/13 15:03:20 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/02/13 15:02:58 | 000,344,336 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/02/13 15:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/02/05 20:18:58 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2007/08/14 17:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/03 05:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/03 05:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/22 17:21:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)
SRV - [2010/01/15 16:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/04 14:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/02/05 20:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 20:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 20:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/06/25 10:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\timothy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/31 02:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 02:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 02:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 02:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/31 02:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 02:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/31 02:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/27 01:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/03/07 04:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/03/18 20:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/22 17:21:40 | 002,804,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/06/25 11:07:44 | 000,061,552 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/23 12:38:50 | 000,056,320 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2008/03/17 13:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/27 10:08:04 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2008/02/14 13:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/02/06 06:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/06 06:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/02/06 06:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 06:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 20:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 20:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2008/01/03 18:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/25 10:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 10:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 10:47:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/06/25 10:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/02/08 14:56:20 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic)
DRV - [2007/02/08 14:56:06 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
DRV - [2007/02/08 14:56:02 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5)
DRV - [2007/02/08 14:56:00 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt)
DRV - [2007/02/08 14:55:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
DRV - [2007/02/08 14:55:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
DRV - [2007/02/08 14:55:40 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus)
DRV - [2006/08/28 19:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 19:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [1996/04/03 23:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/16 20:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/12/08 20:08:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/11 23:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/11 23:45:32 | 000,000,000 | ---D | M]

[2009/08/04 00:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Extensions
[2012/12/14 21:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions
[2011/12/18 22:51:32 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\[email protected]
[2012/12/14 21:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 23:18:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TIMOTHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8PKOQUIB.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TIMOTHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8PKOQUIB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TIMOTHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8PKOQUIB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/02/27 15:22:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/26 08:58:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/26 08:58:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.za/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.za/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Google Translate = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Facebook = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Calendar = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.54_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Downloads = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1\
CHR - Extension: Google Maps = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Dictionary (by Google) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Picasa = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Instagram for Chrome = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\3.5.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/15 09:18:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1220945662-1390067357-839522115-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\timothy\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CE6526-2D5C-4759-A5E6-1953A4E5F477}: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{636C073A-D6EC-4CEE-B0B7-2C83000ACD4A}: DhcpNameServer = 213.132.63.25 80.227.2.4
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\timothy\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\timothy\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/29 13:16:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/11 23:50:08 | 005,010,912 | R--- | C] (Swearware) -- C:\Documents and Settings\timothy\Desktop\ComboFix.exe
[2012/12/08 21:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\timothy\Desktop\broken PC 3 Dec 2012
[2012/12/08 21:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\timothy\Desktop\old OTL scans
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/16 21:55:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500UA.job
[2012/12/16 21:22:36 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2012/12/16 21:18:11 | 000,436,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/16 21:18:11 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/16 21:16:26 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/16 21:13:26 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2012/12/16 21:13:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/16 21:13:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/16 21:12:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/12/15 12:11:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2012/12/15 09:55:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500Core.job
[2012/12/15 09:18:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/15 09:07:27 | 005,010,912 | R--- | M] (Swearware) -- C:\Documents and Settings\timothy\Desktop\ComboFix.exe
[2012/12/15 09:02:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Microsoft Office Word 2003.lnk
[2012/12/14 21:51:57 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Microsoft Office Excel 2003.lnk
[2012/12/14 09:45:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/12/12 07:47:37 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 00:42:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/11 22:58:06 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Google Chrome.lnk
[2012/12/11 22:58:06 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/10 19:51:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\MBR.dat
[2012/12/10 19:27:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\timothy\Desktop\OTL.exe
[2012/12/10 18:14:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 21:35:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/08 20:10:39 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/08 20:10:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/20 20:35:13 | 000,168,448 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/19 23:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/10 19:51:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\timothy\Desktop\MBR.dat
[2012/07/03 08:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2012/06/16 12:09:40 | 000,178,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/10 19:53:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 01:53:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/14 11:11:45 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/11/08 16:15:35 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2011/11/08 16:15:35 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2011/11/08 16:14:22 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/11/08 16:14:22 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/11/08 16:14:10 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/11/08 16:14:10 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/09/14 01:19:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/14 01:19:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/14 01:19:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/14 01:19:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/14 01:19:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/28 18:40:35 | 000,065,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/09 02:46:25 | 000,168,448 | ---- | C] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 02:40:20 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\timothy\default.pls
[2008/06/23 15:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 19:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml

========== ZeroAccess Check ==========

[2009/01/29 14:43:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 20:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 16:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/03/29 00:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/11/01 17:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/11 19:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2012/06/02 19:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2009/02/14 22:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/02/11 18:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/12 00:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/07/03 02:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/03/12 00:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2010/08/07 08:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2012/06/15 19:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temp\Application Data\Research In Motion
[2010/07/03 14:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temp\Application Data\Teleca
[2009/03/29 00:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\ACD Systems
[2011/08/16 20:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\DDMSettings
[2012/12/16 21:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Dropbox
[2010/07/13 01:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\GetRightToGo
[2011/09/12 16:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\go
[2009/02/18 01:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Leadertech
[2011/02/11 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\NCH Swift Sound
[2011/12/14 11:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Research In Motion
[2011/09/14 09:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Sammsoft
[2012/09/30 00:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\SecondLife
[2011/11/03 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Teleca
[2010/07/31 16:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Uniblue
[2009/03/12 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Vodafone

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 04:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 04:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 04:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 17:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 04:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 04:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 21:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 04:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 03:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 04:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 04:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 04:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 04:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 04:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 04:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 04:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 20:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 17:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 04:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 04:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 16:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 04:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 04:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 04:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 09:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 03:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 04:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 04:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 04:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 04:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 04:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 03:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 04:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 04:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 04:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 04:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 04:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 04:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 16:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 04:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 04:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 10:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 16:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 15:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 04:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 04:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 21:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 14:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 16:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2009/01/29 13:16:31 | 000,001,602 | ---- | M] () MD5=1E4FD449495B5FC66E2BBCDA13E3D1F5 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 16:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 04:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 04:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 16:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 16:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 04:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 16:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 16:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 16:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< C:\tender\*.* /s >
[2009/01/29 13:15:04 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/29 13:18:27 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010/06/28 21:41:55 | 000,000,934 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500Core.job
[2010/06/28 21:41:55 | 000,000,986 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500UA.job
[2010/07/03 01:53:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011/01/28 19:28:36 | 000,000,290 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2011/02/11 15:00:26 | 000,000,286 | ---- | C] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
[2011/02/12 01:33:13 | 000,000,298 | ---- | C] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2011/02/13 10:22:33 | 000,000,302 | ---- | C] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/02/13 10:22:38 | 000,000,282 | ---- | C] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2011/09/14 02:09:59 | 000,000,282 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2012/07/11 23:22:56 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/11/01 04:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/11/01 04:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/11/01 04:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/12/05 05:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/11/01 04:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/11/01 04:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/11/01 04:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

< End of report >
  • 0

#34
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL Extras logfile created on: 12/16/2012 10:43:38 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\timothy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.28% Memory free
3.81 Gb Paging File | 2.80 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 5.89 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive E: | 436.46 Gb Total Space | 20.79 Gb Free Space | 4.76% Space Free | Partition Type: NTFS

Computer Name: TIM | User Name: timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29498512-A137-4478-8691-922829F108DC}" = HP Deskjet 2050 J510 series Product Improvement Study
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C2E24E-2496-42F8-A065-E5E49B6C1088}" = BlackBerry Desktop Software 4.6
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Applian FLV Player2.0.24" = Applian FLV Player
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVI Codec Pack" = AVI Codec Pack
"Avi Fix Joiner 2.11" = Avi Fix Joiner 2.11
"BlackBerry_{D0C2E24E-2496-42F8-A065-E5E49B6C1088}" = BlackBerry Desktop Software 4.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX Setup
"DualCoreCenter_is1" = DualCoreCenter
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 2.67
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Liveupdate4_is1" = Liveupdate4
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 12.0" = RealPlayer
"Smart WAV Converter_is1" = Smart WAV Converter
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Tweak UI 2.10" = Tweak UI
"Video Fixer 3.23_is1" = Video Fixer 3.23
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/13/2012 12:11:46 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/13/2012 12:11:46 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19922

Error - 12/13/2012 12:11:46 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19922

Error - 12/13/2012 12:11:48 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/13/2012 12:11:48 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21906

Error - 12/13/2012 12:11:48 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21906

Error - 12/13/2012 12:11:50 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/13/2012 12:11:50 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23891

Error - 12/13/2012 12:11:50 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23891

Error - 12/14/2012 01:11:30 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.6.0.17, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 12/13/2012 12:11:46 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/13/2012 12:11:46 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19922

Error - 12/13/2012 12:11:46 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19922

Error - 12/13/2012 12:11:48 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/13/2012 12:11:48 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21906

Error - 12/13/2012 12:11:48 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21906

Error - 12/13/2012 12:11:50 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/13/2012 12:11:50 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23891

Error - 12/13/2012 12:11:50 PM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23891

Error - 12/14/2012 01:11:30 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.6.0.17, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/14/2012 03:20:20 PM | Computer Name = TIM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 12/15/2012 12:59:18 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/15/2012 12:59:22 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/15/2012 12:59:39 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/15/2012 01:00:02 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/15/2012 01:00:13 AM | Computer Name = TIM | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a851c20, parameter3
8a851d94, parameter4 805d22aa.

Error - 12/16/2012 01:13:51 PM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/16/2012 01:13:56 PM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/16/2012 01:14:07 PM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/16/2012 01:14:27 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >



Computer hasn't crashed recently and left it on overnight.
  • 0

#35
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Step 1.

Open MalwareBytes'
  • Click the Update tab and then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

#36
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.18.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
timothy :: TIM [administrator]

12/17/2012 10:10:56 PM
mbam-log-2012-12-17 (22-10-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250830
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#37
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ESET

C:\Documents and Settings\timothy\My Documents\Downloads\GraboidVideoSetup-2.2-Complete.exe Win32/Graboid application cleaned by deleting - quarantined
C:\Documents and Settings\timothy\My Documents\Downloads\registryboosterfe.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\timothy\My Documents\Downloads\speedupmypc (1).exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Documents and Settings\timothy\My Documents\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
E:\software\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k.zip a variant of Win32/HackTool.Patcher.H application deleted - quarantined
E:\software\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AxCmd_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application cleaned by deleting - quarantined
E:\software\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AXShlEx.dll_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application cleaned by deleting - quarantined
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k.zip a variant of Win32/HackTool.Patcher.H application deleted - quarantined
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AxCmd_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application cleaned by deleting - quarantined
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AXShlEx.dll_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application cleaned by deleting - quarantined
  • 0

#38
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
eset text file

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=c6b7e56291537f4083723a783edaa199
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-17 08:33:06
# local_time=2012-12-18 12:33:06 (+0400, Arabian Standard Time)
# country="South Africa"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 95 789196 132486258 0 0
# scanned=124737
# found=10
# cleaned=10
# scan_time=4875
C:\Documents and Settings\timothy\My Documents\Downloads\GraboidVideoSetup-2.2-Complete.exe Win32/Graboid application (cleaned by deleting - quarantined) 09B402F3434EA7A1DEC8F1BF5CA74E449AE6F3DB C
C:\Documents and Settings\timothy\My Documents\Downloads\registryboosterfe.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 9DCCB2E5DEA51F7EBE2ABE9B1E319C64AA51B714 C
C:\Documents and Settings\timothy\My Documents\Downloads\speedupmypc (1).exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) D85D79C5EF9B039EDC1F7FB74149824D6DE5C03C C
C:\Documents and Settings\timothy\My Documents\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) D85D79C5EF9B039EDC1F7FB74149824D6DE5C03C C
E:\software\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k.zip a variant of Win32/HackTool.Patcher.H application (deleted - quarantined) F9FC39B998A09FA1C2C33635E5C488770F0C6601 C
E:\software\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AxCmd_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application (cleaned by deleting - quarantined) 49AA2D21015D79B40F5284779127925641C0B91A C
E:\software\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AXShlEx.dll_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application (cleaned by deleting - quarantined) EB0DEAC39DFBA451768FFC57E145672345B33BD1 C
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k.zip a variant of Win32/HackTool.Patcher.H application (deleted - quarantined) F9FC39B998A09FA1C2C33635E5C488770F0C6601 C
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AxCmd_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application (cleaned by deleting - quarantined) 49AA2D21015D79B40F5284779127925641C0B91A C
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k\AXShlEx.dll_Patch_Mp2K.exe a variant of Win32/HackTool.Patcher.H application (cleaned by deleting - quarantined) EB0DEAC39DFBA451768FFC57E145672345B33BD1 C
  • 0

#39
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 10.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 39% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#40
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Right click on the M icon for MalwareBytes' in your system tray in the lower right hand corner.
Left click Exit then click Yes to confirm.



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2010/07/31 16:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Uniblue
    
    
    :files
    E:\software\software1\ISO software
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

We need to run check disk.

CHKDSK instructions for XP are found in this tutorial, you may follow the instructions for Graphical Mode if you so wish.


Step 3.

Your copy of Firefox is very out of date and open to many exploits. Please uninstall it for now:

Click Start >> Control Panel >> Add/Remove Programs >> Uninstall Firefox.


Step 4.

Download Auslogics Defrag from here. But do not download the BoostSpeed. Auslogics Defrag in my opinion is better because:

  • It does a more comprehensive job at Defragging
  • It will actually show you what it is doing
  • At the end of working it will show you how much speed you picked up
  • You can view an online log of the files that Auslogics defragged

Please do not run any other Auslogics programs other then this one as they may cause unwanted results.


Step 5.

Please post:

OTL fix log

Update me on remaining issues with your computer.
  • 0

Advertisements


#41
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1390067357-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\timothy\Application Data\Uniblue\SpeedUpMyPC\_temp folder moved successfully.
C:\Documents and Settings\timothy\Application Data\Uniblue\SpeedUpMyPC folder moved successfully.
C:\Documents and Settings\timothy\Application Data\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Documents and Settings\timothy\Application Data\Uniblue\RegistryBooster\history folder moved successfully.
C:\Documents and Settings\timothy\Application Data\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Documents and Settings\timothy\Application Data\Uniblue\RegistryBooster folder moved successfully.
C:\Documents and Settings\timothy\Application Data\Uniblue folder moved successfully.
========== FILES ==========
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5build2802patchmp2k folder moved successfully.
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5.2802crackdevotion\DVT folder moved successfully.
E:\software\software1\ISO software\Alcohol 120%\alcohol120v1.9.5.2802crackdevotion folder moved successfully.
E:\software\software1\ISO software\Alcohol 120% folder moved successfully.
E:\software\software1\ISO software folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\timothy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\timothy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Google Chrome cache emptied: 20312756 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: Temp
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57165724 bytes
->Flash cache emptied: 0 bytes

User: timothy
->Temp folder emptied: 464442 bytes
->Temporary Internet Files folder emptied: 43218273 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 207376593 bytes
->Google Chrome cache emptied: 221708881 bytes
->Apple Safari cache emptied: 2161664 bytes
->Flash cache emptied: 918 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2244203 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 706933 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 530.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12182012_212947

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#42
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Let me know when you finish the rest and how your computer is doing :thumbsup:
  • 0

#43
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Bummer !! Ran step 1 - 3, was defragging and 20 % the way through and then the blue screen of death appeared with 'Kernel error' going to re try again but first C: only and then E: - wondering if the battery is an issue as the time is about 5 minutes behind actual time?

will try defrag now
  • 0

#44
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts

wondering if the battery is an issue as the time is about 5 minutes behind actual time?

Five minutes, when was it last set? Reset it and note the date and time then we can watch it. If it was recent then it may be a hardware issue beyond the battery.


Regards,

CompCav
  • 0

#45
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Nope - crashed again - after 1 minute running just the C drive for defrag ( excluding E). this time different blue screen error ....' process of thread crucial to system operation has terminate...etc'

Also note whenever I start the PC I get 2 errors each time

1 'Dual Core Centre Does not support' - click ok
2 Black berry somethign or other opens up - and 8 /10 fails and closes.

Anyway thought the PC was on teh mend as has been on for 2 days solid (surfing internet) with no crashing.

will post OTL now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP