Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad Image hebitozu.dll


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
MBAM:

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

I am not seeing a wired connection just a wireless which isn't connected.

Right click on My Computer and select Manage then Device Manager. Click on the + in front of Network Adapters. Do you see one or two? Right click on each and Uninstall. Then reboot. Windows should reinstall them.
  • 0

Advertisements


#17
eMoRTaL

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi Ron,
just uninstalled the adapters...looks like the CHKDSK ran also after I rebooted and installed missing file. I'll let you know what happened here in a few minutes (fingers crossed). Hey how do I fix the explorer problem...the background still only comes up, and I still have to CTRL+ALT+DEL --> File --> New Task --> explorer

Edited by eMoRTaL, 11 September 2013 - 06:29 PM.

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
In OTL you should have two lines:

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)


Do you?
  • 0

#19
eMoRTaL

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes they're in there...
Did you read both of my PMs?

Edited by eMoRTaL, 11 September 2013 - 06:48 PM.

  • 0

#20
eMoRTaL

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok Ron, just one more question. After I restarted this time...the computer is working fine. However when I tried to logon to my wifi...I click on my connection...then when I put in my password twice it says:
Wireless configuration (X) The network password needs to be 40bits or 104bits depending on your network configuration. This can be entered as 5 or 13 ascii characters or 10 to 26 hexadecimal characters.

I am able to login to my guest account with no problems though...i would rather login to my main one.

Edited by eMoRTaL, 11 September 2013 - 07:21 PM.

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
I think considering how infected it was you need to run some more scans:


Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Change A-V Scan to C:\ (Going to take many hours to finish but I think in your case it's a good idea)
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan (with the default A-V quickscan) and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.




Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#22
eMoRTaL

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok Ron i finished all the scans and here's what I got:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-15 12:10:27
-----------------------------
12:10:27.031 OS Version: Windows 5.1.2600 Service Pack 2
12:10:27.031 Number of processors: 1 586 0x2402
12:10:27.031 ComputerName: 3R1CV3R4 UserName: Stacy
12:10:30.765 Initialize success
12:11:45.531 AVAST engine defs: 13091500
12:11:56.390 The log file has been saved successfully to "C:\Documents and Settings\Stacy\Desktop\aswMBR.txt"
12:12:46.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:12:46.296 Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
12:12:46.484 Disk 0 MBR read successfully
12:12:46.484 Disk 0 MBR scan
12:12:46.593 Disk 0 Windows XP default MBR code
12:12:46.593 Disk 0 Partition - 00 0F Extended LBA 82066 MB offset 16065
12:12:46.625 Disk 0 Partition 1 80 (A) 0C FAT32 LBA RECOVERY 12291 MB offset 168088095
12:12:46.718 Disk 0 Partition 2 00 D7 NTFS 1027 MB offset 193261950
12:12:46.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 82066 MB offset 16128
12:12:46.796 Disk 0 scanning sectors +195366465
12:12:46.921 Disk 0 scanning C:\WINDOWS\system32\drivers
12:13:14.546 Service scanning
12:14:00.109 Modules scanning
12:14:27.250 AVAST engine scan C:\
12:40:12.437 File: C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXPighi.dll.vir **INFECTED** Win32:Monder-IH [Trj]
12:40:13.578 File: C:\Qoobox\Quarantine\C\WINDOWS\system32\ylrashec.dll.vir **INFECTED** Win32:Vuku [Trj]
12:51:23.906 File: C:\System Volume Information\_restore{7073044C-A314-4C50-A908-66911B8F9A80}\RP2\A0004882.dll **INFECTED** Win32:Monder-IH [Trj]
12:51:24.531 File: C:\System Volume Information\_restore{7073044C-A314-4C50-A908-66911B8F9A80}\RP2\A0004889.dll **INFECTED** Win32:Vuku [Trj]
13:32:55.125 File: C:\WINDOWS\system32\awttqqrq.dll **INFECTED** Win32:Mondo [Trj]
13:32:56.515 File: C:\WINDOWS\system32\bipaxqjb.dll **INFECTED** Win32:Vuku [Trj]
13:39:58.546 File: C:\WINDOWS\system32\kunobesi.dll **INFECTED** Win32:Vuku [Trj]
13:44:05.187 File: C:\WINDOWS\system32\siftyfwo.dll **INFECTED** Win32:Vuku [Trj]
13:47:23.968 File: C:\WINDOWS\system32\wuwivivo.dll **INFECTED** Win32:Vuku [Trj]
13:48:30.187 Scan finished successfully
13:50:17.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stacy\Desktop\MBR.dat"
13:50:17.500 The log file has been saved successfully to "C:\Documents and Settings\Stacy\Desktop\aswMBR.txt"

I WAS NOT ABLE TO RUN FIX ON THIS ONE (ASWMBR.EXE)
----------------------------------------------------------------------------------------------------------------------------------

ComboFix 13-09-14.01 - Stacy 09/15/2013 13:54:51.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.485 [GMT -4:00]
Running from: c:\documents and settings\Stacy\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-08-15 to 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-12 02:35 . 2004-08-04 04:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-09-12 02:16 . 2013-09-12 02:26 -------- d-----w- c:\windows\system32\wbem\Repository.001
2013-09-12 02:14 . 2004-08-04 04:56 162304 ----a-w- c:\windows\system32\wuaucpl.cpl
2013-09-12 02:14 . 2004-08-04 04:56 221184 ------w- c:\program files\Windows Media Player\wmpns.dll
2013-09-12 02:05 . 2004-07-17 15:40 19528 ----a-w- c:\windows\002815_.tmp
2013-09-11 00:39 . 2013-09-11 00:39 -------- d-----w- c:\documents and settings\Stacy\Application Data\Malwarebytes
2013-09-11 00:39 . 2013-09-11 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-11 00:39 . 2013-09-11 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-11 00:39 . 2013-04-04 18:50 20552 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-10 22:17 . 2013-09-10 22:17 -------- d-----w- C:\_OTL
2013-09-10 02:19 . 2013-09-10 02:19 -------- d-----w- c:\documents and settings\Stacy\Application Data\Sonic
2013-09-10 02:17 . 2013-09-10 02:17 -------- d-----w- c:\documents and settings\Stacy\Application Data\Leadertech
2013-09-08 23:11 . 2013-09-08 23:11 -------- d-----w- c:\documents and settings\Stacy\Application Data\GTek
2013-09-06 19:41 . 2003-08-13 19:33 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-09-06 19:41 . 2003-08-13 19:33 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2013-09-06 19:41 . 2003-08-13 19:33 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2013-09-06 19:41 . 2003-08-13 19:33 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2013-09-06 19:41 . 2003-08-13 19:33 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2013-09-06 19:41 . 2003-08-13 19:33 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2013-09-06 19:41 . 2003-08-13 19:33 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2013-09-06 19:39 . 2003-08-13 19:24 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2013-09-06 19:38 . 2003-08-13 19:19 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2013-09-06 19:37 . 2003-08-13 19:15 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2013-09-06 19:35 . 2003-05-11 20:26 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2013-09-06 19:30 . 2003-08-13 19:22 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2013-09-06 19:23 . 2002-06-21 21:31 16384 ----a-w- c:\windows\system32\netfxperf.dll
2013-09-06 19:12 . 2004-08-04 03:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2013-09-06 19:05 . 2003-08-13 19:30 425866 ----a-r- c:\windows\SET80.tmp
2013-09-06 19:05 . 2003-08-13 19:25 7046 ----a-r- c:\windows\SET68.tmp
2013-09-06 19:05 . 2003-08-13 19:18 13608 ----a-r- c:\windows\SET56.tmp
2013-09-06 19:05 . 2003-08-13 19:24 1086182 ----a-r- c:\windows\SET4A.tmp
2013-09-06 00:43 . 2004-08-04 03:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2013-09-06 00:39 . 2004-08-04 02:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2013-09-06 00:37 . 2004-08-04 04:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2013-09-06 00:37 . 2004-08-04 04:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2013-09-06 00:36 . 2004-08-04 03:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2013-09-06 00:36 . 2004-08-04 05:01 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2013-09-06 00:33 . 2003-08-13 19:25 7046 ----a-r- c:\windows\SET9C.tmp
2013-09-06 00:33 . 2003-08-13 19:18 13608 ----a-r- c:\windows\SET8A.tmp
2013-09-06 00:33 . 2003-08-13 19:24 1086182 ----a-r- c:\windows\SET7E.tmp
2013-09-05 23:07 . 2013-09-05 23:07 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 05:15 81408 --sha-w- c:\windows\system32\kunobesi.dll
2009-06-21 21:08 49664 --sha-w- c:\windows\system32\wuwivivo.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2005-9-24 73728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/10/2013 8:39 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/10/2013 8:39 PM 701512]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/31/2008 2:30 PM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/10/2013 8:39 PM 20552]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
2013-09-15 c:\windows\Tasks\ourwgwdk.job
- c:\windows\system32\awttqqrq.dll [2008-12-30 23:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uDefault_Search_URL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: yahoo.com\m.www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-15 14:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?8?9?1??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-09-15 14:03:43
ComboFix-quarantined-files.txt 2013-09-15 18:03
.
Pre-Run: 68,660,932,608 bytes free
Post-Run: 68,847,181,824 bytes free
.
- - End Of File - - CF6DEFEA7F6FB91582CF729D1582B38D
8F558EB6672622401DA993E1E865C861
-------------------------------------------------------------------------

14:04:41.0656 2228 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:04:42.0281 2228 ============================================================
14:04:42.0281 2228 Current date / time: 2013/09/15 14:04:42.0281
14:04:42.0281 2228 SystemInfo:
14:04:42.0281 2228
14:04:42.0281 2228 OS Version: 5.1.2600 ServicePack: 2.0
14:04:42.0281 2228 Product type: Workstation
14:04:42.0281 2228 ComputerName: 3R1CV3R4
14:04:42.0281 2228 UserName: Stacy
14:04:42.0281 2228 Windows directory: C:\WINDOWS
14:04:42.0281 2228 System windows directory: C:\WINDOWS
14:04:42.0281 2228 Processor architecture: Intel x86
14:04:42.0281 2228 Number of processors: 1
14:04:42.0281 2228 Page size: 0x1000
14:04:42.0281 2228 Boot type: Normal boot
14:04:42.0281 2228 ============================================================
14:04:44.0234 2228 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:04:44.0234 2228 ============================================================
14:04:44.0234 2228 \Device\Harddisk0\DR0:
14:04:44.0234 2228 MBR partitions:
14:04:44.0265 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xA04931F
14:04:44.0265 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xA04D21F, BlocksNum 0x1801F5F
14:04:44.0265 2228 ============================================================
14:04:44.0296 2228 D: <-> \Device\Harddisk0\DR0\Partition2
14:04:44.0375 2228 C: <-> \Device\Harddisk0\DR0\Partition1
14:04:44.0375 2228 ============================================================
14:04:44.0375 2228 Initialize success
14:04:44.0375 2228 ============================================================
14:06:18.0765 3984 ============================================================
14:06:18.0765 3984 Scan started
14:06:18.0765 3984 Mode: Manual; SigCheck; TDLFS;
14:06:18.0765 3984 ============================================================
14:06:19.0046 3984 ================ Scan system memory ========================
14:06:19.0078 3984 System memory - ok
14:06:19.0078 3984 ================ Scan services =============================
14:06:19.0203 3984 Abiosdsk - ok
14:06:19.0203 3984 abp480n5 - ok
14:06:19.0296 3984 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:06:19.0562 3984 ACPI - ok
14:06:19.0578 3984 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:06:19.0734 3984 ACPIEC - ok
14:06:19.0750 3984 adpu160m - ok
14:06:19.0781 3984 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:06:19.0906 3984 aec - ok
14:06:19.0921 3984 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:06:20.0062 3984 AFD - ok
14:06:20.0062 3984 Aha154x - ok
14:06:20.0078 3984 aic78u2 - ok
14:06:20.0093 3984 aic78xx - ok
14:06:20.0140 3984 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:06:20.0281 3984 Alerter - ok
14:06:20.0312 3984 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
14:06:20.0437 3984 ALG - ok
14:06:20.0453 3984 AliIde - ok
14:06:20.0500 3984 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:06:20.0531 3984 AmdK8 - ok
14:06:20.0546 3984 amsint - ok
14:06:20.0656 3984 [ A8AA9D47F971570A5162B862B80F87E8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:06:20.0671 3984 Apple Mobile Device - ok
14:06:20.0718 3984 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:06:20.0843 3984 AppMgmt - ok
14:06:20.0859 3984 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:06:20.0984 3984 Arp1394 - ok
14:06:21.0000 3984 asc - ok
14:06:21.0015 3984 asc3350p - ok
14:06:21.0015 3984 asc3550 - ok
14:06:21.0156 3984 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:06:21.0171 3984 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
14:06:21.0171 3984 aspnet_state - detected UnsignedFile.Multi.Generic (1)
14:06:21.0203 3984 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:06:21.0343 3984 AsyncMac - ok
14:06:21.0406 3984 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:06:21.0515 3984 atapi - ok
14:06:21.0531 3984 Atdisk - ok
14:06:21.0609 3984 [ B395912B170A709DC1B6E113E378C554 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:06:21.0656 3984 Ati HotKey Poller - ok
14:06:21.0781 3984 [ 287B11A781F2B7A28F283FD4B7434DAF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:06:21.0937 3984 ati2mtag - ok
14:06:21.0984 3984 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:06:22.0093 3984 Atmarpc - ok
14:06:22.0156 3984 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:06:22.0265 3984 AudioSrv - ok
14:06:22.0328 3984 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:06:22.0484 3984 audstub - ok
14:06:22.0562 3984 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:06:22.0640 3984 BCM43XX - ok
14:06:22.0687 3984 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:06:22.0843 3984 Beep - ok
14:06:22.0953 3984 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
14:06:23.0109 3984 BITS - ok
14:06:23.0171 3984 [ 9EFE4236F8670846B6E7C5B0EFF6E715 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:06:23.0187 3984 Bonjour Service - ok
14:06:23.0234 3984 [ E4E6A0922E3D983728C9AD4E8D466954 ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
14:06:23.0343 3984 Bridge - ok
14:06:23.0359 3984 [ E4E6A0922E3D983728C9AD4E8D466954 ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
14:06:23.0484 3984 BridgeMP - ok
14:06:23.0562 3984 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
14:06:23.0671 3984 Browser - ok
14:06:23.0781 3984 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
14:06:23.0859 3984 CAMCAUD - ok
14:06:23.0906 3984 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
14:06:23.0984 3984 CAMCHALA - ok
14:06:23.0984 3984 catchme - ok
14:06:24.0046 3984 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:06:24.0203 3984 cbidf2k - ok
14:06:24.0203 3984 cd20xrnt - ok
14:06:24.0265 3984 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:06:24.0437 3984 Cdaudio - ok
14:06:24.0484 3984 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:06:24.0578 3984 Cdfs - ok
14:06:24.0593 3984 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:06:24.0703 3984 Cdrom - ok
14:06:24.0718 3984 Changer - ok
14:06:24.0781 3984 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:06:24.0890 3984 CiSvc - ok
14:06:24.0906 3984 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:06:25.0015 3984 ClipSrv - ok
14:06:25.0031 3984 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:06:25.0140 3984 CmBatt - ok
14:06:25.0156 3984 CmdIde - ok
14:06:25.0203 3984 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:06:25.0359 3984 Compbatt - ok
14:06:25.0375 3984 COMSysApp - ok
14:06:25.0390 3984 Cpqarray - ok
14:06:25.0437 3984 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:06:25.0531 3984 CryptSvc - ok
14:06:25.0546 3984 dac2w2k - ok
14:06:25.0546 3984 dac960nt - ok
14:06:25.0625 3984 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:06:25.0750 3984 DcomLaunch - ok
14:06:25.0781 3984 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:06:25.0875 3984 Dhcp - ok
14:06:25.0906 3984 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:26.0015 3984 Disk - ok
14:06:26.0015 3984 dmadmin - ok
14:06:26.0156 3984 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:06:26.0328 3984 dmboot - ok
14:06:26.0390 3984 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
14:06:26.0515 3984 dmio - ok
14:06:26.0546 3984 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:06:26.0703 3984 dmload - ok
14:06:26.0765 3984 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
14:06:26.0875 3984 dmserver - ok
14:06:26.0906 3984 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:06:27.0000 3984 DMusic - ok
14:06:27.0031 3984 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:06:27.0125 3984 Dnscache - ok
14:06:27.0187 3984 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:06:27.0187 3984 Dot3svc ( UnsignedFile.Multi.Generic ) - warning
14:06:27.0187 3984 Dot3svc - detected UnsignedFile.Multi.Generic (1)
14:06:27.0187 3984 dpti2o - ok
14:06:27.0218 3984 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:06:27.0343 3984 drmkaud - ok
14:06:27.0390 3984 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
14:06:27.0437 3984 eabfiltr - ok
14:06:27.0453 3984 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
14:06:27.0453 3984 eabusb - ok
14:06:27.0484 3984 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:06:27.0500 3984 EapHost ( UnsignedFile.Multi.Generic ) - warning
14:06:27.0500 3984 EapHost - detected UnsignedFile.Multi.Generic (1)
14:06:27.0625 3984 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
14:06:27.0671 3984 ehRecvr - ok
14:06:27.0718 3984 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
14:06:27.0765 3984 ehSched - ok
14:06:27.0796 3984 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:06:27.0906 3984 ERSvc - ok
14:06:27.0953 3984 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
14:06:28.0078 3984 Eventlog - ok
14:06:28.0125 3984 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\System32\es.dll
14:06:28.0250 3984 EventSystem - ok
14:06:28.0265 3984 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:06:28.0375 3984 Fastfat - ok
14:06:28.0437 3984 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:06:28.0546 3984 FastUserSwitchingCompatibility - ok
14:06:28.0562 3984 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:06:28.0687 3984 Fdc - ok
14:06:28.0734 3984 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:06:28.0875 3984 Fips - ok
14:06:28.0875 3984 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:06:29.0000 3984 Flpydisk - ok
14:06:29.0031 3984 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:06:29.0046 3984 FltMgr ( UnsignedFile.Multi.Generic ) - warning
14:06:29.0046 3984 FltMgr - detected UnsignedFile.Multi.Generic (1)
14:06:29.0109 3984 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:06:29.0234 3984 Fs_Rec - ok
14:06:29.0250 3984 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:06:29.0406 3984 Ftdisk - ok
14:06:29.0453 3984 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:06:29.0468 3984 GEARAspiWDM - ok
14:06:29.0515 3984 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:06:29.0609 3984 Gpc - ok
14:06:29.0718 3984 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:06:29.0828 3984 helpsvc - ok
14:06:29.0875 3984 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:06:29.0968 3984 HidServ - ok
14:06:30.0015 3984 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:06:30.0187 3984 HidUsb - ok
14:06:30.0265 3984 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:06:30.0265 3984 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
14:06:30.0265 3984 hkmsvc - detected UnsignedFile.Multi.Generic (1)
14:06:30.0281 3984 hpn - ok
14:06:30.0390 3984 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:06:30.0421 3984 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:06:30.0421 3984 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:06:30.0453 3984 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:06:30.0484 3984 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:06:30.0484 3984 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:06:30.0593 3984 [ 16CF6F0847C36FF3A85930ECBC4D3C43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:06:30.0609 3984 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
14:06:30.0609 3984 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
14:06:30.0656 3984 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:06:30.0812 3984 HPZid412 - ok
14:06:30.0812 3984 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:06:30.0843 3984 HPZipr12 - ok
14:06:30.0875 3984 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:06:30.0937 3984 HPZius12 - ok
14:06:31.0000 3984 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:06:31.0062 3984 HSFHWATI - ok
14:06:31.0140 3984 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:06:31.0218 3984 HSF_DP - ok
14:06:31.0312 3984 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:06:31.0328 3984 HTTP ( UnsignedFile.Multi.Generic ) - warning
14:06:31.0328 3984 HTTP - detected UnsignedFile.Multi.Generic (1)
14:06:31.0375 3984 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:06:31.0406 3984 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
14:06:31.0406 3984 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
14:06:31.0406 3984 i2omgmt - ok
14:06:31.0421 3984 i2omp - ok
14:06:31.0484 3984 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:06:31.0703 3984 i8042prt - ok
14:06:31.0734 3984 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:06:31.0828 3984 Imapi - ok
14:06:31.0890 3984 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:06:32.0000 3984 ImapiService - ok
14:06:32.0015 3984 ini910u - ok
14:06:32.0015 3984 IntelIde - ok
14:06:32.0046 3984 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:06:32.0062 3984 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
14:06:32.0062 3984 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
14:06:32.0125 3984 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:06:32.0281 3984 IpFilterDriver - ok
14:06:32.0312 3984 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:06:32.0437 3984 IpInIp - ok
14:06:32.0484 3984 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:06:32.0609 3984 IpNat - ok
14:06:32.0687 3984 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:06:32.0703 3984 iPod Service - ok
14:06:32.0750 3984 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:06:32.0859 3984 IPSec - ok
14:06:32.0875 3984 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:06:33.0000 3984 IRENUM - ok
14:06:33.0062 3984 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:06:33.0218 3984 isapnp - ok
14:06:33.0281 3984 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:06:33.0390 3984 Kbdclass - ok
14:06:33.0390 3984 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:06:33.0531 3984 kbdhid - ok
14:06:33.0546 3984 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:06:33.0656 3984 kmixer - ok
14:06:33.0656 3984 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:06:33.0765 3984 KSecDD - ok
14:06:33.0796 3984 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:06:33.0906 3984 lanmanserver - ok
14:06:33.0937 3984 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:06:34.0062 3984 lanmanworkstation - ok
14:06:34.0062 3984 lbrtfdc - ok
14:06:34.0203 3984 [ 258CACA1DAADE43978E2ECC9BDC94E1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:06:34.0203 3984 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:06:34.0203 3984 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:06:34.0218 3984 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:06:34.0328 3984 LmHosts - ok
14:06:34.0390 3984 [ D5C9360C97A653BB8CC057CD13B17150 ] MBAMProtector C:\WINDOWS\System32\drivers\mbam.sys
14:06:34.0406 3984 MBAMProtector - ok
14:06:34.0468 3984 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:06:34.0484 3984 MBAMScheduler - ok
14:06:34.0562 3984 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:06:34.0593 3984 MBAMService - ok
14:06:34.0671 3984 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
14:06:34.0687 3984 McrdSvc - ok
14:06:34.0703 3984 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:06:34.0734 3984 mdmxsdk - ok
14:06:34.0781 3984 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:06:34.0906 3984 Messenger - ok
14:06:34.0906 3984 mferkdk - ok
14:06:34.0984 3984 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
14:06:34.0984 3984 MHN ( UnsignedFile.Multi.Generic ) - warning
14:06:34.0984 3984 MHN - detected UnsignedFile.Multi.Generic (1)
14:06:35.0015 3984 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:06:35.0046 3984 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
14:06:35.0046 3984 MHNDRV - detected UnsignedFile.Multi.Generic (1)
14:06:35.0109 3984 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:06:35.0250 3984 mnmdd - ok
14:06:35.0312 3984 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:06:35.0421 3984 mnmsrvc - ok
14:06:35.0453 3984 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:06:35.0546 3984 Modem - ok
14:06:35.0578 3984 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:06:35.0687 3984 Mouclass - ok
14:06:35.0734 3984 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:06:35.0906 3984 mouhid - ok
14:06:35.0968 3984 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:06:36.0078 3984 MountMgr - ok
14:06:36.0078 3984 mraid35x - ok
14:06:36.0093 3984 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:06:36.0203 3984 MRxDAV - ok
14:06:36.0281 3984 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:06:36.0390 3984 MRxSmb - ok
14:06:36.0406 3984 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:06:36.0531 3984 MSDTC - ok
14:06:36.0546 3984 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:06:36.0640 3984 Msfs - ok
14:06:36.0656 3984 MSIServer - ok
14:06:36.0703 3984 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:06:36.0812 3984 MSKSSRV - ok
14:06:36.0843 3984 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:06:36.0968 3984 MSPCLOCK - ok
14:06:37.0015 3984 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:06:37.0140 3984 MSPQM - ok
14:06:37.0187 3984 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:06:37.0203 3984 mssmbios ( UnsignedFile.Multi.Generic ) - warning
14:06:37.0203 3984 mssmbios - detected UnsignedFile.Multi.Generic (1)
14:06:37.0250 3984 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:06:37.0375 3984 Mup - ok
14:06:37.0421 3984 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:06:37.0437 3984 napagent ( UnsignedFile.Multi.Generic ) - warning
14:06:37.0437 3984 napagent - detected UnsignedFile.Multi.Generic (1)
14:06:37.0453 3984 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:06:37.0578 3984 NDIS - ok
14:06:37.0640 3984 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:06:37.0796 3984 NdisTapi - ok
14:06:37.0828 3984 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:06:37.0937 3984 Ndisuio - ok
14:06:37.0953 3984 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:06:38.0062 3984 NdisWan - ok
14:06:38.0109 3984 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:06:38.0234 3984 NDProxy - ok
14:06:38.0296 3984 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:06:38.0312 3984 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:06:38.0312 3984 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:06:38.0328 3984 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:06:38.0421 3984 NetBIOS - ok
14:06:38.0453 3984 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:06:38.0562 3984 NetBT - ok
14:06:38.0640 3984 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:06:38.0750 3984 NetDDE - ok
14:06:38.0765 3984 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:06:38.0875 3984 NetDDEdsdm - ok
14:06:38.0890 3984 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:06:38.0984 3984 Netlogon - ok
14:06:39.0000 3984 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
14:06:39.0125 3984 Netman - ok
14:06:39.0156 3984 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:06:39.0250 3984 NIC1394 - ok
14:06:39.0296 3984 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
14:06:39.0406 3984 Nla - ok
14:06:39.0437 3984 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:06:39.0515 3984 Npfs - ok
14:06:39.0578 3984 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:06:39.0734 3984 Ntfs - ok
14:06:39.0734 3984 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:06:39.0843 3984 NtLmSsp - ok
14:06:39.0937 3984 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:06:40.0062 3984 NtmsSvc - ok
14:06:40.0093 3984 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:06:40.0250 3984 Null - ok
14:06:40.0312 3984 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:06:40.0468 3984 NwlnkFlt - ok
14:06:40.0484 3984 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:06:40.0656 3984 NwlnkFwd - ok
14:06:40.0781 3984 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:06:40.0812 3984 odserv - ok
14:06:40.0812 3984 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:06:40.0968 3984 ohci1394 - ok
14:06:41.0000 3984 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:06:41.0015 3984 ose - ok
14:06:41.0078 3984 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
14:06:41.0187 3984 Parport - ok
14:06:41.0218 3984 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:06:41.0359 3984 PartMgr - ok
14:06:41.0390 3984 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:06:41.0562 3984 ParVdm - ok
14:06:41.0578 3984 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:06:41.0687 3984 PCI - ok
14:06:41.0703 3984 PCIDump - ok
14:06:41.0765 3984 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:06:41.0937 3984 PCIIde - ok
14:06:41.0968 3984 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:06:42.0078 3984 Pcmcia - ok
14:06:42.0078 3984 PDCOMP - ok
14:06:42.0093 3984 PDFRAME - ok
14:06:42.0109 3984 PDRELI - ok
14:06:42.0125 3984 PDRFRAME - ok
14:06:42.0125 3984 perc2 - ok
14:06:42.0140 3984 perc2hib - ok
14:06:42.0203 3984 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
14:06:42.0296 3984 PlugPlay - ok
14:06:42.0359 3984 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:06:42.0359 3984 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:06:42.0359 3984 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:06:42.0375 3984 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:06:42.0484 3984 PolicyAgent - ok
14:06:42.0515 3984 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:06:42.0609 3984 PptpMiniport - ok
14:06:42.0625 3984 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:06:42.0750 3984 Processor - ok
14:06:42.0750 3984 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:06:42.0859 3984 ProtectedStorage - ok
14:06:42.0859 3984 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:06:42.0968 3984 PSched - ok
14:06:43.0000 3984 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:06:43.0156 3984 Ptilink - ok
14:06:43.0187 3984 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:06:43.0187 3984 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:06:43.0187 3984 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:06:43.0203 3984 ql1080 - ok
14:06:43.0203 3984 Ql10wnt - ok
14:06:43.0218 3984 ql12160 - ok
14:06:43.0234 3984 ql1240 - ok
14:06:43.0250 3984 ql1280 - ok
14:06:43.0281 3984 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:06:43.0421 3984 RasAcd - ok
14:06:43.0484 3984 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:06:43.0578 3984 RasAuto - ok
14:06:43.0593 3984 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:06:43.0703 3984 Rasl2tp - ok
14:06:43.0812 3984 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:06:43.0937 3984 RasMan - ok
14:06:43.0937 3984 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:06:44.0093 3984 RasPppoe - ok
14:06:44.0156 3984 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:06:44.0312 3984 Raspti - ok
14:06:44.0375 3984 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:06:44.0500 3984 Rdbss - ok
14:06:44.0500 3984 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:06:44.0656 3984 RDPCDD - ok
14:06:44.0687 3984 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:06:44.0796 3984 rdpdr - ok
14:06:44.0859 3984 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:06:44.0953 3984 RDPWD - ok
14:06:45.0000 3984 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:06:45.0093 3984 RDSessMgr - ok
14:06:45.0125 3984 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:06:45.0218 3984 redbook - ok
14:06:45.0265 3984 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:06:45.0437 3984 RemoteAccess - ok
14:06:45.0484 3984 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:06:45.0609 3984 RemoteRegistry - ok
14:06:45.0625 3984 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\System32\locator.exe
14:06:45.0734 3984 RpcLocator - ok
14:06:45.0781 3984 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:06:45.0890 3984 RpcSs - ok
14:06:45.0921 3984 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:06:46.0109 3984 RSVP - ok
14:06:46.0156 3984 [ 7889E3981E0A5D347E037ABD467D53A5 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:06:46.0843 3984 RTL8023xp - ok
14:06:47.0125 3984 rtl8139 - ok
14:06:47.0406 3984 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
14:06:48.0000 3984 SamSs - ok
14:06:48.0156 3984 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:06:48.0796 3984 SCardSvr - ok
14:06:49.0046 3984 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:06:49.0578 3984 Schedule - ok
14:06:49.0656 3984 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:06:49.0671 3984 sdbus ( UnsignedFile.Multi.Generic ) - warning
14:06:49.0671 3984 sdbus - detected UnsignedFile.Multi.Generic (1)
14:06:49.0703 3984 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:06:49.0750 3984 Secdrv - ok
14:06:49.0781 3984 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
14:06:49.0890 3984 seclogon - ok
14:06:49.0921 3984 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
14:06:50.0000 3984 SENS - ok
14:06:50.0062 3984 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
14:06:50.0171 3984 Serial - ok
14:06:50.0187 3984 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:06:50.0906 3984 Sfloppy - ok
14:06:51.0203 3984 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:06:52.0203 3984 SharedAccess - ok
14:06:52.0250 3984 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:06:52.0921 3984 ShellHWDetection - ok
14:06:52.0921 3984 Simbad - ok
14:06:52.0937 3984 Sparrow - ok
14:06:52.0984 3984 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:06:53.0093 3984 splitter - ok
14:06:53.0109 3984 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:06:53.0703 3984 Spooler - ok
14:06:53.0812 3984 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:06:54.0468 3984 sr - ok
14:06:54.0578 3984 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
14:06:54.0671 3984 srservice - ok
14:06:54.0703 3984 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:06:54.0828 3984 Srv - ok
14:06:54.0859 3984 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:06:54.0968 3984 SSDPSRV - ok
14:06:55.0000 3984 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:06:55.0109 3984 stisvc - ok
14:06:55.0140 3984 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:06:55.0250 3984 swenum - ok
14:06:55.0312 3984 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:06:55.0484 3984 swmidi - ok
14:06:55.0484 3984 SwPrv - ok
14:06:55.0500 3984 symc810 - ok
14:06:55.0515 3984 symc8xx - ok
14:06:55.0515 3984 sym_hi - ok
14:06:55.0531 3984 sym_u3 - ok
14:06:55.0593 3984 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:06:55.0609 3984 SynTP - ok
14:06:55.0640 3984 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:06:55.0734 3984 sysaudio - ok
14:06:55.0796 3984 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:06:55.0921 3984 SysmonLog - ok
14:06:56.0000 3984 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:06:56.0125 3984 TapiSrv - ok
14:06:56.0171 3984 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:06:56.0296 3984 Tcpip - ok
14:06:56.0359 3984 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:06:56.0484 3984 TDPIPE - ok
14:06:56.0531 3984 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:06:56.0656 3984 TDTCP - ok
14:06:56.0671 3984 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:06:56.0765 3984 TermDD - ok
14:06:56.0796 3984 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
14:06:56.0937 3984 TermService - ok
14:06:56.0953 3984 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:06:57.0062 3984 Themes - ok
14:06:57.0125 3984 [ 9179E07503630D6FB2E4162FF0196191 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
14:06:57.0156 3984 tifm21 - ok
14:06:57.0203 3984 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:06:57.0328 3984 TlntSvr - ok
14:06:57.0343 3984 TosIde - ok
14:06:57.0390 3984 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:06:57.0500 3984 TrkWks - ok
14:06:57.0562 3984 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:06:57.0687 3984 Udfs - ok
14:06:57.0703 3984 ultra - ok
14:06:57.0734 3984 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
14:06:57.0796 3984 UMWdf - ok
14:06:57.0843 3984 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:06:57.0953 3984 Update - ok
14:06:58.0015 3984 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
14:06:58.0125 3984 upnphost - ok
14:06:58.0125 3984 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
14:06:58.0265 3984 UPS - ok
14:06:58.0328 3984 [ C1CA131F4E3ED63D6BC89A35FFAD4CDA ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:06:58.0359 3984 USBAAPL - ok
14:06:58.0406 3984 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:06:58.0531 3984 usbccgp - ok
14:06:58.0593 3984 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:06:58.0703 3984 usbehci - ok
14:06:58.0718 3984 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:06:58.0828 3984 usbhub - ok
14:06:58.0859 3984 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:06:58.0968 3984 usbohci - ok
14:06:59.0000 3984 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:06:59.0140 3984 usbprint - ok
14:06:59.0171 3984 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:06:59.0281 3984 usbscan - ok
14:06:59.0296 3984 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:06:59.0421 3984 USBSTOR - ok
14:06:59.0468 3984 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:06:59.0578 3984 VgaSave - ok
14:06:59.0593 3984 ViaIde - ok
14:06:59.0671 3984 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:06:59.0781 3984 VolSnap - ok
14:06:59.0890 3984 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
14:07:00.0015 3984 VSS - ok
14:07:00.0046 3984 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
14:07:00.0140 3984 W32Time - ok
14:07:00.0218 3984 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:07:00.0328 3984 Wanarp - ok
14:07:00.0343 3984 WDICA - ok
14:07:00.0406 3984 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:07:00.0515 3984 wdmaud - ok
14:07:00.0546 3984 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:07:00.0640 3984 WebClient - ok
14:07:00.0703 3984 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:07:00.0765 3984 winachsf - ok
14:07:00.0875 3984 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:07:00.0984 3984 winmgmt - ok
14:07:01.0046 3984 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
14:07:01.0078 3984 WmdmPmSN - ok
14:07:01.0156 3984 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
14:07:01.0328 3984 Wmi - ok
14:07:01.0375 3984 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:07:01.0468 3984 WmiAcpi - ok
14:07:01.0515 3984 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:07:01.0625 3984 WmiApSrv - ok
14:07:01.0671 3984 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:07:01.0843 3984 WS2IFSL - ok
14:07:01.0906 3984 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:07:01.0921 3984 wscsvc ( UnsignedFile.Multi.Generic ) - warning
14:07:01.0921 3984 wscsvc - detected UnsignedFile.Multi.Generic (1)
14:07:01.0984 3984 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:07:02.0078 3984 wuauserv - ok
14:07:02.0109 3984 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:07:02.0218 3984 WZCSVC - ok
14:07:02.0250 3984 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:07:02.0281 3984 xmlprov ( UnsignedFile.Multi.Generic ) - warning
14:07:02.0281 3984 xmlprov - detected UnsignedFile.Multi.Generic (1)
14:07:02.0296 3984 ================ Scan global ===============================
14:07:02.0359 3984 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
14:07:02.0421 3984 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
14:07:02.0453 3984 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
14:07:02.0484 3984 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
14:07:02.0484 3984 [Global] - ok
14:07:02.0500 3984 ================ Scan MBR ==================================
14:07:02.0531 3984 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:07:04.0093 3984 \Device\Harddisk0\DR0 - ok
14:07:04.0093 3984 ================ Scan VBR ==================================
14:07:04.0093 3984 [ DCE83C9C79C213FDC6BB681CEF3F31F2 ] \Device\Harddisk0\DR0\Partition1
14:07:04.0109 3984 \Device\Harddisk0\DR0\Partition1 - ok
14:07:04.0140 3984 [ E96981E296425560082F59ED0387D922 ] \Device\Harddisk0\DR0\Partition2
14:07:04.0140 3984 \Device\Harddisk0\DR0\Partition2 - ok
14:07:04.0140 3984 ============================================================
14:07:04.0140 3984 Scan finished
14:07:04.0140 3984 ============================================================
14:07:04.0265 2228 Detected object count: 22
14:07:04.0265 2228 Actual detected object count: 22
14:13:09.0531 2228 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0531 2228 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0531 2228 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0531 2228 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0531 2228 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0531 2228 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0546 2228 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0546 2228 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0546 2228 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0546 2228 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0546 2228 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0546 2228 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0562 2228 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0562 2228 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0562 2228 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0562 2228 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0562 2228 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0562 2228 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0578 2228 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0578 2228 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0578 2228 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0578 2228 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0578 2228 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0578 2228 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0593 2228 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0593 2228 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0593 2228 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0593 2228 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0593 2228 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0593 2228 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0609 2228 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0609 2228 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0609 2228 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0609 2228 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0609 2228 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0609 2228 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0625 2228 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0625 2228 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0625 2228 sdbus ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0625 2228 sdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0625 2228 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0625 2228 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:09.0640 2228 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:09.0640 2228 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:18.0093 3628 Deinitialize success
--------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/09/2013 2:30:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2013 2:22:46 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 15/09/2013 2:20:46 PM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 15/09/2013 1:47:40 PM
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Log: 'System' Date/Time: 15/09/2013 12:46:11 PM
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Log: 'System' Date/Time: 15/09/2013 11:43:49 AM
Type: error Category: 0
Event: 1000 Source: Dhcp
Your computer has lost the lease to its IP address 192.168.33.126 on the Network Card with network address 0014A575F700.

Log: 'System' Date/Time: 09/09/2013 9:18:30 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The HTTP SSL service depends on the HTTP service which failed to start because of the following error: The specified procedure could not be found.

Log: 'System' Date/Time: 09/09/2013 9:18:30 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP service failed to start due to the following error: The specified procedure could not be found.

Log: 'System' Date/Time: 09/09/2013 9:13:04 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E9376CC6-121A-447E-81CF-D8BCC200007C}

Log: 'System' Date/Time: 09/09/2013 9:10:38 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP service failed to start due to the following error: The specified procedure could not be found.

Log: 'System' Date/Time: 09/09/2013 8:47:20 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 09/09/2013 7:44:20 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom0, has a bad block.

Log: 'System' Date/Time: 09/09/2013 7:44:17 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom0, has a bad block.

Log: 'System' Date/Time: 09/09/2013 7:42:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SDDMI2 service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 09/09/2013 7:26:45 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 09/09/2013 7:26:32 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Media Center Receiver Service service terminated with the following error: Class not registered

Log: 'System' Date/Time: 09/09/2013 7:26:10 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: The specified procedure could not be found.

Log: 'System' Date/Time: 09/09/2013 7:26:10 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP service failed to start due to the following error: The specified procedure could not be found.

Log: 'System' Date/Time: 09/09/2013 7:25:58 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: FltMgr

Log: 'System' Date/Time: 09/09/2013 7:25:58 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 09/09/2013 7:25:58 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: The specified procedure could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2013 11:43:47 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0014A575F700. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/09/2013 10:21:53 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 08/09/2013 10:38:13 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off STACY-E0B1E99E2 failed

Log: 'System' Date/Time: 08/09/2013 8:15:01 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 08/09/2013 7:26:16 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off STACY-E0B1E99E2 failed

Log: 'System' Date/Time: 08/09/2013 1:56:11 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off STACY-E0B1E99E2 failed

Log: 'System' Date/Time: 08/09/2013 9:34:41 AM
Type: warning Category: 0
Event: 240 Source: Win32k
A request to suspend power was denied by hpqste08.exe.

Log: 'System' Date/Time: 08/09/2013 9:10:40 AM
Type: warning Category: 0
Event: 240 Source: Win32k
A request to suspend power was denied by svchost.exe.

Log: 'System' Date/Time: 08/09/2013 9:10:37 AM
Type: warning Category: 0
Event: 240 Source: Win32k
A request to suspend power was denied by svchost.exe.

Log: 'System' Date/Time: 08/09/2013 8:29:10 AM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to reboot STACY-E0B1E99E2 failed
--------------------------------------------------------------

OTL logfile created on: 9/15/2013 2:38:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stacy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 436.41 Mb Available Physical Memory | 42.69% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.92% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.14 Gb Total Space | 64.14 Gb Free Space | 80.03% Space Free | Partition Type: NTFS
Drive D: | 11.98 Gb Total Space | 0.24 Gb Free Space | 1.98% Space Free | Partition Type: FAT32

Computer Name: 3R1CV3R4 | User Name: Stacy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/08 20:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacy\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 04:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2005/12/22 09:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/12/08 14:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/11/20 21:08:22 | 001,055,744 | ---- | M] () -- C:\Program Files\Safari\libxml2.dll
MOD - [2008/11/20 21:08:22 | 000,368,640 | ---- | M] () -- C:\Program Files\Safari\SQLite3.dll
MOD - [2008/11/20 21:08:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Safari\libtidy.dll
MOD - [2008/11/20 21:08:22 | 000,062,464 | ---- | M] () -- C:\Program Files\Safari\zlib1.dll
MOD - [2005/12/12 12:39:46 | 000,167,936 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
MOD - [2005/12/08 14:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
MOD - [2004/08/04 00:56:46 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/04 00:56:46 | 000,270,848 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/04 00:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/04 00:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,020,552 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 18:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/02 06:00:00 | 000,349,312 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/05/05 11:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 11:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{4F6D47CD-3C0E-48FA-AE6C-4E283D9998F7}: "URL" = http://internetsearc...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7SUNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()



O1 HOSTS File: ([2013/09/15 11:44:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: yahoo.com ([m.www] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} http://rockyou.com/R...ageUploader.cab (RockYou Image Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3EF8E67-C378-4677-B3F5-2213888F9AF5}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stacy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stacy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 18:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/31 14:01:54 | 000,000,050 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/09/15 14:03:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/09/15 12:22:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stacy\Desktop\tdsskiller.exe
[2013/09/12 21:56:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/12 21:56:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/12 21:56:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/12 21:56:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/12 21:56:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/12 21:55:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Stacy\Start Menu\Programs\Administrative Tools
[2013/09/12 21:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/12 21:54:37 | 005,126,233 | R--- | C] (Swearware) -- C:\Documents and Settings\Stacy\Desktop\ComboFix.exe
[2013/09/12 21:40:34 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Stacy\Desktop\aswmbr.exe
[2013/09/11 22:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/09/11 22:15:25 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehchsime.dll
[2013/09/11 22:15:25 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdatunepia.dll
[2013/09/11 22:15:24 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqqp20.dll
[2013/09/11 22:15:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqdb20.dll
[2013/09/11 22:15:24 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehglid.dll
[2013/09/11 22:15:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcommon.dll
[2013/09/11 22:15:24 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqse20.dll
[2013/09/11 22:15:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiepg.dll
[2013/09/11 22:15:24 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiextens.dll
[2013/09/11 22:15:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gacutil.exe
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2013/09/11 22:15:24 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\medctrro.exe
[2013/09/11 22:15:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2013/09/11 22:15:24 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehmsas.exe
[2013/09/11 22:15:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehjpnime.dll
[2013/09/11 22:15:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcircl.dll
[2013/09/11 22:15:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiuserxp.dll
[2013/09/11 22:15:24 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snchk.exe
[2013/09/11 22:15:01 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2013/09/11 22:01:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/09/10 20:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\Malwarebytes
[2013/09/10 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 20:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/10 20:39:13 | 000,020,552 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/10 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/10 18:17:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/09 22:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\Sonic
[2013/09/09 22:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\Leadertech
[2013/09/09 21:24:07 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stacy\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/09 20:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/09/09 19:44:08 | 002,982,744 | ---- | C] (Boost Software Inc.) -- C:\Documents and Settings\Stacy\Desktop\Error_Repair_Tool.exe
[2013/09/08 20:09:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stacy\Desktop\OTL.exe
[2013/09/08 19:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\GTek
[2013/09/08 08:47:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/09/08 08:30:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/09/06 15:41:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2013/09/06 15:41:05 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2013/09/06 15:41:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2013/09/06 15:41:01 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2013/09/06 15:41:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2013/09/06 15:41:01 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2013/09/06 15:41:00 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2013/09/06 15:40:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2013/09/06 15:40:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2013/09/06 15:40:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2013/09/06 15:40:48 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2013/09/06 15:40:48 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2013/09/06 15:40:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2013/09/06 15:40:47 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2013/09/06 15:40:46 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2013/09/06 15:40:46 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2013/09/06 15:40:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2013/09/06 15:40:41 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2013/09/06 15:40:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2013/09/06 15:40:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2013/09/06 15:40:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2013/09/06 15:40:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2013/09/06 15:40:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2013/09/06 15:40:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2013/09/06 15:40:34 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2013/09/06 15:40:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2013/09/06 15:40:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2013/09/06 15:40:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2013/09/06 15:40:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2013/09/06 15:40:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2013/09/06 15:40:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2013/09/06 15:40:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2013/09/06 15:40:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2013/09/06 15:40:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2013/09/06 15:40:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2013/09/06 15:40:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2013/09/06 15:40:32 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2013/09/06 15:40:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2013/09/06 15:40:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2013/09/06 15:40:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2013/09/06 15:40:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/09/06 15:40:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/09/06 15:40:23 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2013/09/06 15:40:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2013/09/06 15:40:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2013/09/06 15:40:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2013/09/06 15:40:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2013/09/06 15:40:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2013/09/06 15:40:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2013/09/06 15:40:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2013/09/06 15:40:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2013/09/06 15:40:12 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2013/09/06 15:40:12 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2013/09/06 15:40:12 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2013/09/06 15:40:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2013/09/06 15:40:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2013/09/06 15:40:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2013/09/06 15:39:58 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2013/09/06 15:39:53 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2013/09/06 15:39:36 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2013/09/06 15:39:36 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2013/09/06 15:39:35 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2013/09/06 15:39:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2013/09/06 15:39:32 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2013/09/06 15:39:27 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2013/09/06 15:39:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2013/09/06 15:39:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2013/09/06 15:39:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2013/09/06 15:39:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2013/09/06 15:39:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2013/09/06 15:39:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2013/09/06 15:39:10 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2013/09/06 15:38:48 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2013/09/06 15:38:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2013/09/06 15:38:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2013/09/06 15:38:40 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2013/09/06 15:38:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2013/09/06 15:38:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2013/09/06 15:38:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2013/09/06 15:38:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2013/09/06 15:38:34 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2013/09/06 15:38:34 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2013/09/06 15:38:34 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2013/09/06 15:38:33 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2013/09/06 15:38:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2013/09/06 15:38:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2013/09/06 15:38:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2013/09/06 15:38:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2013/09/06 15:38:17 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2013/09/06 15:38:16 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2013/09/06 15:38:16 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2013/09/06 15:38:15 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2013/09/06 15:38:15 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2013/09/06 15:38:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2013/09/06 15:38:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2013/09/06 15:38:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2013/09/06 15:38:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2013/09/06 15:38:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013/09/06 15:38:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2013/09/06 15:38:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2013/09/06 15:37:57 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2013/09/06 15:37:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2013/09/06 15:37:57 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2013/09/06 15:37:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2013/09/06 15:37:51 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2013/09/06 15:37:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2013/09/06 15:37:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2013/09/06 15:37:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2013/09/06 15:37:34 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2013/09/06 15:37:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2013/09/06 15:37:33 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2013/09/06 15:37:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2013/09/06 15:37:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2013/09/06 15:37:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2013/09/06 15:37:27 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2013/09/06 15:35:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2013/09/06 15:30:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2013/09/06 15:29:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2013/09/06 15:29:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2013/09/06 15:29:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2013/09/06 15:29:59 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2013/09/06 15:29:56 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2013/09/06 15:29:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2013/09/06 15:29:52 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2013/09/06 15:29:52 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2013/09/06 15:29:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2013/09/06 15:29:52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2013/09/06 15:29:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2013/09/06 15:29:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2013/09/06 15:29:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2013/09/06 15:29:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2013/09/06 15:29:40 | 000,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2013/09/06 15:29:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2013/09/06 15:29:39 | 000,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2013/09/06 15:29:39 | 000,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2013/09/06 15:29:31 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2013/09/06 15:29:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2013/09/06 15:29:29 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2013/09/06 15:29:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2013/09/06 15:29:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2013/09/06 15:29:22 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2013/09/06 15:29:22 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2013/09/06 15:29:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2013/09/06 15:23:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2013/09/06 15:21:49 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehituner.dll
[2013/09/06 15:21:46 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2013/09/06 15:21:45 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2013/09/06 15:21:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2013/09/06 15:21:45 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2013/09/06 15:21:43 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2013/09/06 15:21:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2013/09/06 15:21:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2013/09/06 15:21:42 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2013/09/06 15:21:42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2013/09/06 15:21:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2013/09/06 15:21:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2013/09/06 15:21:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2013/09/06 15:21:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2013/09/06 15:21:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2013/09/06 15:21:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2013/09/06 15:21:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2013/09/06 15:21:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2013/09/06 15:21:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2013/09/06 15:21:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2013/09/06 15:21:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2013/09/06 15:21:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2013/09/06 15:21:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2013/09/06 15:21:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2013/09/06 15:21:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2013/09/06 15:21:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2013/09/06 15:21:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2013/09/06 15:21:39 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2013/09/06 15:21:39 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2013/09/06 15:21:39 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2013/09/06 15:21:39 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2013/09/06 15:21:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2013/09/06 15:21:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2013/09/06 15:21:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2013/09/06 15:21:21 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2013/09/06 15:21:20 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2013/09/06 15:21:20 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2013/09/06 15:21:19 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2013/09/06 15:21:18 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2013/09/06 15:21:17 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2013/09/06 15:21:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2013/09/06 15:21:16 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2013/09/06 15:21:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013/09/06 15:21:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2013/09/06 15:21:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2013/09/06 15:21:15 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2013/09/06 15:21:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2013/09/06 15:21:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2013/09/05 20:37:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2013/09/05 20:37:17 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2013/09/05 20:34:28 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2013/09/05 20:34:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2013/09/05 20:34:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2013/09/05 20:34:19 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2013/09/05 20:34:19 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2013/09/05 20:34:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2013/09/05 20:34:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2013/09/05 20:34:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/15 14:28:24 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/15 14:28:24 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/15 14:25:58 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2013/09/15 14:24:30 | 000,001,418 | -HS- | M] () -- C:\hpqp.ini
[2013/09/15 14:24:24 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2013/09/15 14:23:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/15 14:23:30 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/15 13:51:49 | 005,126,233 | R--- | M] (Swearware) -- C:\Documents and Settings\Stacy\Desktop\ComboFix.exe
[2013/09/15 13:50:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Stacy\Desktop\MBR.dat
[2013/09/15 13:00:01 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\ourwgwdk.job
[2013/09/15 12:23:04 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Stacy\Desktop\VEW.exe
[2013/09/15 12:22:25 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stacy\Desktop\tdsskiller.exe
[2013/09/15 11:44:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/15 11:44:06 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/12 21:40:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Stacy\Desktop\aswmbr.exe
[2013/09/11 22:37:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/09/11 22:35:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Stacy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/09/11 22:27:04 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/11 22:25:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/11 21:42:53 | 000,059,020 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/09/11 21:26:15 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2013/09/10 20:39:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 20:46:30 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Stacy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/08 20:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacy\Desktop\OTL.exe
[2013/09/08 20:26:23 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stacy\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/08 19:13:20 | 002,982,744 | ---- | M] (Boost Software Inc.) -- C:\Documents and Settings\Stacy\Desktop\Error_Repair_Tool.exe
[2013/09/08 08:21:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/06 15:43:45 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/09/06 15:35:17 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2013/09/06 15:35:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/09/06 15:35:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/09/06 15:34:52 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2013/09/06 15:34:01 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013/09/06 15:25:08 | 000,034,284 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/15 13:50:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Stacy\Desktop\MBR.dat
[2013/09/15 12:23:04 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Stacy\Desktop\VEW.exe
[2013/09/12 21:56:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/12 21:56:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/12 21:56:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/12 21:56:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/12 21:56:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/11 22:15:24 | 009,271,864 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2013/09/11 21:42:53 | 000,059,020 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/09/11 21:26:16 | 000,013,756 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2013/09/10 20:39:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 19:21:12 | 1071,894,528 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/06 15:39:21 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2013/09/06 15:38:16 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2013/09/06 15:35:17 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2013/09/06 15:34:52 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2013/09/06 15:24:27 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2013/09/05 20:34:01 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2013/09/05 20:34:01 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2013/09/05 20:34:01 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2013/09/05 20:34:01 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2013/09/05 20:34:01 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2013/09/05 20:34:01 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/01/31 18:58:51 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Stacy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 15:28:34 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Stacy\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/01/30 18:11:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/04 00:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004/08/04 00:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: FUJITSU MHV2100AT PL
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 80.00GB
Starting Offset: 8225280
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 86061104640
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 98950118400
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008/02/12 08:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Adobe
[2008/08/06 21:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\AdobeUM
[2013/09/11 20:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Apple Computer
[2008/07/04 02:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\CyberLink
[2008/02/06 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Google
[2013/09/08 19:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\GTek
[2008/09/08 17:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\HP
[2008/06/29 15:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\HPAppData
[2008/01/31 14:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Identities
[2008/01/31 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Intuit
[2013/09/09 22:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Leadertech
[2008/08/04 19:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\LimeWire
[2008/01/31 15:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Macromedia
[2013/09/10 20:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Malwarebytes
[2008/06/29 15:48:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Stacy\Application Data\Microsoft
[2013/09/09 20:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\MP3Rocket
[2013/09/09 22:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Sonic
[2008/02/11 20:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacy\Application Data\Sun

< MD5 for: ATAPI.SYS >
[2003/08/13 15:29:36 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/08/13 15:15:36 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2003/08/13 15:16:47 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=B82CD0AD8B605F64EAD6C46D70A2C993 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2004/08/04 00:56:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2004/08/04 00:56:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/10 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2003/08/13 15:17:47 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2003/08/13 15:23:15 | 000,228,352 | ---- | M] (Microsoft Corporation) MD5=18A8BE5A66B93F9C9615F7D4C148EDE2 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/10 16:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2003/08/13 15:24:57 | 000,133,632 | ---- | M] (Microsoft Corporation) MD5=4A3D059857FBAFFFEA7997C3839E8803 -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
[2006/10/13 08:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2004/08/10 16:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
[2004/08/04 00:56:46 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2004/08/04 00:56:46 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/04 00:56:46 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 20:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\erdnt\cache\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\services.exe
[2003/08/13 15:28:13 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2003/08/13 15:30:43 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2003/08/13 15:32:30 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2003/08/13 15:34:22 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 00:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2004/08/04 00:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\system32\winrnr.dll
[2003/08/13 15:34:32 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=54332DB2DC5B851709CD78D2DA22F2FB -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 00:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 00:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 00:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/04 00:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/08/13 15:22:47 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 00:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 00:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 00:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/04 00:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/08/13 15:22:47 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
--------------------------------------------------------------------------------

OTL Extras logfile created on: 9/15/2013 2:38:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stacy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 436.41 Mb Available Physical Memory | 42.69% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.92% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.14 Gb Total Space | 64.14 Gb Free Space | 80.03% Space Free | Partition Type: NTFS
Drive D: | 11.98 Gb Total Space | 0.24 Gb Free Space | 1.98% Space Free | Partition Type: FAT32

Computer Name: 3R1CV3R4 | User Name: Stacy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Internet TV & Radio Player"_is1" = Internet TV & Radio Player
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}" = HP User Guides 0026
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/15/2013 11:46:48 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:46:54 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:01 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:07 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:13 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:20 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:27 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:33 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:41 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 9/15/2013 11:47:49 AM | Computer Name = 3R1CV3R4 | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

[ System Events ]
Error - 9/9/2013 7:44:17 PM | Computer Name = STACY-E0B1E99E2 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/9/2013 7:44:20 PM | Computer Name = STACY-E0B1E99E2 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/9/2013 8:47:20 PM | Computer Name = STACY-E0B1E99E2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 9/9/2013 9:10:38 PM | Computer Name = STACY-E0B1E99E2 | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%127

Error - 9/9/2013 9:13:04 PM | Computer Name = STACY-E0B1E99E2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E9376CC6-121A-447E-81CF-D8BCC200007C}

Error - 9/9/2013 9:18:30 PM | Computer Name = STACY-E0B1E99E2 | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%127

Error - 9/9/2013 9:18:30 PM | Computer Name = STACY-E0B1E99E2 | Source = Service Control Manager | ID = 7001
Description = The HTTP SSL service depends on the HTTP service which failed to start
because of the following error: %%127

Error - 9/15/2013 11:43:49 AM | Computer Name = 3R1CV3R4 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.33.126
on the Network Card with network address 0014A575F700.

Error - 9/15/2013 12:46:11 PM | Computer Name = 3R1CV3R4 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/15/2013 1:47:40 PM | Computer Name = 3R1CV3R4 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\WINDOWS\system32\awttqqrq.dll
C:\WINDOWS\system32\bipaxqjb.dll
C:\WINDOWS\system32\kunobesi.dll
C:\WINDOWS\system32\siftyfwo.dll
C:\WINDOWS\system32\wuwivivo.dll
c:\windows\system32\kunobesi.dll
c:\windows\system32\wuwivivo.dll
c:\windows\Tasks\ourwgwdk.job

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#24
eMoRTaL

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi Ron, I've finished these next steps. Whenever I try to Shutdown from Start...it hangs...and have to CTRL+ALT+DEL and Shut Down --->shutdown or restart...etc. I still get a couple errors...but seems to be that these files are on an installation disk that I don't have. Here's what they say:
Status (!)
An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Microsoft .NET Framework (X)
An unhandled exception has occured in a component in your application. Click continue and application will ignore this error and attempt to continue.
Object reference not set to an instance of an object
[Details] [Continue]

Continue just brings the box back up...Here's when I press the details button

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
at HP.CUE.Video.PlaybackControl.UpdateProgressBar()
at HP.CUE.Video.PlaybackControl._ProgressTimer_Tick(Object sender, EventArgs e)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.Callback(IntPtr hWnd, Int32 msg, IntPtr idEvent, IntPtr dwTime)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll
----------------------------------------
hpqimzone
Assembly Version: 3.0.0.0
Win32 Version: 060.000.155.000
CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqimzone.exe
----------------------------------------
hpqiface
Assembly Version: 4.0.0.0
Win32 Version: 060.000.155.000
CodeBase: file:///c:/windows/assembly/gac/hpqiface/4.0.0.0__a53cf5803f4c3827/hpqiface.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll
----------------------------------------
System.Drawing
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll
----------------------------------------
System
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll
----------------------------------------
hpqcc2
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqcc2/3.0.0.0__a53cf5803f4c3827/hpqcc2.dll
----------------------------------------
hpqutils
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqutils/4.0.0.0__a53cf5803f4c3827/hpqutils.dll
----------------------------------------
hpqfmrsc
Assembly Version: 4.0.0.0
Win32 Version: 060.000.155.000
CodeBase: file:///c:/windows/assembly/gac/hpqfmrsc/4.0.0.0__a53cf5803f4c3827/hpqfmrsc.dll
----------------------------------------
hpqtray
Assembly Version: 4.0.0.0
Win32 Version: 060.000.155.000
CodeBase: file:///c:/windows/assembly/gac/hpqtray/4.0.0.0__a53cf5803f4c3827/hpqtray.dll
----------------------------------------
hpqovskn
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqovskn/3.0.0.0__a53cf5803f4c3827/hpqovskn.dll
----------------------------------------
hpqthumb
Assembly Version: 3.0.0.0
Win32 Version: 060.000.155.000
CodeBase: file:///c:/windows/assembly/gac/hpqthumb/3.0.0.0__a53cf5803f4c3827/hpqthumb.dll
----------------------------------------
hpqimvlt
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqimvlt/3.0.0.0__a53cf5803f4c3827/hpqimvlt.dll
----------------------------------------
hpqimgrc
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqimgrc/4.0.0.0__a53cf5803f4c3827/hpqimgrc.dll
----------------------------------------
hpqntrop
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqntrop/4.0.0.0__a53cf5803f4c3827/hpqntrop.dll
----------------------------------------
Interop.hpqcxm08
Assembly Version: 3.0.0.0
Win32 Version: 60.0.155.000
CodeBase: file:///c:/windows/assembly/gac/interop.hpqcxm08/3.0.0.0__a53cf5803f4c3827/interop.hpqcxm08.dll
----------------------------------------
System.Xml
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll
----------------------------------------
LEAD
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead/13.0.0.113__9cf889f53ea9b907/lead.dll
----------------------------------------
LEAD.Wrapper
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.wrapper/13.0.0.113__9cf889f53ea9b907/lead.wrapper.dll
----------------------------------------
LEAD.Windows.Forms
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.dll
----------------------------------------
LEAD.Drawing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.drawing/13.0.0.113__9cf889f53ea9b907/lead.drawing.dll
----------------------------------------
interop.hpqimgr
Assembly Version: 4.0.0.0
Win32 Version: 4.0.0.0
CodeBase: file:///c:/windows/assembly/gac/interop.hpqimgr/4.0.0.0__a53cf5803f4c3827/interop.hpqimgr.dll
----------------------------------------
hpqasset
Assembly Version: 4.0.0.0
Win32 Version: 060.000.155.000
CodeBase: file:///c:/windows/assembly/gac/hpqasset/4.0.0.0__a53cf5803f4c3827/hpqasset.dll
----------------------------------------
hpqmirsc
Assembly Version: 3.0.0.0
Win32 Version: 060.000.155.000
CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqmirsc.DLL
----------------------------------------
hpqedit
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqedit/3.0.0.0__a53cf5803f4c3827/hpqedit.dll
----------------------------------------
hpqvideo
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqvideo/3.0.0.0__a53cf5803f4c3827/hpqvideo.dll
----------------------------------------
LEAD.Windows.Forms.DrawingContainer
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms.drawingcontainer/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.drawingcontainer.dll
----------------------------------------
hpqmdmr
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqmdmr/4.0.0.0__a53cf5803f4c3827/hpqmdmr.dll
----------------------------------------
LEAD.Drawing.Imaging.ImageProcessing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.drawing.imaging.imageprocessing/13.0.0.113__9cf889f53ea9b907/lead.drawing.imaging.imageprocessing.dll
----------------------------------------
hpqimlib
Assembly Version: 3.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqimlib/3.0.0.0__a53cf5803f4c3827/hpqimlib.dll
----------------------------------------
hpqglutl
Assembly Version: 4.0.0.0
Win32 Version: 060.000.087.000
CodeBase: file:///c:/windows/assembly/gac/hpqglutl/4.0.0.0__a53cf5803f4c3827/hpqglutl.dll
----------------------------------------
Interop.hpqvideo
Assembly Version: 4.0.0.0
Win32 Version: 4.0.0.0
CodeBase: file:///c:/windows/assembly/gac/interop.hpqvideo/4.0.0.0__a53cf5803f4c3827/interop.hpqvideo.dll
----------------------------------------

************** JIT Debugging **************
To enable just in time (JIT) debugging, the config file for this
application or machine (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the machine
rather than being handled by this dialog.

--------------------------------------------------------------------

ComboFix 13-09-14.01 - Stacy 09/15/2013 19:10:23.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.363 [GMT -4:00]
Running from: c:\documents and settings\Stacy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stacy\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\awttqqrq.dll"
"c:\windows\system32\bipaxqjb.dll"
"c:\windows\system32\kunobesi.dll"
"c:\windows\system32\siftyfwo.dll"
"c:\windows\system32\wuwivivo.dll"
"c:\windows\Tasks\ourwgwdk.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\awttqqrq.dll
c:\windows\system32\bipaxqjb.dll
c:\windows\system32\kunobesi.dll
c:\windows\system32\siftyfwo.dll
c:\windows\system32\wuwivivo.dll
c:\windows\Tasks\ourwgwdk.job
.
.
((((((((((((((((((((((((( Files Created from 2013-08-15 to 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-12 02:35 . 2004-08-04 04:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-09-12 02:16 . 2013-09-12 02:26 -------- d-----w- c:\windows\system32\wbem\Repository.001
2013-09-12 02:14 . 2004-08-04 04:56 162304 ----a-w- c:\windows\system32\wuaucpl.cpl
2013-09-12 02:14 . 2004-08-04 04:56 221184 ------w- c:\program files\Windows Media Player\wmpns.dll
2013-09-12 02:05 . 2004-07-17 15:40 19528 ----a-w- c:\windows\002815_.tmp
2013-09-11 00:39 . 2013-09-11 00:39 -------- d-----w- c:\documents and settings\Stacy\Application Data\Malwarebytes
2013-09-11 00:39 . 2013-09-11 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-11 00:39 . 2013-09-11 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-11 00:39 . 2013-04-04 18:50 20552 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-10 22:17 . 2013-09-10 22:17 -------- d-----w- C:\_OTL
2013-09-10 02:19 . 2013-09-10 02:19 -------- d-----w- c:\documents and settings\Stacy\Application Data\Sonic
2013-09-10 02:17 . 2013-09-10 02:17 -------- d-----w- c:\documents and settings\Stacy\Application Data\Leadertech
2013-09-08 23:11 . 2013-09-08 23:11 -------- d-----w- c:\documents and settings\Stacy\Application Data\GTek
2013-09-06 19:41 . 2003-08-13 19:33 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-09-06 19:41 . 2003-08-13 19:33 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2013-09-06 19:41 . 2003-08-13 19:33 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2013-09-06 19:41 . 2003-08-13 19:33 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2013-09-06 19:41 . 2003-08-13 19:33 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2013-09-06 19:41 . 2003-08-13 19:33 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2013-09-06 19:41 . 2003-08-13 19:33 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2013-09-06 19:39 . 2003-08-13 19:24 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2013-09-06 19:38 . 2003-08-13 19:19 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2013-09-06 19:37 . 2003-08-13 19:15 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2013-09-06 19:35 . 2003-05-11 20:26 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2013-09-06 19:30 . 2003-08-13 19:22 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2013-09-06 19:23 . 2002-06-21 21:31 16384 ----a-w- c:\windows\system32\netfxperf.dll
2013-09-06 19:12 . 2004-08-04 03:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2013-09-06 19:05 . 2003-08-13 19:30 425866 ----a-r- c:\windows\SET80.tmp
2013-09-06 19:05 . 2003-08-13 19:25 7046 ----a-r- c:\windows\SET68.tmp
2013-09-06 19:05 . 2003-08-13 19:18 13608 ----a-r- c:\windows\SET56.tmp
2013-09-06 19:05 . 2003-08-13 19:24 1086182 ----a-r- c:\windows\SET4A.tmp
2013-09-06 00:43 . 2004-08-04 03:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2013-09-06 00:39 . 2004-08-04 02:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2013-09-06 00:37 . 2004-08-04 04:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2013-09-06 00:37 . 2004-08-04 04:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2013-09-06 00:36 . 2004-08-04 03:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2013-09-06 00:36 . 2004-08-04 05:01 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2013-09-06 00:33 . 2003-08-13 19:25 7046 ----a-r- c:\windows\SET9C.tmp
2013-09-06 00:33 . 2003-08-13 19:18 13608 ----a-r- c:\windows\SET8A.tmp
2013-09-06 00:33 . 2003-08-13 19:24 1086182 ----a-r- c:\windows\SET7E.tmp
2013-09-05 23:07 . 2013-09-05 23:07 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2005-9-24 73728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/10/2013 8:39 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/10/2013 8:39 PM 701512]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/31/2008 2:30 PM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/10/2013 8:39 PM 20552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uDefault_Search_URL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: yahoo.com\m.www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-15 19:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?8?9?1??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-09-15 19:20:52
ComboFix-quarantined-files.txt 2013-09-15 23:20
.
Pre-Run: 68,806,438,912 bytes free
Post-Run: 68,797,153,280 bytes free
.
- - End Of File - - 4CE14897AFB6F3187BFC349FD264454B
8F558EB6672622401DA993E1E865C861

--------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/09/2013 9:25:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2013 9:12:25 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2013 9:12:05 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0014A575F700. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/09/2013 9:21:23 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/09/2013 9:18:17 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 15/09/2013 9:17:19 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 15/09/2013 9:14:06 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: PhotoGallery -- Error 1706.No valid source could be found for product PhotoGallery. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 15/09/2013 9:13:32 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 15/09/2013 9:13:30 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Log: 'Application' Date/Time: 15/09/2013 9:13:25 PM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/09/2013 9:18:07 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{58A8E462-C498-4378-BFFA-E0A57C43D405}'

Log: 'Application' Date/Time: 15/09/2013 9:18:07 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:17:11 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{58A8E462-C498-4378-BFFA-E0A57C43D405}'

Log: 'Application' Date/Time: 15/09/2013 9:17:11 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:16:20 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{58A8E462-C498-4378-BFFA-E0A57C43D405}'

Log: 'Application' Date/Time: 15/09/2013 9:16:20 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:15:28 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{58A8E462-C498-4378-BFFA-E0A57C43D405}'

Log: 'Application' Date/Time: 15/09/2013 9:15:28 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:14:02 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{58A8E462-C498-4378-BFFA-E0A57C43D405}'

Log: 'Application' Date/Time: 15/09/2013 9:14:02 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:14:02 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{58A8E462-C498-4378-BFFA-E0A57C43D405}'

Log: 'Application' Date/Time: 15/09/2013 9:14:02 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{393DAB05-309B-4691-A817-ED6C326983C1}'

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{1A4D0FBA-CD92-4C4E-8AC7-87C0309976C3}'

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{1A4D0FBA-CD92-4C4E-8AC7-87C0309976C3}'

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{1A4D0FBA-CD92-4C4E-8AC7-87C0309976C3}'

Log: 'Application' Date/Time: 15/09/2013 9:13:53 PM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Edited by eMoRTaL, 15 September 2013 - 07:39 PM.

  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Apparently we are missing: C:\WINDOWS\system32\gdiplus.dll

Let's see if there is another copy:


Copy the text in the code box:

/md5start
gdiplus.dll
/md5stop


Run OTL (Vista or Win 7 => right click and Run As Administrator)


Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

Advertisements


#26
eMoRTaL

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ron, here's the log:

OTL logfile created on: 9/17/2013 8:39:25 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stacy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 476.10 Mb Available Physical Memory | 46.58% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.14 Gb Total Space | 64.34 Gb Free Space | 80.28% Space Free | Partition Type: NTFS
Drive D: | 11.98 Gb Total Space | 0.24 Gb Free Space | 1.98% Space Free | Partition Type: FAT32

Computer Name: 3R1CV3R4 | User Name: Stacy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/08 20:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacy\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2005/12/22 09:57:10 | 000,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/12/08 14:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/11/20 21:08:22 | 001,055,744 | ---- | M] () -- C:\Program Files\Safari\libxml2.dll
MOD - [2008/11/20 21:08:22 | 000,368,640 | ---- | M] () -- C:\Program Files\Safari\SQLite3.dll
MOD - [2008/11/20 21:08:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Safari\libtidy.dll
MOD - [2008/11/20 21:08:22 | 000,062,464 | ---- | M] () -- C:\Program Files\Safari\zlib1.dll
MOD - [2005/12/12 12:39:46 | 000,167,936 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
MOD - [2005/12/08 14:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
MOD - [2004/08/04 00:56:46 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/04 00:56:46 | 000,270,848 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/04 00:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/04 00:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Stacy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,020,552 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2005/11/28 05:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 18:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 07:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 06:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 05:06:00 | 001,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 05:06:00 | 000,718,464 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 05:06:00 | 000,231,424 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/02 06:00:00 | 000,349,312 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 05:58:00 | 000,038,016 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/05/05 11:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 11:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{4F6D47CD-3C0E-48FA-AE6C-4E283D9998F7}: "URL" = http://internetsearc...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7SUNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




O1 HOSTS File: ([2013/09/15 19:18:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: yahoo.com ([m.www] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} http://rockyou.com/R...ageUploader.cab (RockYou Image Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3EF8E67-C378-4677-B3F5-2213888F9AF5}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stacy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stacy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 18:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/31 14:01:54 | 000,000,050 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/15 21:16:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/15 19:20:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/09/15 12:22:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stacy\Desktop\tdsskiller.exe
[2013/09/12 21:56:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/12 21:56:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/12 21:56:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/12 21:56:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/12 21:56:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/12 21:55:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Stacy\Start Menu\Programs\Administrative Tools
[2013/09/12 21:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/12 21:54:37 | 005,126,233 | R--- | C] (Swearware) -- C:\Documents and Settings\Stacy\Desktop\ComboFix.exe
[2013/09/12 21:40:34 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Stacy\Desktop\aswmbr.exe
[2013/09/11 22:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/09/11 22:15:25 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehchsime.dll
[2013/09/11 22:15:25 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdatunepia.dll
[2013/09/11 22:15:24 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqqp20.dll
[2013/09/11 22:15:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqdb20.dll
[2013/09/11 22:15:24 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehglid.dll
[2013/09/11 22:15:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcommon.dll
[2013/09/11 22:15:24 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqse20.dll
[2013/09/11 22:15:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiepg.dll
[2013/09/11 22:15:24 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiextens.dll
[2013/09/11 22:15:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gacutil.exe
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2013/09/11 22:15:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2013/09/11 22:15:24 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\medctrro.exe
[2013/09/11 22:15:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2013/09/11 22:15:24 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehmsas.exe
[2013/09/11 22:15:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehjpnime.dll
[2013/09/11 22:15:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcircl.dll
[2013/09/11 22:15:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiuserxp.dll
[2013/09/11 22:15:24 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snchk.exe
[2013/09/11 22:15:01 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2013/09/11 22:01:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/09/10 20:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\Malwarebytes
[2013/09/10 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 20:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/10 20:39:13 | 000,020,552 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/10 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/10 18:17:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/09 22:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\Sonic
[2013/09/09 22:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\Leadertech
[2013/09/09 21:24:07 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stacy\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/09 20:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/09/09 19:44:08 | 002,982,744 | ---- | C] (Boost Software Inc.) -- C:\Documents and Settings\Stacy\Desktop\Error_Repair_Tool.exe
[2013/09/08 20:09:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stacy\Desktop\OTL.exe
[2013/09/08 19:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacy\Application Data\GTek
[2013/09/08 08:47:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/09/08 08:30:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/09/06 15:41:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2013/09/06 15:41:05 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2013/09/06 15:41:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2013/09/06 15:41:01 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2013/09/06 15:41:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2013/09/06 15:41:01 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2013/09/06 15:41:00 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2013/09/06 15:40:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2013/09/06 15:40:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2013/09/06 15:40:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2013/09/06 15:40:48 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2013/09/06 15:40:48 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2013/09/06 15:40:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2013/09/06 15:40:47 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2013/09/06 15:40:46 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2013/09/06 15:40:46 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2013/09/06 15:40:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2013/09/06 15:40:41 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2013/09/06 15:40:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2013/09/06 15:40:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2013/09/06 15:40:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2013/09/06 15:40:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2013/09/06 15:40:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2013/09/06 15:40:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2013/09/06 15:40:34 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2013/09/06 15:40:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2013/09/06 15:40:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2013/09/06 15:40:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2013/09/06 15:40:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2013/09/06 15:40:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2013/09/06 15:40:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2013/09/06 15:40:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2013/09/06 15:40:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2013/09/06 15:40:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2013/09/06 15:40:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2013/09/06 15:40:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2013/09/06 15:40:32 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2013/09/06 15:40:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2013/09/06 15:40:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2013/09/06 15:40:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2013/09/06 15:40:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013/09/06 15:40:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013/09/06 15:40:23 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2013/09/06 15:40:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2013/09/06 15:40:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2013/09/06 15:40:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2013/09/06 15:40:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2013/09/06 15:40:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2013/09/06 15:40:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2013/09/06 15:40:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2013/09/06 15:40:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2013/09/06 15:40:12 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2013/09/06 15:40:12 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2013/09/06 15:40:12 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2013/09/06 15:40:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2013/09/06 15:40:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2013/09/06 15:40:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2013/09/06 15:39:58 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2013/09/06 15:39:53 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2013/09/06 15:39:36 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2013/09/06 15:39:36 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2013/09/06 15:39:35 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2013/09/06 15:39:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2013/09/06 15:39:32 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2013/09/06 15:39:27 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2013/09/06 15:39:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2013/09/06 15:39:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2013/09/06 15:39:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2013/09/06 15:39:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2013/09/06 15:39:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2013/09/06 15:39:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2013/09/06 15:39:10 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2013/09/06 15:38:48 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2013/09/06 15:38:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2013/09/06 15:38:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2013/09/06 15:38:40 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2013/09/06 15:38:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2013/09/06 15:38:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2013/09/06 15:38:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2013/09/06 15:38:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2013/09/06 15:38:34 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2013/09/06 15:38:34 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2013/09/06 15:38:34 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2013/09/06 15:38:33 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2013/09/06 15:38:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2013/09/06 15:38:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2013/09/06 15:38:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2013/09/06 15:38:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2013/09/06 15:38:17 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2013/09/06 15:38:16 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2013/09/06 15:38:16 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2013/09/06 15:38:15 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2013/09/06 15:38:15 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2013/09/06 15:38:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2013/09/06 15:38:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2013/09/06 15:38:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2013/09/06 15:38:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2013/09/06 15:38:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013/09/06 15:38:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2013/09/06 15:38:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2013/09/06 15:37:57 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2013/09/06 15:37:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2013/09/06 15:37:57 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2013/09/06 15:37:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2013/09/06 15:37:51 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2013/09/06 15:37:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2013/09/06 15:37:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2013/09/06 15:37:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2013/09/06 15:37:34 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2013/09/06 15:37:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2013/09/06 15:37:33 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2013/09/06 15:37:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2013/09/06 15:37:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2013/09/06 15:37:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2013/09/06 15:37:27 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2013/09/06 15:35:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2013/09/06 15:30:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2013/09/06 15:29:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2013/09/06 15:29:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2013/09/06 15:29:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2013/09/06 15:29:59 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2013/09/06 15:29:56 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2013/09/06 15:29:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2013/09/06 15:29:52 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2013/09/06 15:29:52 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2013/09/06 15:29:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2013/09/06 15:29:52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2013/09/06 15:29:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2013/09/06 15:29:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2013/09/06 15:29:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2013/09/06 15:29:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2013/09/06 15:29:40 | 000,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2013/09/06 15:29:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2013/09/06 15:29:39 | 000,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2013/09/06 15:29:39 | 000,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2013/09/06 15:29:31 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2013/09/06 15:29:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2013/09/06 15:29:29 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2013/09/06 15:29:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2013/09/06 15:29:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2013/09/06 15:29:22 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2013/09/06 15:29:22 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2013/09/06 15:29:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2013/09/06 15:23:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2013/09/06 15:21:49 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehituner.dll
[2013/09/06 15:21:46 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2013/09/06 15:21:45 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2013/09/06 15:21:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2013/09/06 15:21:45 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2013/09/06 15:21:43 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2013/09/06 15:21:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2013/09/06 15:21:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2013/09/06 15:21:42 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2013/09/06 15:21:42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2013/09/06 15:21:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2013/09/06 15:21:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2013/09/06 15:21:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2013/09/06 15:21:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2013/09/06 15:21:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2013/09/06 15:21:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2013/09/06 15:21:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2013/09/06 15:21:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2013/09/06 15:21:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2013/09/06 15:21:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2013/09/06 15:21:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2013/09/06 15:21:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2013/09/06 15:21:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2013/09/06 15:21:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2013/09/06 15:21:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2013/09/06 15:21:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2013/09/06 15:21:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2013/09/06 15:21:39 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2013/09/06 15:21:39 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2013/09/06 15:21:39 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2013/09/06 15:21:39 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2013/09/06 15:21:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2013/09/06 15:21:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2013/09/06 15:21:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2013/09/06 15:21:21 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2013/09/06 15:21:20 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2013/09/06 15:21:20 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2013/09/06 15:21:19 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2013/09/06 15:21:18 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2013/09/06 15:21:17 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2013/09/06 15:21:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2013/09/06 15:21:16 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2013/09/06 15:21:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013/09/06 15:21:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2013/09/06 15:21:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2013/09/06 15:21:15 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2013/09/06 15:21:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2013/09/06 15:21:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2013/09/05 20:37:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2013/09/05 20:37:17 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2013/09/05 20:34:28 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2013/09/05 20:34:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2013/09/05 20:34:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2013/09/05 20:34:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2013/09/05 20:34:19 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2013/09/05 20:34:19 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2013/09/05 20:34:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2013/09/05 20:34:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2013/09/05 20:34:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/17 20:38:29 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/17 20:38:29 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/17 20:34:43 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2013/09/17 20:33:55 | 000,001,418 | -HS- | M] () -- C:\hpqp.ini
[2013/09/17 20:33:54 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2013/09/17 20:33:36 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/17 20:33:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/17 20:33:29 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/15 19:18:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/15 13:51:49 | 005,126,233 | R--- | M] (Swearware) -- C:\Documents and Settings\Stacy\Desktop\ComboFix.exe
[2013/09/15 13:50:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Stacy\Desktop\MBR.dat
[2013/09/15 12:23:04 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Stacy\Desktop\VEW.exe
[2013/09/15 12:22:25 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stacy\Desktop\tdsskiller.exe
[2013/09/12 21:40:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Stacy\Desktop\aswmbr.exe
[2013/09/11 22:37:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/09/11 22:35:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Stacy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/09/11 22:27:04 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/11 22:25:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/11 21:42:53 | 000,059,020 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/09/11 21:26:15 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2013/09/10 20:39:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 20:46:30 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Stacy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/08 20:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacy\Desktop\OTL.exe
[2013/09/08 20:26:23 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stacy\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/08 19:13:20 | 002,982,744 | ---- | M] (Boost Software Inc.) -- C:\Documents and Settings\Stacy\Desktop\Error_Repair_Tool.exe
[2013/09/08 08:21:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/06 15:43:45 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/09/06 15:35:17 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2013/09/06 15:35:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/09/06 15:35:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/09/06 15:34:52 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2013/09/06 15:34:01 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2013/09/06 15:25:08 | 000,034,284 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/15 13:50:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Stacy\Desktop\MBR.dat
[2013/09/15 12:23:04 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Stacy\Desktop\VEW.exe
[2013/09/12 21:56:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/12 21:56:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/12 21:56:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/12 21:56:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/12 21:56:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/11 22:15:24 | 009,271,864 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2013/09/11 21:42:53 | 000,059,020 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/09/11 21:26:16 | 000,013,756 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2013/09/10 20:39:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 19:21:12 | 1071,894,528 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/06 15:39:21 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2013/09/06 15:38:16 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2013/09/06 15:35:17 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2013/09/06 15:34:52 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2013/09/06 15:24:27 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2013/09/05 20:34:01 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2013/09/05 20:34:01 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2013/09/05 20:34:01 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2013/09/05 20:34:01 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2013/09/05 20:34:01 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2013/09/05 20:34:01 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/01/31 18:58:51 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Stacy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 15:28:34 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Stacy\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/01/30 18:11:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/04 00:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004/08/04 00:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: GDIPLUS.DLL >
[2004/03/02 17:19:46 | 001,638,400 | ---- | M] (Microsoft Corporation) MD5=4B4113974FA0E8AA3E9009600CDA884C -- C:\Program Files\WildTangent\Apps\HP Game Console\GdiPlus.dll
[2003/08/13 15:15:32 | 001,700,352 | R--- | M] (Microsoft Corporation) MD5=4D328694BB516E46D2D184950D94433F -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
[2004/08/04 00:57:00 | 001,712,128 | ---- | M] (Microsoft Corporation) MD5=78BDC89C5D9E206209BEC5A5A73F91F7 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
[2003/08/13 15:15:32 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=84637D0DDEF17005967A8E0856E99A75 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
[2005/12/12 12:40:06 | 001,645,320 | ---- | M] (Microsoft Corporation) MD5=871C903A90C45CA08A9D42803916C3F7 -- C:\Program Files\HP\QuickPlay\Kernel\photo\gdiplus.dll
[2008/04/15 13:47:33 | 001,724,416 | ---- | M] (Microsoft Corporation) MD5=A08EF2FC9B3E688128E89D9C193F7652 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
[2008/04/13 20:12:47 | 001,724,416 | ---- | M] (Microsoft Corporation) MD5=B5625560CDA13A81D367B32E6F9FC4AC -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
[2004/02/26 21:33:18 | 001,638,400 | ---- | M] (Microsoft Corporation) MD5=CC73464126D45EC55BF908E16505EC65 -- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\gdiplus.dll
[2004/02/26 21:33:18 | 001,638,400 | ---- | M] (Microsoft Corporation) MD5=CC73464126D45EC55BF908E16505EC65 -- C:\Program Files\Sonic\DigitalMedia Plus v7\Audio Module\gdiplus.dll
[2004/02/26 21:33:18 | 001,638,400 | ---- | M] (Microsoft Corporation) MD5=CC73464126D45EC55BF908E16505EC65 -- C:\Program Files\Sonic\DigitalMedia Plus v7\Copy Module\gdiplus.dll
[2004/02/26 21:33:18 | 001,638,400 | ---- | M] (Microsoft Corporation) MD5=CC73464126D45EC55BF908E16505EC65 -- C:\Program Files\Sonic\DigitalMedia Plus v7\Data Module\gdiplus.dll
[2004/02/26 21:33:18 | 001,638,400 | ---- | M] (Microsoft Corporation) MD5=CC73464126D45EC55BF908E16505EC65 -- C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\gdiplus.dll

< End of report >
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
There appear to be a lot of GdiPlus.dll files. We will use the newest one and see if it likes it:

Copy the text in the code box by highlighting and Ctrl + c

:files
C:\WINDOWS\system32\GdiPlus.dll|C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll /replace

:Commands
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\09172013-some number.log so look there if you don't see it.


Then clear the alarms and reboot and run VEW again and let's see if it likes it.
  • 0

#28
eMoRTaL

eMoRTaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hey Ron,
I ran the Fix...however when the computer rebooted...it still gave the same errors. So I took it upon myself to look for it...and it had to do with a startup item. So I went into msconfig and just unchecked it from the startup items...and so far I haven't got either error...which look like they were both one in the same. Thank you SO much for helping me out with the cleaning of my computer. May God bless you and pour His blessings upon you. Again I can't say thank you enough.
Eric
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP