Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

used combofix with no help sorry -i need help please-logs included


  • Please log in to reply

#1
dewerly

dewerly

    Member

  • Member
  • PipPip
  • 12 posts
to who it may concern:

HELP, i thought i could use combofix on my own- geszzsh what a mess i made now!!
i have several bad viruss incuding wheels of and mass malware i will post the result here:


ComboFix 13-12-18.01 - DUANE 12/18/2013 18:56:47.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.504.231 [GMT -7:00]
Running from: c:\documents and settings\DUANE\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-11-19 to 2013-12-19 )))))))))))))))))))))))))))))))
.
.
2013-12-18 23:55 . 2013-12-18 23:55 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2013-12-18 17:35 . 2013-12-18 17:40 -------- d-----w- C:\AdwCleaner
2013-12-18 10:50 . 2013-12-18 10:50 -------- d-----w- c:\documents and settings\DUANE\Application Data\SUPERAntiSpyware.com
2013-12-18 10:49 . 2013-12-18 10:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-18 10:49 . 2013-12-18 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-12-18 07:54 . 2013-12-18 07:54 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 07:45 . 2013-12-18 07:45 -------- d-----w- c:\program files\FileASSASSIN
2013-12-18 06:31 . 2013-12-18 06:31 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-18 06:31 . 2013-12-18 06:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-18 06:31 . 2013-12-18 06:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-18 06:31 . 2013-12-18 06:31 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-18 06:31 . 2013-12-18 06:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-18 06:31 . 2013-12-10 23:11 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-18 06:31 . 2013-12-18 06:31 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-18 06:31 . 2013-12-18 06:31 43152 ----a-w- c:\windows\avastSS.scr
2013-12-18 04:50 . 2013-12-18 23:55 -------- d-----w- c:\windows\system32\CatRoot2
2013-12-18 04:24 . 2013-12-18 04:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-18 04:24 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-17 22:31 . 2013-12-17 22:31 -------- d-----w- C:\_OTL
2013-12-17 21:10 . 2013-12-18 04:53 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-12-17 21:07 . 2013-12-17 21:07 -------- d-----w- C:\RegBackup
2013-12-17 20:53 . 2001-08-17 21:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2013-12-17 20:53 . 2001-08-17 19:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2013-12-17 20:53 . 2008-04-14 05:06 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2013-12-17 20:53 . 2001-08-17 19:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2013-12-17 20:53 . 2001-08-17 19:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2013-12-17 20:53 . 2001-08-17 19:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2013-12-17 20:53 . 2001-08-17 20:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2013-12-17 20:53 . 2001-08-17 19:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2013-12-17 20:53 . 2001-08-18 05:36 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2013-12-17 20:51 . 2013-12-17 20:51 -------- d-----w- c:\program files\Tweaking.com
2013-12-17 20:27 . 2013-12-17 20:27 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-16 20:42 . 2013-12-18 05:23 -------- d-----w- c:\documents and settings\DUANE\Application Data\ElevatedDiagnostics
2013-12-16 18:22 . 2013-12-18 20:23 -------- d-----w- c:\windows\system32\NtmsData
2013-12-16 18:11 . 2013-12-18 07:25 -------- d-sh--w- c:\windows\Installer
2013-12-16 04:29 . 2013-12-17 03:19 -------- d-----w- c:\program files\Free Window Registry Repair
2013-12-16 02:40 . 2013-12-16 02:40 -------- d-----w- C:\yenicag
2013-12-15 15:48 . 2013-12-15 16:36 -------- d-----w- c:\documents and settings\DUANE\Application Data\ImgBurn
2013-12-15 07:49 . 2013-12-15 07:49 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-12-15 07:48 . 2013-12-15 07:48 -------- d-----w- c:\program files\ImgBurn
2013-12-15 05:46 . 2013-12-15 05:46 -------- d-----w- c:\program files\SysTools BKF Recovery
2013-12-15 01:53 . 2013-12-15 01:52 47564 ----a-w- c:\windows\system32\NTDETECT.COM
2013-12-14 17:48 . 2013-12-14 17:48 -------- d-----w- c:\program files\EaseUS
2013-12-13 08:25 . 2013-12-13 10:43 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-12-12 18:24 . 2013-12-12 18:24 3038 ------w- C:\fix_svchost.bat
2013-12-12 16:56 . 2013-12-15 21:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-12-12 12:48 . 2013-12-12 12:48 -------- d-----w- c:\documents and settings\DUANE\Local Settings\Application Data\Help
2013-12-12 11:59 . 2013-12-12 13:44 -------- d-----w- c:\documents and settings\Administrator
2013-12-12 09:50 . 2013-12-12 09:50 -------- d-----w- c:\documents and settings\MARILYN\Application Data\AVAST Software
2013-12-12 01:57 . 2013-12-18 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-12 00:39 . 2013-12-12 00:39 -------- d-----w- c:\documents and settings\DUANE\Application Data\Malwarebytes
2013-12-12 00:39 . 2013-12-12 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-12-10 23:16 . 2013-12-10 23:16 -------- d-----w- c:\documents and settings\DUANE\Application Data\AVAST Software
2013-11-26 11:19 . 2013-11-26 11:20 -------- d-----w- c:\documents and settings\DUANE\Application Data\Tibia
2013-11-26 11:19 . 2013-12-12 17:07 -------- d-----w- c:\program files\Tibia
2013-11-26 05:47 . 2013-12-16 18:08 -------- d-----w- c:\windows\sd_old
2013-11-25 22:36 . 2013-11-25 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
2013-11-25 22:36 . 2011-11-04 12:13 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-11-25 22:36 . 2009-03-24 19:52 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-11-25 22:36 . 2013-11-25 22:50 -------- d-----w- c:\program files\SpywareBlaster
2013-11-25 00:11 . 2013-11-25 00:19 -------- d-----w- C:\temp
2013-11-24 06:43 . 2013-11-24 07:02 -------- d-----w- C:\ARENA
2013-11-23 01:35 . 2010-06-02 11:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-11-23 01:35 . 2010-06-02 11:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-11-23 01:35 . 2010-06-02 11:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-11-23 01:35 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-11-23 01:35 . 2010-05-26 18:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-11-23 01:35 . 2010-05-26 18:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-11-23 01:35 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-11-23 01:35 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 06:31 . 2012-10-01 22:59 270240 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-16 02:05 . 2006-02-28 12:00 125952 ----a-w- c:\windows\system32\apphelp.dll
2013-12-13 21:27 . 2006-02-28 12:00 21504 ----a-w- c:\windows\system32\rcp.exe
2013-12-12 23:28 . 2006-02-28 12:00 337920 ----a-w- c:\windows\system32\filemgmt.dll
2013-12-12 12:31 . 2006-02-28 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2013-12-11 16:50 . 2006-09-29 01:56 55808 -c--a-w- c:\windows\system32\WudfSvc.dll
2013-12-11 08:37 . 2012-10-02 00:11 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 08:37 . 2012-10-02 00:11 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 02:59 . 2006-02-28 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2006-02-28 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2012-10-01 23:39 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-23 23:45 . 2006-02-28 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2006-02-28 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2006-02-28 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2006-02-28 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-10-05 16:31 . 2012-10-05 16:30 207830277 -c--a-w- c:\program files\DarkAges735single.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-18 06:31 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-17 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-18 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12/17/2013 11:31 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12/17/2013 11:31 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/17/2013 11:31 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/17/2013 11:31 PM 410528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/17/2013 11:31 PM 67824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/17/2013 9:24 PM 22856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10/10/2013 3:54 PM 120088]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/17/2013 9:24 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/17/2013 9:24 PM 701512]
S3 STV673;WebCam II;c:\windows\system32\drivers\stv673.sys [11/14/2012 2:34 PM 103548]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 10:43 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 08:38]
.
2013-12-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-01 06:30]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-01 23:00]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-01 23:00]
.
2013-12-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2764afb3-400c-42b2-a98a-13b666dc5abd.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2013-12-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task da951e1a-edc7-45fd-b860-c5ce56d98db1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-18 19:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-12-18 19:15:07
ComboFix-quarantined-files.txt 2013-12-19 02:15
ComboFix2.txt 2013-12-18 03:43
.
Pre-Run: 54,293,708,800 bytes free
Post-Run: 54,288,326,656 bytes free
.
- - End Of File - - 83E64C6B2A9FC9D3FD87C26DFAC811B0
8F558EB6672622401DA993E1E865C861


sure hope yu can help me thank you in advance:)
ps also this was second scan

Attached Files


Edited by dewerly, 18 December 2013 - 10:05 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Appears you have the latest version of Avast so have it do a boot-time scan:

Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report. If it found anything then open the aswBoot.txt file and copy and paste it. If you can't find it then take a screen shot of the Detailed Report: To Take a screen shot:

Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Avast

Select a file type. jpeg

Click the Save button.

Attach Avast.jpg to your Reply.

(Start a Reply. Click on the Browse button, point it at your desktop and click on Avast.jpg then Open. Now click on Attach this File)
  • 0

#3
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
thank you for helping me!

first I have the frst and addition
but the check disk wounld not run ,went to event view twice and in sercurity screen it cleared the events but 3 and i hit refresh and all were back?????do yu want the logs?


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-12-2013
Ran by DUANE (administrator) on WHITE-10-1-12 on 19-12-2013 12:40:27
Running from C:\Documents and Settings\DUANE\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [45056 2006-01-02] (ATI Technologies Inc.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2013-12-17] (SUPERAntiSpyware)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1349132503187
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 69.145.248.4 69.146.17.2 69.144.49.29

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://earthquake.usgs.gov/earthquakes/map/"
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://search.condui...=CT3306061&UM=2
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Documents and Settings\DUANE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\DUANE\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-05-03] ()
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSFtpsvc; C:\Windows\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 STV673; C:\Windows\System32\drivers\STV673.sys [103548 2000-07-31] (STMicroelectronics)
S3 VirtualFD; C:\Documents and Settings\DUANE\My Documents\Downloads\v-floppy\vfd.sys [9887 2005-04-04] (Ken Kato)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-19 12:37 - 2013-12-19 12:37 - 00000000 ____D C:\FRST
2013-12-19 08:52 - 2013-12-19 08:52 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-19 07:22 - 2013-12-19 07:22 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-19 07:22 - 2013-12-19 07:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-19 07:21 - 2013-12-19 07:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-19 07:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-19 00:04 - 2013-12-19 00:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini121913-01.dmp
2013-12-18 23:59 - 2013-12-18 23:59 - 00090112 _____ C:\WINDOWS\Minidump\Mini121813-03.dmp
2013-12-18 23:53 - 2013-12-18 23:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini121813-02.dmp
2013-12-18 22:48 - 2013-12-18 22:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VIPRE
2013-12-18 22:47 - 2013-12-18 22:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2013-12-18 22:38 - 2013-12-18 22:38 - 00000000 ____D C:\Documents and Settings\DUANE\Local Settings\Application Data\VIPRE
2013-12-18 22:38 - 2013-12-18 22:38 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\VIPRE
2013-12-18 16:55 - 2013-12-18 16:55 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
2013-12-18 15:27 - 2013-12-18 15:26 - 00090112 _____ C:\WINDOWS\Minidump\Mini121813-01.dmp
2013-12-18 03:50 - 2013-12-19 11:50 - 00000510 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2764afb3-400c-42b2-a98a-13b666dc5abd.job
2013-12-18 03:50 - 2013-12-19 02:00 - 00000510 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task da951e1a-edc7-45fd-b860-c5ce56d98db1.job
2013-12-18 03:50 - 2013-12-18 03:50 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-18 03:50 - 2013-12-18 03:50 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\SUPERAntiSpyware.com
2013-12-18 03:50 - 2013-12-18 03:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-12-18 03:49 - 2013-12-18 03:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-18 03:49 - 2013-12-18 03:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-12-18 00:45 - 2013-12-18 00:45 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-12-18 00:45 - 2013-12-18 00:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
2013-12-17 20:05 - 2013-12-17 20:19 - 00000000 ____D C:\Documents and Settings\DUANE\Desktop\MARILYN'S NOTES
2013-12-17 15:37 - 2013-12-17 15:37 - 00000000 _RSHD C:\cmdcons
2013-12-17 15:37 - 2013-12-15 21:41 - 00000211 _____ C:\Boot.bak
2013-12-17 15:37 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-12-17 15:32 - 2013-12-17 20:40 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-17 14:13 - 2013-12-19 00:38 - 00015026 _____ C:\WINDOWS\bitssetup.log
2013-12-17 14:12 - 2013-12-19 00:19 - 00000558 _____ C:\WINDOWS\Windows Update.log
2013-12-17 14:10 - 2013-12-19 00:40 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-17 14:07 - 2013-12-17 14:07 - 00000000 ____D C:\RegBackup
2013-12-17 13:58 - 2008-04-14 00:16 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys
2013-12-17 13:58 - 2008-04-14 00:16 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys
2013-12-17 13:58 - 2008-04-13 22:05 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys
2013-12-17 13:58 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll
2013-12-17 13:58 - 2001-08-17 22:36 - 00087552 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll
2013-12-17 13:58 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe
2013-12-17 13:58 - 2001-08-17 14:56 - 00268160 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll
2013-12-17 13:58 - 2001-08-17 14:56 - 00137216 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll
2013-12-17 13:58 - 2001-08-17 14:56 - 00104832 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll
2013-12-17 13:58 - 2001-08-17 14:55 - 00382592 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll
2013-12-17 13:58 - 2001-08-17 14:55 - 00096128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll
2013-12-17 13:58 - 2001-08-17 14:07 - 00056960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78xx.sys
2013-12-17 13:58 - 2001-08-17 14:07 - 00055168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78u2.sys
2013-12-17 13:58 - 2001-08-17 14:01 - 00036096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys
2013-12-17 13:58 - 2001-08-17 13:57 - 00077568 ____C (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys
2013-12-17 13:58 - 2001-08-17 13:52 - 00026496 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc.sys
2013-12-17 13:58 - 2001-08-17 13:52 - 00022400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asc3350p.sys
2013-12-17 13:58 - 2001-08-17 13:52 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aha154x.sys
2013-12-17 13:58 - 2001-08-17 13:52 - 00012032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\amsint.sys
2013-12-17 13:58 - 2001-08-17 13:51 - 00014848 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc3550.sys
2013-12-17 13:58 - 2001-08-17 13:51 - 00005248 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\aliide.sys
2013-12-17 13:58 - 2001-08-17 13:49 - 00026624 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys
2013-12-17 13:58 - 2001-08-17 13:47 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00075136 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00049920 ____C C:\WINDOWS\system32\dllcache\atirtcap.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00046464 ____C C:\WINDOWS\system32\dllcache\atibt829.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00026880 ____C C:\WINDOWS\system32\dllcache\atirtsnd.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00026624 ____C C:\WINDOWS\system32\dllcache\ativxbar.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00023552 ____C C:\WINDOWS\system32\dllcache\atixbar.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00019456 ____C C:\WINDOWS\system32\dllcache\ativttxx.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitvsnd.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitunep.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00010240 ____C C:\WINDOWS\system32\dllcache\atipcxxx.sys
2013-12-17 13:58 - 2001-08-17 12:49 - 00009472 ____C C:\WINDOWS\system32\dllcache\ativmdcd.sys
2013-12-17 13:58 - 2001-08-17 12:48 - 00289664 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys
2013-12-17 13:58 - 2001-08-17 12:48 - 00281600 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys
2013-12-17 13:58 - 2001-08-17 12:48 - 00070528 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys
2013-12-17 13:58 - 2001-08-17 12:19 - 00036992 ____C (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys
2013-12-17 13:58 - 2001-08-17 12:13 - 00037568 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys
2013-12-17 13:58 - 2001-08-17 12:12 - 00097354 ____C (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys
2013-12-17 13:58 - 2001-08-17 12:11 - 00027678 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys
2013-12-17 13:58 - 2001-08-17 12:11 - 00016969 ____C (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys
2013-12-17 13:57 - 2001-08-17 22:37 - 00024576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax
2013-12-17 13:53 - 2008-04-13 22:06 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys
2013-12-17 13:53 - 2001-08-17 22:36 - 00061440 ____C (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll
2013-12-17 13:53 - 2001-08-17 14:07 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adpu160m.sys
2013-12-17 13:53 - 2001-08-17 13:53 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys
2013-12-17 13:53 - 2001-08-17 12:19 - 00747392 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys
2013-12-17 13:53 - 2001-08-17 12:19 - 00584448 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys
2013-12-17 13:53 - 2001-08-17 12:19 - 00553984 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys
2013-12-17 13:53 - 2001-08-17 12:11 - 00046112 ____C (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys
2013-12-17 13:53 - 2001-08-17 12:11 - 00020160 ____C (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys
2013-12-17 13:52 - 2008-04-14 00:16 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys
2013-12-17 13:52 - 2008-04-14 00:10 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys
2013-12-17 13:52 - 2008-04-13 22:06 - 00231552 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys
2013-12-17 13:52 - 2008-04-13 22:06 - 00084480 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys
2013-12-17 13:52 - 2001-08-17 22:36 - 00462848 ____C (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll
2013-12-17 13:52 - 2001-08-17 22:36 - 00098304 ____C (Aureal Semiconductor) C:\WINDOWS\system32\dllcache\a3d.dll
2013-12-17 13:52 - 2001-08-17 14:56 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll
2013-12-17 13:52 - 2001-08-17 14:55 - 00689216 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll
2013-12-17 13:52 - 2001-08-17 14:55 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll
2013-12-17 13:52 - 2001-08-17 14:06 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys
2013-12-17 13:52 - 2001-08-17 13:52 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\abp480n5.sys
2013-12-17 13:52 - 2001-08-17 13:28 - 00762780 ____C (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys
2013-12-17 13:52 - 2001-08-17 12:48 - 00148352 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2013-12-17 13:52 - 2001-08-17 12:20 - 00297728 ____C (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys
2013-12-17 13:51 - 2013-12-17 13:51 - 00000000 ____D C:\Program Files\Tweaking.com
2013-12-17 13:51 - 2013-12-17 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-12-17 12:20 - 2013-12-17 12:20 - 00003580 _____ C:\Documents and Settings\DUANE\My Documents\fix svchost.txt
2013-12-17 10:29 - 2013-12-17 10:29 - 00162010 _____ C:\Documents and Settings\DUANE\My Documents\DIAG_MATS_NETWORK_global.DiagCab
2013-12-16 22:03 - 2013-12-17 00:14 - 233677824 _____ C:\Documents and Settings\DUANE\My Documents\Backup.bkf
2013-12-16 15:20 - 2013-12-17 22:42 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-12-16 13:34 - 2013-12-16 13:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2013-12-16 13:33 - 2013-12-16 15:19 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt
2013-12-16 13:32 - 2013-12-16 13:32 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2013-12-16 13:30 - 2013-12-16 13:33 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB926139-v2$
2013-12-16 13:29 - 2013-12-16 13:37 - 00030948 _____ C:\WINDOWS\KB926139-v2.log
2013-12-16 11:22 - 2013-12-18 13:23 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-12-16 09:53 - 2013-12-16 09:53 - 00000629 _____ C:\Documents and Settings\DUANE\Start Menu\VFD Control Panel.lnk
2013-12-15 21:29 - 2013-12-16 20:19 - 00000000 ____D C:\Program Files\Free Window Registry Repair
2013-12-15 21:29 - 2013-12-15 21:29 - 00000000 ____D C:\Documents and Settings\DUANE\Start Menu\Programs\Free Window Registry Repair
2013-12-15 19:40 - 2013-12-15 19:40 - 00000000 ____D C:\yenicag
2013-12-15 09:20 - 2013-12-16 01:54 - 00004939 _____ C:\WINDOWS\KB942288-v3.log
2013-12-15 08:48 - 2013-12-15 09:36 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\ImgBurn
2013-12-15 00:49 - 2013-12-15 00:49 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-12-15 00:48 - 2013-12-15 00:48 - 00001528 _____ C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2013-12-15 00:48 - 2013-12-15 00:48 - 00000000 ____D C:\Program Files\ImgBurn
2013-12-15 00:48 - 2013-12-15 00:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2013-12-14 23:05 - 2013-12-14 23:05 - 00000782 _____ C:\Documents and Settings\DUANE\Desktop\Windows Media Player.lnk
2013-12-14 22:46 - 2013-12-14 22:46 - 00000000 ____D C:\Program Files\SysTools BKF Recovery
2013-12-14 22:46 - 2013-12-14 22:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SysTools BKF Recovery
2013-12-14 18:53 - 2013-12-14 18:53 - 00250048 _____ C:\WINDOWS\system32\ntldr
2013-12-14 18:53 - 2013-12-14 18:52 - 00047564 _____ C:\WINDOWS\system32\NTDETECT.COM
2013-12-14 14:00 - 2013-12-14 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Documents\1 NTFS
2013-12-14 00:43 - 2013-12-14 00:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2013-12-13 14:33 - 2013-12-16 12:43 - 00075288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-12-13 14:28 - 2013-12-15 01:08 - 00000082 _____ C:\Documents and Settings\DUANE\Application Data\mbam.context.scan
2013-12-13 09:18 - 2013-12-14 22:28 - 00000600 _____ C:\Documents and Settings\DUANE\Application Data\winscp.rnd
2013-12-13 01:25 - 2013-12-13 03:43 - 00000000 ____D C:\WINDOWS\system32\CatRoot_bak
2013-12-13 00:50 - 2013-12-16 01:51 - 00002438 _____ C:\WINDOWS\KB907265.log
2013-12-12 11:33 - 2013-12-13 01:01 - 00001744 _____ C:\WINDOWS\KB927891.log
2013-12-12 11:15 - 2013-12-16 15:58 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-12 10:41 - 2013-12-12 10:41 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\Help
2013-12-12 10:21 - 2013-12-16 09:45 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-12 09:56 - 2013-12-15 14:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2013-12-12 06:50 - 2013-12-12 06:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-12-12 06:48 - 2013-12-12 06:48 - 00020456 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-12 06:44 - 2013-12-12 06:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-12-12 05:48 - 2013-12-12 05:48 - 00000000 ____D C:\Documents and Settings\DUANE\Local Settings\Application Data\Help
2013-12-12 04:59 - 2013-12-14 00:47 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-12 04:59 - 2013-12-12 06:44 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-12 04:59 - 2012-10-01 15:07 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-12-12 04:59 - 2012-10-01 15:07 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-12-12 01:29 - 2013-12-12 01:42 - 00012403 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-12 01:25 - 2013-12-12 01:25 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-12 01:12 - 2013-12-12 01:12 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-12 01:09 - 2013-12-12 01:21 - 00004581 _____ C:\WINDOWS\KB2904266.log
2013-12-12 01:05 - 2013-12-12 01:05 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-12 00:58 - 2013-12-12 00:58 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-12 00:53 - 2013-12-12 01:28 - 00009813 _____ C:\WINDOWS\KB2898715.log
2013-12-11 21:06 - 2013-12-12 01:08 - 00008935 _____ C:\WINDOWS\KB2893294.log
2013-12-11 21:04 - 2013-12-11 21:05 - 00003008 _____ C:\WINDOWS\KB2893984.log
2013-12-11 21:02 - 2013-12-12 01:02 - 00008131 _____ C:\WINDOWS\KB2892075.log
2013-12-11 18:57 - 2013-12-19 10:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-11 18:56 - 2013-12-19 10:03 - 00000000 ____D C:\Documents and Settings\DUANE\Desktop\mbar
2013-12-11 17:39 - 2013-12-11 17:39 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\Malwarebytes
2013-12-11 17:39 - 2013-12-11 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-10 10:15 - 2013-12-10 10:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini121013-01.dmp
2013-12-01 07:17 - 2013-12-01 07:17 - 00090112 _____ C:\WINDOWS\Minidump\Mini120113-01.dmp
2013-11-26 07:22 - 2013-12-19 12:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-26 04:19 - 2013-12-19 07:40 - 00000000 ____D C:\Program Files\Tibia
2013-11-26 04:19 - 2013-11-26 04:20 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\Tibia
2013-11-26 04:19 - 2013-11-26 04:19 - 00000638 _____ C:\Documents and Settings\All Users\Desktop\Tibia.lnk
2013-11-26 04:19 - 2013-11-26 04:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tibia
2013-11-25 22:47 - 2013-12-16 11:08 - 00000000 ____D C:\WINDOWS\sd_old
2013-11-25 15:36 - 2013-11-25 15:50 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2013-11-25 15:36 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCTL.OCX
2013-11-25 15:36 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSSTDFMT.DLL
2013-11-24 16:19 - 2013-11-24 16:19 - 00040704 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1371mp.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00040704 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\es1371mp.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rundll32.exe
2013-11-24 16:19 - 2013-11-24 16:19 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
2013-11-24 16:19 - 2013-11-24 16:19 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00013952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gameenum.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00000000 ____D C:\WINDOWS\OemDir
2013-11-23 23:43 - 2013-11-24 00:02 - 00000000 ____D C:\ARENA
2013-11-22 18:35 - 2013-12-19 01:07 - 00786232 _____ C:\WINDOWS\setupapi.log
2013-11-22 18:35 - 2013-12-13 20:48 - 01274350 _____ C:\WINDOWS\setupapi.log.0.old
2013-11-22 18:35 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2013-11-22 18:35 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2013-11-22 18:35 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2013-11-22 18:35 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-11-22 18:35 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-11-22 18:35 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-11-22 18:35 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-11-22 18:35 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-11-21 21:17 - 2013-11-21 21:17 - 00000000 _____ C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

2013-12-19 12:37 - 2013-12-19 12:37 - 00000000 ____D C:\FRST
2013-12-19 12:37 - 2013-11-26 07:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-19 12:37 - 2012-10-01 15:05 - 01371679 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-19 12:31 - 2012-10-01 15:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-19 12:30 - 2012-10-01 15:12 - 00032532 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-19 12:09 - 2012-10-01 07:44 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2013-12-19 12:05 - 2012-10-01 16:00 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 12:05 - 2012-10-01 07:55 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-12-19 12:05 - 2012-10-01 07:55 - 00000050 ____C C:\WINDOWS\wiaservc.log
2013-12-19 12:05 - 2006-02-28 05:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-19 12:03 - 2012-10-01 15:15 - 00000178 ___SH C:\Documents and Settings\DUANE\ntuser.ini
2013-12-19 11:50 - 2013-12-18 03:50 - 00000510 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2764afb3-400c-42b2-a98a-13b666dc5abd.job
2013-12-19 11:47 - 2012-10-01 16:00 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 10:03 - 2013-12-11 18:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-19 10:03 - 2013-12-11 18:56 - 00000000 ____D C:\Documents and Settings\DUANE\Desktop\mbar
2013-12-19 08:52 - 2013-12-19 08:52 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-19 07:50 - 2012-10-01 07:51 - 00294162 _____ C:\WINDOWS\setupact.log
2013-12-19 07:40 - 2013-11-26 04:19 - 00000000 ____D C:\Program Files\Tibia
2013-12-19 07:22 - 2013-12-19 07:22 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-19 07:22 - 2013-12-19 07:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-19 07:22 - 2013-12-19 07:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-19 07:11 - 2012-10-01 15:15 - 00000000 ____D C:\Documents and Settings\DUANE
2013-12-19 02:00 - 2013-12-18 03:50 - 00000510 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task da951e1a-edc7-45fd-b860-c5ce56d98db1.job
2013-12-19 01:07 - 2013-11-22 18:35 - 00786232 _____ C:\WINDOWS\setupapi.log
2013-12-19 00:46 - 2012-10-01 15:12 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-19 00:41 - 2012-10-01 18:47 - 00008670 ____C C:\WINDOWS\COM+.log
2013-12-19 00:40 - 2013-12-17 14:10 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-19 00:39 - 2012-10-01 15:03 - 00000000 ____D C:\WINDOWS\Registration
2013-12-19 00:38 - 2013-12-17 14:13 - 00015026 _____ C:\WINDOWS\bitssetup.log
2013-12-19 00:34 - 2012-10-01 15:07 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-12-19 00:34 - 2012-10-01 15:07 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-12-19 00:24 - 2012-10-01 07:52 - 00620828 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-19 00:23 - 2012-10-01 15:14 - 00020456 ____C C:\Documents and Settings\DUANE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-19 00:19 - 2013-12-17 14:12 - 00000558 _____ C:\WINDOWS\Windows Update.log
2013-12-19 00:04 - 2013-12-19 00:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini121913-01.dmp
2013-12-19 00:04 - 2012-10-03 19:05 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-18 23:59 - 2013-12-18 23:59 - 00090112 _____ C:\WINDOWS\Minidump\Mini121813-03.dmp
2013-12-18 23:52 - 2013-12-18 23:53 - 00090112 _____ C:\WINDOWS\Minidump\Mini121813-02.dmp
2013-12-18 23:06 - 2012-10-01 15:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-18 22:48 - 2013-12-18 22:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VIPRE
2013-12-18 22:47 - 2013-12-18 22:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2013-12-18 22:38 - 2013-12-18 22:38 - 00000000 ____D C:\Documents and Settings\DUANE\Local Settings\Application Data\VIPRE
2013-12-18 22:38 - 2013-12-18 22:38 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\VIPRE
2013-12-18 22:09 - 2012-10-01 16:00 - 00000000 ____D C:\Program Files\Google
2013-12-18 22:09 - 2012-10-01 16:00 - 00000000 ____D C:\Documents and Settings\DUANE\Local Settings\Application Data\Google
2013-12-18 22:04 - 2012-10-01 07:51 - 00100640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-18 19:10 - 2006-02-28 05:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-18 18:07 - 2012-10-01 15:11 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-18 16:55 - 2013-12-18 16:55 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
2013-12-18 15:26 - 2013-12-18 15:27 - 00090112 _____ C:\WINDOWS\Minidump\Mini121813-01.dmp
2013-12-18 13:23 - 2013-12-16 11:22 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-12-18 13:23 - 2012-10-01 16:08 - 00000000 ____D C:\WINDOWS\ServicePackFiles
2013-12-18 03:50 - 2013-12-18 03:50 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-18 03:50 - 2013-12-18 03:50 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\SUPERAntiSpyware.com
2013-12-18 03:50 - 2013-12-18 03:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-12-18 03:50 - 2013-12-18 03:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-18 03:49 - 2013-12-18 03:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-12-18 00:45 - 2013-12-18 00:45 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-12-18 00:45 - 2013-12-18 00:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
2013-12-17 22:42 - 2013-12-16 15:20 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-12-17 22:24 - 2012-10-01 07:44 - 00000000 ____D C:\WINDOWS\security
2013-12-17 20:40 - 2013-12-17 15:32 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-17 20:19 - 2013-12-17 20:05 - 00000000 ____D C:\Documents and Settings\DUANE\Desktop\MARILYN'S NOTES
2013-12-17 15:37 - 2013-12-17 15:37 - 00000000 _RSHD C:\cmdcons
2013-12-17 15:37 - 2012-10-01 07:50 - 00000327 __RSH C:\boot.ini
2013-12-17 14:08 - 2012-10-01 07:44 - 00000000 ____D C:\WINDOWS\repair
2013-12-17 14:07 - 2013-12-17 14:07 - 00000000 ____D C:\RegBackup
2013-12-17 13:51 - 2013-12-17 13:51 - 00000000 ____D C:\Program Files\Tweaking.com
2013-12-17 13:51 - 2013-12-17 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-12-17 12:20 - 2013-12-17 12:20 - 00003580 _____ C:\Documents and Settings\DUANE\My Documents\fix svchost.txt
2013-12-17 10:29 - 2013-12-17 10:29 - 00162010 _____ C:\Documents and Settings\DUANE\My Documents\DIAG_MATS_NETWORK_global.DiagCab
2013-12-17 00:14 - 2013-12-16 22:03 - 233677824 _____ C:\Documents and Settings\DUANE\My Documents\Backup.bkf
2013-12-16 22:55 - 2012-10-01 07:44 - 00000000 ____D C:\WINDOWS\Help
2013-12-16 22:15 - 2012-10-01 15:04 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-16 20:19 - 2013-12-15 21:29 - 00000000 ____D C:\Program Files\Free Window Registry Repair
2013-12-16 19:39 - 2013-10-10 13:20 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2883150$
2013-12-16 15:58 - 2013-12-12 11:15 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-16 15:35 - 2012-10-01 15:12 - 00000178 __SHC C:\Documents and Settings\NetworkService\ntuser.ini
2013-12-16 15:35 - 2012-10-01 15:12 - 00000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2013-12-16 15:24 - 2012-10-02 16:26 - 01218252 _____ C:\WINDOWS\pfirewall.log
2013-12-16 15:22 - 2012-10-01 16:16 - 00133061 ____C C:\WINDOWS\spupdsvc.log
2013-12-16 15:19 - 2013-12-16 13:33 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt
2013-12-16 14:24 - 2012-10-01 16:48 - 00131943 ____C C:\WINDOWS\ie8_main.log
2013-12-16 13:37 - 2013-12-16 13:29 - 00030948 _____ C:\WINDOWS\KB926139-v2.log
2013-12-16 13:37 - 2012-10-01 18:29 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-16 13:37 - 2012-10-01 07:52 - 01989949 _____ C:\WINDOWS\iis6.log
2013-12-16 13:37 - 2012-10-01 07:52 - 01326181 _____ C:\WINDOWS\FaxSetup.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00674957 _____ C:\WINDOWS\ocgen.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00620060 _____ C:\WINDOWS\tsoc.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00453756 _____ C:\WINDOWS\comsetup.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00277073 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00233620 _____ C:\WINDOWS\netfxocm.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00094131 _____ C:\WINDOWS\MedCtrOC.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00074416 _____ C:\WINDOWS\ocmsn.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00067609 _____ C:\WINDOWS\msgsocm.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00066718 _____ C:\WINDOWS\tabletoc.log
2013-12-16 13:37 - 2012-10-01 07:52 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-16 13:35 - 2012-10-01 07:52 - 00437416 _____ C:\WINDOWS\msmqinst.log
2013-12-16 13:34 - 2013-12-16 13:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2013-12-16 13:33 - 2013-12-16 13:30 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB926139-v2$
2013-12-16 13:32 - 2013-12-16 13:32 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2013-12-16 12:43 - 2013-12-13 14:33 - 00075288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-12-16 11:55 - 2012-10-02 10:44 - 00000000 ____D C:\Inetpub
2013-12-16 11:51 - 2012-10-01 15:03 - 00025022 ____C C:\WINDOWS\wmsetup.log
2013-12-16 11:08 - 2013-11-25 22:47 - 00000000 ____D C:\WINDOWS\sd_old
2013-12-16 09:53 - 2013-12-16 09:53 - 00000629 _____ C:\Documents and Settings\DUANE\Start Menu\VFD Control Panel.lnk
2013-12-16 09:45 - 2013-12-12 10:21 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-16 02:10 - 2012-10-01 15:15 - 00000767 _____ C:\Documents and Settings\DUANE\Start Menu\Programs\Internet Explorer.lnk
2013-12-16 01:54 - 2013-12-15 09:20 - 00004939 _____ C:\WINDOWS\KB942288-v3.log
2013-12-16 01:51 - 2013-12-13 00:50 - 00002438 _____ C:\WINDOWS\KB907265.log
2013-12-15 21:41 - 2013-12-17 15:37 - 00000211 _____ C:\Boot.bak
2013-12-15 21:41 - 2006-02-28 05:00 - 00000558 _____ C:\WINDOWS\win.ini
2013-12-15 21:29 - 2013-12-15 21:29 - 00000000 ____D C:\Documents and Settings\DUANE\Start Menu\Programs\Free Window Registry Repair
2013-12-15 19:40 - 2013-12-15 19:40 - 00000000 ____D C:\yenicag
2013-12-15 19:05 - 2006-02-28 05:00 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apphelp.dll
2013-12-15 19:05 - 2006-02-28 05:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2013-12-15 14:42 - 2013-12-12 09:56 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2013-12-15 09:36 - 2013-12-15 08:48 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\ImgBurn
2013-12-15 01:08 - 2013-12-13 14:28 - 00000082 _____ C:\Documents and Settings\DUANE\Application Data\mbam.context.scan
2013-12-15 00:49 - 2013-12-15 00:49 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-12-15 00:48 - 2013-12-15 00:48 - 00001528 _____ C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2013-12-15 00:48 - 2013-12-15 00:48 - 00000000 ____D C:\Program Files\ImgBurn
2013-12-15 00:48 - 2013-12-15 00:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2013-12-14 23:05 - 2013-12-14 23:05 - 00000782 _____ C:\Documents and Settings\DUANE\Desktop\Windows Media Player.lnk
2013-12-14 23:05 - 2012-10-01 15:15 - 00000788 _____ C:\Documents and Settings\DUANE\Start Menu\Programs\Windows Media Player.lnk
2013-12-14 22:46 - 2013-12-14 22:46 - 00000000 ____D C:\Program Files\SysTools BKF Recovery
2013-12-14 22:46 - 2013-12-14 22:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SysTools BKF Recovery
2013-12-14 22:28 - 2013-12-13 09:18 - 00000600 _____ C:\Documents and Settings\DUANE\Application Data\winscp.rnd
2013-12-14 18:53 - 2013-12-14 18:53 - 00250048 _____ C:\WINDOWS\system32\ntldr
2013-12-14 18:52 - 2013-12-14 18:53 - 00047564 _____ C:\WINDOWS\system32\NTDETECT.COM
2013-12-14 14:02 - 2013-12-14 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Documents\1 NTFS
2013-12-14 00:47 - 2013-12-12 04:59 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-14 00:43 - 2013-12-14 00:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2013-12-13 23:06 - 2012-10-01 16:52 - 00045972 ____C C:\WINDOWS\ie8.log
2013-12-13 21:23 - 2013-11-14 20:08 - 00000000 ____D C:\Program Files\DOSBox-0.63
2013-12-13 20:48 - 2013-11-22 18:35 - 01274350 _____ C:\WINDOWS\setupapi.log.0.old
2013-12-13 14:27 - 2006-02-28 05:00 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rcp.exe
2013-12-13 14:27 - 2006-02-28 05:00 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rcp.exe
2013-12-13 09:32 - 2013-03-05 18:14 - 00108949 ____C C:\WINDOWS\ie8Uninst.log
2013-12-13 09:32 - 2012-10-01 16:04 - 00211535 ____C C:\WINDOWS\updspapi.log
2013-12-13 09:32 - 2012-10-01 07:52 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-13 03:44 - 2012-10-01 15:47 - 00506260 ____C C:\WINDOWS\svcpack.log
2013-12-13 03:43 - 2013-12-13 01:25 - 00000000 ____D C:\WINDOWS\system32\CatRoot_bak
2013-12-13 01:01 - 2013-12-12 11:33 - 00001744 _____ C:\WINDOWS\KB927891.log
2013-12-12 23:36 - 2012-10-01 15:15 - 00000000 ___RD C:\Documents and Settings\DUANE\Start Menu\Programs\Accessories
2013-12-12 23:31 - 2012-10-01 16:54 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-12 16:28 - 2006-02-28 05:00 - 00337920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filemgmt.dll
2013-12-12 16:28 - 2006-02-28 05:00 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\filemgmt.dll
2013-12-12 16:10 - 2006-02-28 05:00 - 00092715 ____C C:\WINDOWS\system32\services.msc
2013-12-12 10:41 - 2013-12-12 10:41 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\Help
2013-12-12 06:50 - 2013-12-12 06:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-12-12 06:48 - 2013-12-12 06:48 - 00020456 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-12 06:44 - 2013-12-12 06:44 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-12-12 06:44 - 2013-12-12 04:59 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-12 05:48 - 2013-12-12 05:48 - 00000000 ____D C:\Documents and Settings\DUANE\Local Settings\Application Data\Help
2013-12-12 05:31 - 2006-02-28 05:00 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\svchost.exe
2013-12-12 05:31 - 2006-02-28 05:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2013-12-12 02:53 - 2012-10-01 18:49 - 00000178 __SHC C:\Documents and Settings\MARILYN\ntuser.ini
2013-12-12 01:45 - 2012-10-01 07:51 - 00000000 ____D C:\WINDOWS\system32\catroot2.old
2013-12-12 01:42 - 2013-12-12 01:29 - 00012403 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-12 01:28 - 2013-12-12 00:53 - 00009813 _____ C:\WINDOWS\KB2898715.log
2013-12-12 01:25 - 2013-12-12 01:25 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-12 01:21 - 2013-12-12 01:09 - 00004581 _____ C:\WINDOWS\KB2904266.log
2013-12-12 01:21 - 2012-10-01 17:55 - 00030946 ____C C:\WINDOWS\system32\TZLog.log
2013-12-12 01:12 - 2013-12-12 01:12 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-12 01:08 - 2013-12-11 21:06 - 00008935 _____ C:\WINDOWS\KB2893294.log
2013-12-12 01:05 - 2013-12-12 01:05 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-12 01:02 - 2013-12-11 21:02 - 00008131 _____ C:\WINDOWS\KB2892075.log
2013-12-12 00:58 - 2013-12-12 00:58 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 21:05 - 2013-12-11 21:04 - 00003008 _____ C:\WINDOWS\KB2893984.log
2013-12-11 18:31 - 2012-10-01 17:48 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2440591$
2013-12-11 17:39 - 2013-12-11 17:39 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\Malwarebytes
2013-12-11 17:39 - 2013-12-11 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-11 16:54 - 2012-10-02 15:50 - 00131072 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-12-11 09:50 - 2006-09-28 18:56 - 00055808 ____C (Microsoft Corporation) C:\WINDOWS\system32\WudfSvc.dll
2013-12-11 01:37 - 2012-10-01 17:11 - 00692616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 01:37 - 2012-10-01 17:11 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 23:03 - 2012-10-02 16:26 - 04197165 _____ C:\WINDOWS\pfirewall.log.old
2013-12-10 16:07 - 2012-10-01 15:07 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
2013-12-10 10:15 - 2013-12-10 10:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini121013-01.dmp
2013-12-10 03:11 - 2013-11-14 20:02 - 00000000 ____D C:\Games
2013-12-05 03:47 - 2012-10-01 16:03 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-01 14:42 - 2012-10-01 16:49 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-01 07:17 - 2013-12-01 07:17 - 00090112 _____ C:\WINDOWS\Minidump\Mini120113-01.dmp
2013-11-26 05:50 - 2013-11-17 01:27 - 00000091 _____ C:\WINDOWS\CIV.INI
2013-11-26 04:20 - 2013-11-26 04:19 - 00000000 ____D C:\Documents and Settings\DUANE\Application Data\Tibia
2013-11-26 04:19 - 2013-11-26 04:19 - 00000638 _____ C:\Documents and Settings\All Users\Desktop\Tibia.lnk
2013-11-26 04:19 - 2013-11-26 04:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tibia
2013-11-25 22:15 - 2012-10-01 15:15 - 00001599 _____ C:\Documents and Settings\DUANE\Start Menu\Programs\Remote Assistance.lnk
2013-11-25 22:15 - 2012-10-01 15:07 - 00001563 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2013-11-25 15:50 - 2013-11-25 15:36 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2013-11-25 15:36 - 2013-11-25 15:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2013-11-25 06:39 - 2013-04-06 15:17 - 00000000 ____D C:\Program Files\Linkrealms
2013-11-24 16:19 - 2013-11-24 16:19 - 00040704 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1371mp.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00040704 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\es1371mp.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rundll32.exe
2013-11-24 16:19 - 2013-11-24 16:19 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
2013-11-24 16:19 - 2013-11-24 16:19 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00013952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gameenum.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys
2013-11-24 16:19 - 2013-11-24 16:19 - 00000000 ____D C:\WINDOWS\OemDir
2013-11-24 00:02 - 2013-11-23 23:43 - 00000000 ____D C:\ARENA
2013-11-22 18:35 - 2012-10-01 15:05 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-11-21 21:17 - 2013-11-21 21:17 - 00000000 _____ C:\WINDOWS\setuperr.log

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-12-2013
Ran by DUANE at 2013-12-19 12:42:09
Running from C:\Documents and Settings\DUANE\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
AGEIA PhysX v2.6.0 (Version: 2.6.0.4)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Catalyst Control Center (Version: 1.2.2314.20337)
ATI Display Driver (Version: 8.252-060503a-038185C-ATI)
FileASSASSIN (Version: 1.06)
Free Window Registry Repair
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
ImgBurn (Version: 2.5.8.0)
IrfanView (remove only)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Linkrealms version 1.0.3.95
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Morrowind
Pando Media Booster (Version: 2.6.0.8)
Peregrine's Song
SpywareBlaster 5.0 (Version: 5.0.0)
SUPERAntiSpyware (Version: 5.7.1014)
SysTools BKF Recovery v5.4
TES Construction Set
Tibia (Version: 10.22)
Tweaking.com - Windows Repair (All in One) (Version: 2.1.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Home Server Home Computer Restore CD (Dual Boot) (Version: 1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

==================== Restore Points =========================

17-12-2013 05:16:25 System Checkpoint
17-12-2013 20:16:15 OTL Restore Point - 12/17/2013 1:16:09 PM
18-12-2013 06:29:01 avast! antivirus system restore point

==================== Hosts content: ==========================

2006-02-28 05:00 - 2013-12-19 00:35 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2764afb3-400c-42b2-a98a-13b666dc5abd.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task da951e1a-edc7-45fd-b860-c5ce56d98db1.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-08-15 18:50 - 2013-08-15 18:50 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_61006214\mscorlib.dll
2013-08-15 18:41 - 2013-08-15 18:41 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ec412699\system.windows.forms.dll
2013-08-15 18:39 - 2013-08-15 18:39 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e62f4041\system.dll
2013-08-15 18:43 - 2013-08-15 18:43 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_57b552e6\system.xml.dll
2013-08-15 18:47 - 2013-08-15 18:47 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_41422eb6\system.drawing.dll
2006-02-28 05:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 05:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-12-05 03:46 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 03:46 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 03:46 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\rcp.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\rcp.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\WudfSvc.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\WudfSvc.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Network Controller
Description: Network Controller
Class Guid: {4D36E973-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2013 00:05:39 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 00:05:39 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 00:05:09 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 00:05:09 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 11:51:34 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 11:51:34 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 11:41:29 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 11:41:29 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 10:06:33 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/19/2013 10:06:33 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (12/19/2013 08:50:56 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%5

Error: (12/19/2013 08:50:56 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error:
%%5

Error: (12/19/2013 08:50:55 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%5

Error: (12/19/2013 08:50:55 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%5

Error: (12/19/2013 08:50:55 AM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service failed to start due to the following error:
%%5

Error: (12/19/2013 07:51:18 AM) (Source: Service Control Manager) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Error: (12/19/2013 07:50:54 AM) (Source: DCOM) (User: )
Description: The machine wide group policy Launch and Activation Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.

Error: (12/19/2013 07:50:54 AM) (Source: DCOM) (User: )
Description: The machine wide group policy Launch and Activation Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.

Error: (12/19/2013 07:50:14 AM) (Source: DCOM) (User: )
Description: The machine wide group policy Launch and Activation Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.

Error: (12/19/2013 07:49:36 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (12/19/2013 00:05:39 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/19/2013 00:05:39 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/19/2013 00:05:09 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/19/2013 00:05:09 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/19/2013 11:51:34 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/19/2013 11:51:34 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/19/2013 11:41:29 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/19/2013 11:41:29 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/19/2013 10:06:33 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/19/2013 10:06:33 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


==================== Memory info ===========================

Percentage of memory in use: 77%
Total physical RAM: 503.52 MB
Available physical RAM: 115.78 MB
Total Pagefile: 1986.97 MB
Available Pagefile: 1531.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.36 GB) (Free:50.38 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Morrowind) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: B3CF5238)
Partition 1: (Active) - (Size=68 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello;
well I deleted avast last night thought it would help didnt work,
went to download it again as I need some protection!! and setup will not start???
what to do now?
thank you again, dewerly
  • 0

#5
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok here is the alg logs:


Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
alg.exe 1,236 K 3,772 K 2100 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ati2evxx.exe 692 K 2,444 K 700 ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
chrome.exe 29,476 K 24,428 K 2512 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 31,928 K 33,308 K 2796 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,776 K 40,956 K 2168 Google Chrome Google Inc. (Verified) Google Inc
CLI.exe 23,648 K 3,248 K 2172 CLI Application (Command Line Interface) ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
csrss.exe 1,684 K 4,328 K 460 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
explorer.exe 15,436 K 24,312 K 612 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
inetinfo.exe 4,232 K 8,484 K 1412 Internet Information Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
lsass.exe 3,920 K 1,276 K 548 LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
services.exe 1,984 K 3,796 K 536 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 168 K 424 K 412 Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
snmp.exe 1,604 K 4,044 K 1524 SNMP Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 3,496 K 5,536 K 1196 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
SUPERAntiSpyware.exe 146,616 K 876 K 2288 SUPERAntiSpyware Application SUPERAntiSpyware (Verified) SUPERAntiSpyware.com
svchost.exe 1,896 K 4,400 K 768 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,412 K 3,732 K 952 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,756 K 5,292 K 1088 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,612 K 3,540 K 1396 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,436 K 4,276 K 1780 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 10,684 K 16,880 K 1028 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 3,164 K 5,044 K 716 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
System 0 K 220 K 4
taskmgr.exe 1,444 K 1,700 K 3676 Windows TaskManager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 6,948 K 2,852 K 492 Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
wmiprvse.exe 1,900 K 5,044 K 3452 (No signature was present in the subject)
wscntfy.exe 636 K 2,172 K 2252 Windows Security Center Notification App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
Interrupts 1.54 0 K 0 K n/a Hardware Interrupts and DPCs
procexp.exe 4.62 15,328 K 15,612 K 3332 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 93.85 0 K 16 K 0




also I rebooted twice and still no chkdsk sorry! and avast setup still won't start!
ok i will wait for reply thanks , dewerly
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Click Start, and then click Run.
Type comexp.msc, and then click OK. If the User Account Control dialog box appears, then click Continue.
To locate your computer, click Component Services, click Computers, and then click My Computer.
Right-click My Computer, click Properties, and then click the COM Security tab.

Under Launch and Activation Permissions, click Edit Limits.

There should be 4 users: See picture:



When you click on each of the others all 4 boxes should be checked. Make sure they are then OK. Now go back and click on Edit Defaults. Only three users this time and all boxes should be checked for each.

Under Access Permissions, click Edit Limits. There should only be 2 boxes and both should be checked for all except Anonymous User which should not have the remote box checked. OK. Go back and look at Edit Defaults. This should have 2 boxes with three users and the System user should only have Local box checked. The other two have both boxes checked. OK.

Reboot then go back in and check that things stayed the way you left them.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 17

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

Uninstall

Free Window Registry Repair (Garbage)
Pando Media Booster (normally not a good idea tho may be required for some games)
Super AntiSpyware (may interfere)


Now Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then run a new FRST Scan. Check the Additions box before you hit the Scan button. You will get two logs. Please post both.

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

When you ran Combofix did you allow it to install the Recovery Console? If not please run it again and allow it to install the recovery console. Then see if you can get into the Recovery Console. Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK

Now Reboot. When it gives you a choice between your regular XP and the Recovery Console, hit the down arrow to select the Recovery Console then Enter. You should get a black screen with a C:\> prompt. Type with an Enter after each line:
chkdsk  /r

Does the disk check run this time?


The first fix we did this time may have fixed the Avast install problem. Try it again. If it still doesn't work then right click on the downloaded file and check its properties. Click on Unblock. OK. Try it again. If it still won't work then create a new user with admin rights reboot into the new user and try it from there.
  • 0

#7
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello rk sorry its taking so long im a little slow on the uptake,

here is the logs yu needed:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-12-2013
Ran by DUANE at 2013-12-19 15:38:38 Run:1
Running from C:\Documents and Settings\DUANE\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://search.condui...=CT3306061&UM=2
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION









*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\S{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\Wow6432Node\CLSID\S{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key deleted successfully.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Value deleted successfully.
HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
CHR DefaultSearchKeyword: search.conduit.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.condui...=CT3306061&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====



and here is the blue screen of death logs:

==================================================
Dump File : Mini121913-01.dmp
Crash Time : 12/19/2013 00:03:46
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc02e7fe0
Parameter 2 : 0xc000000e
Parameter 3 : 0xb9ff850c
Parameter 4 : 0x092cc860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121913-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 12/19/2013 00:04:43
==================================================

==================================================
Dump File : Mini121813-03.dmp
Crash Time : 12/18/2013 23:58:16
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc02e7fe0
Parameter 2 : 0xc000000e
Parameter 3 : 0xb9ff850c
Parameter 4 : 0x0830d860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121813-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 12/18/2013 23:59:12
==================================================

==================================================
Dump File : Mini121813-02.dmp
Crash Time : 12/18/2013 23:52:07
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e12bc
Parameter 2 : 0xc000000e
Parameter 3 : 0xf84af50c
Parameter 4 : 0x1568b860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121813-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 12/18/2013 23:52:59
==================================================

==================================================
Dump File : Mini121813-01.dmp
Crash Time : 12/18/2013 15:25:58
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc02e7fe8
Parameter 2 : 0xc000000e
Parameter 3 : 0xb9ffae52
Parameter 4 : 0x1cbfe860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+fe52
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121813-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 12/18/2013 15:26:55
==================================================

==================================================
Dump File : Mini121013-01.dmp
Crash Time : 12/10/2013 10:14:27
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x08f47860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini121013-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 12/10/2013 10:15:24
==================================================

==================================================
Dump File : Mini120113-01.dmp
Crash Time : 12/1/2013 07:16:46
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x1054c860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini120113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 12/1/2013 07:17:41
==================================================

==================================================
Dump File : Mini110513-01.dmp
Crash Time : 11/5/2013 15:02:05
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x0b3b4860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110513-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 11/5/2013 15:03:07
==================================================

==================================================
Dump File : Mini110113-01.dmp
Crash Time : 11/1/2013 16:30:58
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x12385860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 11/1/2013 16:31:53
==================================================

==================================================
Dump File : Mini103013-01.dmp
Crash Time : 10/30/2013 21:53:32
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x19ab2860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103013-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 10/30/2013 21:54:27
==================================================

==================================================
Dump File : Mini102013-01.dmp
Crash Time : 10/20/2013 00:27:53
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x02a15860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102013-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 10/20/2013 00:28:56
==================================================

==================================================
Dump File : Mini101613-01.dmp
Crash Time : 10/16/2013 10:39:15
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x09fec860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101613-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 10/16/2013 10:40:13
==================================================

==================================================
Dump File : Mini083113-01.dmp
Crash Time : 8/31/2013 17:26:35
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x1e849860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini083113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 8/31/2013 17:27:34
==================================================

==================================================
Dump File : Mini080513-01.dmp
Crash Time : 8/5/2013 11:50:53
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x07cbc860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080513-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 8/5/2013 11:51:49
==================================================

==================================================
Dump File : Mini061713-01.dmp
Crash Time : 6/17/2013 06:42:56
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e124c
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8493e52
Parameter 4 : 0x15b47860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+fe52
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c85e
Stack Address 1 : ntoskrnl.exe+4adb9
Stack Address 2 : ntoskrnl.exe+1ecee
Stack Address 3 : ntoskrnl.exe+1463e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini061713-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 6/17/2013 06:43:48
==================================================

==================================================
Dump File : Mini051313-01.dmp
Crash Time : 5/13/2013 19:20:34
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x11f6c860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8fe
Stack Address 1 : ntoskrnl.exe+4ae59
Stack Address 2 : ntoskrnl.exe+1ed8e
Stack Address 3 : ntoskrnl.exe+146de
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini051313-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 5/13/2013 19:21:37
==================================================

==================================================
Dump File : Mini050713-01.dmp
Crash Time : 5/7/2013 10:54:05
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e124c
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8493e52
Parameter 4 : 0x11ac6860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+fe52
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8fe
Stack Address 1 : ntoskrnl.exe+4ae59
Stack Address 2 : ntoskrnl.exe+1ed8e
Stack Address 3 : ntoskrnl.exe+146de
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini050713-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 5/7/2013 10:55:03
==================================================

==================================================
Dump File : Mini042213-01.dmp
Crash Time : 4/22/2013 20:35:05
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x00da4860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8fe
Stack Address 1 : ntoskrnl.exe+4ae59
Stack Address 2 : ntoskrnl.exe+1ed8e
Stack Address 3 : ntoskrnl.exe+146de
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042213-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 4/22/2013 20:36:08
==================================================

==================================================
Dump File : Mini042113-01.dmp
Crash Time : 4/21/2013 17:25:42
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x0e49b860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8fe
Stack Address 1 : ntoskrnl.exe+4ae59
Stack Address 2 : ntoskrnl.exe+1ed8e
Stack Address 3 : ntoskrnl.exe+146de
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 4/21/2013 17:26:38
==================================================

==================================================
Dump File : Mini032413-01.dmp
Crash Time : 3/24/2013 18:48:42
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x1945b860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8ce
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini032413-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 3/24/2013 18:49:42
==================================================

==================================================
Dump File : Mini030113-01.dmp
Crash Time : 3/1/2013 15:11:49
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x1a978860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8ce
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini030113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 3/1/2013 15:12:54
==================================================

==================================================
Dump File : Mini022613-01.dmp
Crash Time : 2/26/2013 19:49:02
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x057e6860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8ce
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini022613-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 2/26/2013 19:50:03
==================================================

==================================================
Dump File : Mini021913-01.dmp
Crash Time : 2/19/2013 17:40:46
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x0fb4f860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8ce
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini021913-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 2/19/2013 17:41:40
==================================================

==================================================
Dump File : Mini020813-01.dmp
Crash Time : 2/8/2013 22:22:33
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0xc000000e
Parameter 2 : 0xc000000e
Parameter 3 : 0x00000000
Parameter 4 : 0x0119c000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c8be
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+49e72
Stack Address 2 : ntoskrnl.exe+110de
Stack Address 3 : ntoskrnl.exe+fb51
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini020813-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 2/8/2013 22:23:42
==================================================

==================================================
Dump File : Mini020713-01.dmp
Crash Time : 2/7/2013 11:41:46
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0xc000000e
Parameter 2 : 0xc000000e
Parameter 3 : 0x00000000
Parameter 4 : 0x03d62000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c8be
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+49e72
Stack Address 2 : ntoskrnl.exe+110de
Stack Address 3 : ntoskrnl.exe+fb51
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini020713-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 2/7/2013 11:42:54
==================================================

==================================================
Dump File : Mini020113-01.dmp
Crash Time : 2/1/2013 23:52:07
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x822f9da0
Parameter 3 : 0x822f9f14
Parameter 4 : 0x805fafec
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c8be
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+157131
Stack Address 2 : ntoskrnl.exe+123faa
Stack Address 3 : aswSnx.SYS+17789
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini020113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 2/1/2013 23:53:23
==================================================

==================================================
Dump File : Mini012113-01.dmp
Crash Time : 1/21/2013 22:32:04
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x1ba09860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini012113-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 1/21/2013 22:33:03
==================================================

==================================================
Dump File : Mini011613-01.dmp
Crash Time : 1/16/2013 07:53:30
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x1e241860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011613-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 1/16/2013 07:54:18
==================================================

==================================================
Dump File : Mini122812-01.dmp
Crash Time : 12/28/2012 12:39:03
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x81f51978
Parameter 3 : 0x81f51aec
Parameter 4 : 0x805fafec
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c8be
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+157131
Stack Address 2 : ntoskrnl.exe+123faa
Stack Address 3 : aswSnx.SYS+17789
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini122812-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 12/28/2012 12:40:00
==================================================

==================================================
Dump File : Mini112112-01.dmp
Crash Time : 11/21/2012 08:56:08
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x0c1a6860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini112112-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 11/21/2012 08:57:02
==================================================

==================================================
Dump File : Mini103112-01.dmp
Crash Time : 10/31/2012 13:52:57
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xe1a64770
Parameter 2 : 0xc000000e
Parameter 3 : 0xbf8f2ca7
Parameter 4 : 0x18314860
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+f2ca7
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6442 (xpsp_sp3_qfe.130829-0416)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103112-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 10/31/2012 13:53:48
==================================================

==================================================
Dump File : Mini103012-01.dmp
Crash Time : 10/30/2012 19:45:47
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e124c
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8493e52
Parameter 4 : 0x06dd2860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+fe52
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini103012-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 10/30/2012 19:47:00
==================================================

==================================================
Dump File : Mini101112-01.dmp
Crash Time : 10/11/2012 05:40:44
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e1244
Parameter 2 : 0xc000000e
Parameter 3 : 0xf849150c
Parameter 4 : 0x02b74860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+4ae39
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101112-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 10/11/2012 05:41:41
==================================================

==================================================
Dump File : Mini100312-01.dmp
Crash Time : 10/3/2012 19:04:16
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc03e124c
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8493e52
Parameter 4 : 0x06155860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+fe52
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+4ae01
Stack Address 2 : ntoskrnl.exe+222c8
Stack Address 3 : ntoskrnl.exe+14a7a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100312-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
Dump File Time : 10/3/2012 19:05:10
==================================================

ok, now
i cant seen to remove the java program in add/remove , i think one of the malware removal prg took it out, not sure.
also going to reboot now and try chkdsk in the recovery screen and ho do i get a log for you?
and ill try avast as soon as check disk is finished.
thank so much for all your help i hope this will help my comp. will see, be back in a bit dewerly
  • 0

#8
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello RK,

check disk worked in recovery consel.
avast downloaded but wont scan anything not even boot time.
what is next?
thanks dewerly
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the text in the code box:

/md5start
atapi.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
  • 0

#10
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello again: olt was not sucessful,

here is the logs yu needed:

Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12192013_180904



next:


Summary
Operating System
Windows XP Professional 32-bit SP3
CPU
Intel Pentium 4
Northwood 0.13um Technology
RAM
512MB DDR @ 134MHz (2.5-3-3-6)
Motherboard
ASUSTeK Computer INC. KIRIN-V (PGA 478)
Graphics
HP L1740 ([email protected])
ATI video (ATI AIB)
ATI video (ATI AIB)
CrossFire Disabled
Storage
74GB SAMSUNG SV0813H (ATA)
Optical Drives
PIONEER DVD-RW DVR-104
LITE-ON LTR-52246S
Audio
Intel AC'97 Audio Controller
Operating System
Windows XP Professional 32-bit SP3
Computer type: Tower
Installation Date: 10/1/2012 15:10:49
Serial Number:woops!!
Windows Security Center
Firewall Disabled
Antivirus Disabled
Windows Update
AutoUpdate Not configured
.NET Frameworks installed
v4.0 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
v1.1 SP1
Internet Explorer
Version 6.0.2900.5512
PowerShell
Version 1.0
Environment Variables
USERPROFILE C:\Documents and Settings\DUANE
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\DUANE\Local Settings\Temp
TMP C:\Documents and Settings\DUANE\Local Settings\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK NO
NUMBER_OF_PROCESSORS 1
OS Windows_NT
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\Program Files\ATI Technologies\ATI.ACE
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE x86
PROCESSOR_IDENTIFIER x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL 15
PROCESSOR_REVISION 0209
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
windir C:\WINDOWS
Power Profile
Active power scheme Home/Office Desk
Hibernation Enabled
Turn Off Monitor after: (On AC Power) 240 min
Turn Off Hard Disk after: (On AC Power) Never
Suspend after: (On AC Power) Never
Screen saver Enabled
Uptime
Current Session
Current Time 12/19/2013 18:17:06
Current Uptime 879 sec (0 d, 00 h, 14 m, 39 s)
Last Boot Time 12/19/2013 18:02:27
Services
Running Application Layer Gateway Service
Running Ati HotKey Poller
Running Background Intelligent Transfer Service
Running COM+ Event System
Running Cryptographic Services
Running DCOM Server Process Launcher
Running DNS Client
Running Event Log
Running FTP Publishing
Running Help and Support
Running HTTP SSL
Running IIS Admin
Running IPSEC Services
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Print Spooler
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Security Accounts Manager
Running SNMP Service
Running SSDP Discovery Service
Running System Event Notification
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running Universal Plug and Play Device Host
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Time
Running World Wide Web Publishing
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Adobe Flash Player Update Service
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped ATI Smart
Stopped Automatic Updates
Stopped avast! Antivirus
Stopped ClipBook
Stopped COM+ System Application
Stopped Computer Browser
Stopped DHCP Client
Stopped Distributed Link Tracking Client
Stopped Distributed Transaction Coordinator
Stopped Error Reporting Service
Stopped Extensible Authentication Protocol Service
Stopped Fast User Switching Compatibility
Stopped Google Software Updater
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management Service
Stopped HID Input Service
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Logical Disk Manager
Stopped Logical Disk Manager Administrative Service
Stopped MBAMScheduler
Stopped MBAMService
Stopped Messenger
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Secondary Logon
Stopped Security Center
Stopped Server
Stopped Shell Hardware Detection
Stopped Smart Card
Stopped SNMP Trap Service
Stopped System Restore Service
Stopped Telnet
Stopped Uninterruptible Power Supply
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Audio
Stopped Windows CardSpace
Stopped Windows Driver Foundation - User-mode Driver Framework
Stopped Windows Firewall/Internet Connection Sharing (ICS)
Stopped Windows Installer
Stopped Windows Management Instrumentation Driver Extensions
Stopped Windows Media Player Network Sharing Service
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Presentation Foundation Font Cache 4.0.0.0
Stopped Wired AutoConfig
Stopped Wireless Zero Configuration
Stopped WMI Performance Adapter
Stopped Workstation
TimeZone
TimeZone GMT -7:00 Hours
Language English (United States)
Location United States
Format English (United States)
Currency $
Date Format M/d/yyyy
Time Format HH:mm:ss
Scheduler
12/19/2013 18:37;Every 1 hour(s) from 00:37 for 24 hour(s) every day, starting 1/1/2000 Adobe Flash Player Updater
12/19/2013 18:47;Every 1 hour(s) from 08:47 for 24 hour(s) every day, starting 12/5/2013 GoogleUpdateTaskMachineUA
12/20/2013 04:28;Every 12 hour(s) from 04:28 for 24 hour(s) every day, starting 12/20/2013 avast! Emergency Update
12/20/2013 08:47;Run at user logon GoogleUpdateTaskMachineCore
System Folders
Application Data C:\Documents and Settings\All Users\Application Data
Cookies C:\Documents and Settings\DUANE\Cookies
Desktop C:\Documents and Settings\DUANE\Desktop
Documents C:\Documents and Settings\All Users\Documents
Fonts C:\WINDOWS\Fonts
Global Favorites C:\Documents and Settings\All Users\Favorites
Internet History C:\Documents and Settings\DUANE\Local Settings\History
Local Application Data C:\Documents and Settings\DUANE\Local Settings\Application Data
Music C:\Documents and Settings\All Users\Documents\My Music
Path for burning CD C:\Documents and Settings\DUANE\Local Settings\Application Data\Microsoft\CD Burning
Physical Desktop C:\Documents and Settings\DUANE\Desktop
Pictures C:\Documents and Settings\All Users\Documents\My Pictures
Program Files C:\Program Files
Public Desktop C:\Documents and Settings\All Users\Desktop
Start Menu C:\Documents and Settings\All Users\Start Menu
Start Menu Programs C:\Documents and Settings\All Users\Start Menu\Programs
Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Templates C:\Documents and Settings\All Users\Templates
Temporary Internet Files C:\Documents and Settings\DUANE\Local Settings\Temporary Internet Files
User Favorites C:\Documents and Settings\DUANE\Favorites
Videos C:\Documents and Settings\All Users\Documents\My Videos
Windows Directory C:\WINDOWS
Windows/System C:\WINDOWS\system32
Process List
alg.exe
Process ID 2396
Path C:\WINDOWS\System32\alg.exe
Memory Usage 3.70 MB
Peak Memory Usage 3.72 MB
ati2evxx.exe
Process ID 752
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\Ati2evxx.exe
Memory Usage 2.28 MB
Peak Memory Usage 2.44 MB
AvastUI.exe
Process ID 1840
User DUANE
Domain WHITE-10-1-12
Path C:\Program Files\AVAST Software\Avast\AvastUI.exe
Memory Usage 7.69 MB
Peak Memory Usage 31 MB
chrome.exe
Process ID 188
User DUANE
Domain WHITE-10-1-12
Path C:\Program Files\Google\Chrome\Application\chrome.exe
Memory Usage 13 MB
Peak Memory Usage 52 MB
chrome.exe
Process ID 1728
User DUANE
Domain WHITE-10-1-12
Path C:\Program Files\Google\Chrome\Application\chrome.exe
Memory Usage 48 MB
Peak Memory Usage 55 MB
chrome.exe
Process ID 2000
User DUANE
Domain WHITE-10-1-12
Path C:\Program Files\Google\Chrome\Application\chrome.exe
Memory Usage 51 MB
Peak Memory Usage 51 MB
chrome.exe
Process ID 2716
User DUANE
Domain WHITE-10-1-12
Path C:\Program Files\Google\Chrome\Application\chrome.exe
Memory Usage 57 MB
Peak Memory Usage 91 MB
CLI.exe
Process ID 1808
User DUANE
Domain WHITE-10-1-12
Path C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Memory Usage 3.35 MB
Peak Memory Usage 34 MB
csrss.exe
Process ID 496
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 5.39 MB
Peak Memory Usage 5.40 MB
explorer.exe
Process ID 1956
User DUANE
Domain WHITE-10-1-12
Path C:\WINDOWS\Explorer.EXE
Memory Usage 4.80 MB
Peak Memory Usage 31 MB
inetinfo.exe
Process ID 1456
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\inetsrv\inetinfo.exe
Memory Usage 8.29 MB
Peak Memory Usage 8.46 MB
lsass.exe
Process ID 580
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 1.82 MB
Peak Memory Usage 6.38 MB
notepad.exe
Process ID 3568
User DUANE
Domain WHITE-10-1-12
Path C:\WINDOWS\notepad.exe
Memory Usage 608 KB
Peak Memory Usage 3.19 MB
services.exe
Process ID 568
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 3.70 MB
Peak Memory Usage 3.77 MB
smss.exe
Process ID 444
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 416 KB
Peak Memory Usage 508 KB
snmp.exe
Process ID 1564
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\snmp.exe
Memory Usage 3.96 MB
Peak Memory Usage 4.10 MB
Speccy.exe
Process ID 1144
User DUANE
Domain WHITE-10-1-12
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
spoolsv.exe
Process ID 1248
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 5.43 MB
Peak Memory Usage 5.43 MB
svchost.exe
Process ID 152
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.19 MB
Peak Memory Usage 4.20 MB
svchost.exe
Process ID 768
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.86 MB
Peak Memory Usage 4.91 MB
svchost.exe
Process ID 820
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.30 MB
Peak Memory Usage 4.30 MB
svchost.exe
Process ID 1068
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.77 MB
Peak Memory Usage 4.20 MB
svchost.exe
Process ID 1132
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 5.18 MB
Peak Memory Usage 5.19 MB
svchost.exe
Process ID 1444
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.46 MB
Peak Memory Usage 3.47 MB
svchost.exe
Process ID 4024
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 22 MB
Peak Memory Usage 22 MB
System
Process ID 4
Memory Usage 236 KB
Peak Memory Usage 2.80 MB
System Idle Process
Process ID 0
taskmgr.exe
Process ID 3840
User DUANE
Domain WHITE-10-1-12
Path C:\WINDOWS\system32\taskmgr.exe
Memory Usage 1.68 MB
Peak Memory Usage 4.22 MB
winlogon.exe
Process ID 524
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 2.31 MB
Peak Memory Usage 12 MB
wmiprvse.exe
Process ID 1076
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 7.52 MB
Peak Memory Usage 7.85 MB
wmiprvse.exe
Process ID 1044
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 5.03 MB
Peak Memory Usage 5.03 MB
wscntfy.exe
Process ID 2432
User DUANE
Domain WHITE-10-1-12
Path C:\WINDOWS\system32\wscntfy.exe
Memory Usage 2.11 MB
Peak Memory Usage 2.11 MB
wuauclt.exe
Process ID 2492
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wuauclt.exe
Memory Usage 6.73 MB
Peak Memory Usage 6.73 MB
Security Options
Accounts: Administrator account status Enabled
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Enabled
Audit: Audit the use of Backup and Restore privilege Enabled
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax O:BAG:BAD:(A;;CCDC;;;AN)(A;;CCDC;;;S-1-5-21-725345543-1788223648-682003330-1003)(A;;CCDC;;;WD)
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Administrators
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Disabled
Devices: Restrict floppy access to locally logged-on user only Disabled
Devices: Unsigned driver installation behavior Warn but allow installation
Domain controller: Allow server operators to schedule tasks Not defined
Domain controller: LDAP server signing requirements Not defined
Domain controller: Refuse machine account password changes Not defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Disabled
Interactive logon: Display user information when the session is locked Not defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 14 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Not defined
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of credentials or .NET Passports for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Network access: Shares that can be accessed anonymously COMCFG,DFS$
Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest
Network security: Do not store LAN Manager hash value on next password change Disabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Send LM & NTLM responses
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients No minimum
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers No minimum
Recovery console: Allow automatic administrative logon Enabled
Recovery console: Allow floppy copy and access to all drives and all folders Enabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Default owner for objects created by members of the Administrators group Object creator
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
Device Tree
ACPI Uniprocessor PC
Microsoft ACPI-Compliant System
ACPI Fixed Feature Button
ACPI Power Button
Intel Pentium 4 CPU 2.40GHz
System board
PCI bus
Intel 82845G/GL/GE/PE/GV/E Processor to I/O Controller - 2560
Intel AC'97 Audio Controller
Video Controller (VGA Compatible)
Intel® 82801DB/DBM USB Universal Host Controller - 24C2
USB Root Hub
Intel® 82801DB/DBM USB Universal Host Controller - 24C4
USB Root Hub
USB Human Interface Device
HID-compliant mouse
Intel® 82801DB/DBM USB Universal Host Controller - 24C7
USB Root Hub
Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
USB Root Hub
Intel® 82801 PCI Bridge - 244E
Network Controller
RADEON 9250 - Secondary
Realtek RTL8139/810x Family Fast Ethernet NIC
RADEON 9250
Plug and Play Monitor
NEC OHCI Compliant IEEE 1394 Host Controller
1394 Net Adapter
Intel® 82801DB LPC Interface Controller - 24C0
Communications Port (COM1)
Direct memory access controller
ISAPNP Read Data Port
Motherboard resources
Motherboard resources
Motherboard resources
Numeric data processor
Programmable interrupt controller
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
System CMOS/real time clock
System speaker
System timer
Standard floppy disk controller
Floppy disk drive
ECP Printer Port (LPT1)
Printer Port Logical Interface
Intel® 82801DB Ultra ATA Storage Controller - 24CB
Primary IDE Channel
SAMSUNG SV0813H
Secondary IDE Channel
LITE-ON LTR-52246S
PIONEER DVD-RW DVR-104
CPU
Intel Pentium 4
Cores 1
Threads 1
Name Intel Pentium 4
Code Name Northwood
Package Socket 478 mPGA
Technology 0.13um
Specification Intel Pentium 4 CPU 2.40GHz
Family F
Extended Family F
Model 2
Extended Model 2
Stepping 9
Revision D1
Instructions MMX, SSE, SSE2
Virtualization Not supported
Hyperthreading Not supported
Bus Speed 134.0 MHz
Rated Bus Speed 536.0 MHz
Stock Core Speed 2400 MHz
Stock Bus Speed 133 MHz
Caches
L1 Data Cache Size 8 KBytes
L1 trace cache 12 Kµops
L2 Unified Cache Size 512 KBytes
Core 0
Core Speed 2412.1 MHz
Multiplier x 18.0
Bus Speed 134.0 MHz
Rated Bus Speed 536.0 MHz
Thread 1
APIC ID 0
RAM
Memory slots
Total memory slots 5
Used memory slots 2
Free memory slots 3
Memory
Type DDR
Size 512 MBytes
DRAM Frequency 134.0 MHz
CAS# Latency (CL) 2.5 clocks
RAS# to CAS# Delay (tRCD) 3 clocks
RAS# Precharge (tRP) 3 clocks
Cycle Time (tRAS) 6 clocks
Physical Memory
Memory Usage 68 %
Total Physical 503 MB
Available Physical 158 MB
Total Virtual 1.94 GB
Available Virtual 1.53 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR
Size 256 MBytes
Manufacturer Micron Technology
Max Bandwidth PC2100 (133 MHz)
Part Number 8VDDT3264AG-265C4
Serial Number 361C5CCA
Week/year 28 / 03
JEDEC #2
Frequency 133.3 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 6
Voltage 2.500 V
JEDEC #1
Frequency 100.0 MHz
CAS# Latency 2.0
RAS# To CAS# 2
RAS# Precharge 2
tRAS 5
Voltage 2.500 V
Slot #2
Type DDR
Size 256 MBytes
Manufacturer Kingston
Max Bandwidth PC2100 (133 MHz)
Part Number KVR266X64C25/256
Serial Number 55158C00
Week/year 42 / 01
JEDEC #2
Frequency 133.3 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 6
Voltage 2.500 V
JEDEC #1
Frequency 100.0 MHz
CAS# Latency 2.0
RAS# To CAS# 2
RAS# Precharge 2
tRAS 5
Voltage 2.500 V
Motherboard
Manufacturer ASUSTeK Computer INC.
Model KIRIN-V (PGA 478)
Version 28001730
Chipset Vendor Intel
Chipset Model i845G
Chipset Revision B1
Southbridge Vendor Intel
Southbridge Model 82801DB (ICH4)
Southbridge Revision 02
BIOS
Brand Award Software, Inc.
Version ACPI BIOS Revision 1003
Date 5/14/2003
PCI Data
Slot PCI
Slot Type PCI
Slot Usage In Use
Bus Width 32 bit
Slot Designation PCI 1
Characteristics 5V, 3.3V, PME
Slot Number 0
Slot PCI
Slot Type PCI
Slot Usage In Use
Bus Width 32 bit
Slot Designation PCI 2
Characteristics 5V, 3.3V, PME
Slot Number 1
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI 3
Characteristics 5V, 3.3V, PME
Slot Number 2
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation AGP
Characteristics 3.3V, PME
Slot Number 3
Graphics
Monitor
Name HP L1740 on RADEON 9250
Current Resolution 800x600 pixels
Work Resolution 800x569 pixels
State Enabled, Primary, Output devices support
Monitor Width 800
Monitor Height 600
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
ATI video
Manufacturer ATI
Model video
GPU RV280
Device ID 1002-5960
Revision 2
Subvendor ATI AIB (1787)
Series Radeon 9
Current Performance Level Level 0
Technology 150 nm
Transistors 36 M
Release Date 2004
DirectX Support 8.1
DirectX Shader Model 1.4
OpenGL Support 1.3
Bios Core Clock 240.00
Bios Mem Clock 166.00
Driver version 8.252.0.0
ROPs 4
Shaders Vertex 4/Pixel 41
Memory Type DDR
Bus Width 64x2 (128 bit)
Anti Aliasing Modes -?-
Filtering Modes Bilinear, Trilinear, 16x Anisotropic
Noise Level Quiet
Count of performance levels : 1
Level 1
ATI video
Manufacturer ATI
Model video
GPU RV280
Device ID 1002-5940
Revision 2
Subvendor ATI AIB (1787)
Current Performance Level Level 0
Transistors 36 M
Release Date 2004
DirectX Support 8.1
DirectX Shader Model 1.4
OpenGL Support 1.3
Bios Core Clock 240.00
Bios Mem Clock 166.00
Driver version 8.252.0.0
ROPs 4
Shaders Vertex 4/Pixel 41
Memory Type DDR
Bus Width 128 Bit
Count of performance levels : 1
Level 1
Storage
Hard drives
SAMSUNG SV0813H
Manufacturer SAMSUNG
Heads 16
Cylinders 9,733
Tracks 2,481,915
Sectors 156,360,645
Device type Fixed
ATA Standard ATA/ATAPI-6
Serial Number 0501J1BW700547
LBA Size 28bit LBA
Power On Count Unknown
Power On Time Unknown
Features S.M.A.R.T., AAM
Transfer Mode Ultra DMA/100
Interface ATA
Capacity 74 GB
Real size 80,060,424,192 bytes
RAID Type None
S.M.A.R.T
Status Unknown
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number 14F89F47
Size 68 GB
Used Space 18.5 GB (28%)
Free Space 49 GB (72%)
Optical Drives
PIONEER DVD-RW DVR-104
Media Type DVD Writer
Name PIONEER DVD-RW DVR-104
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-ROM, DVD-R, DVD-RW, DVD-R DL
Write capabilities CD-R, CD-RW, DVD-R, DVD-RW, DVD-R DL
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
LITE-ON LTR-52246S
Media Type CD Writer
Name LITE-ON LTR-52246S
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM
Write capabilities CD-R, CD-RW
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
DriveIntegrity TRUE
Media Loaded TRUE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 1
Size 641 MB
Status OK
Transfer Rate 2651 KB/S
Volume Name Morrowind
Volume Serial Number E4148E33
Audio
Sound Card
Intel AC'97 Audio Controller
Speaker Configuration
Speaker Configuration
Speaker type Stereo
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Vendor (Standard keyboards)
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2600.2180
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Printers
Microsoft XPS Document Writer (Default Printer)
Printer Port XPSPort:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through Realtek RTL8139/810x Family Fast Ethernet NIC
IP Address 184.166.70.116
Subnet mask 255.255.252.0
Gateway server 184.166.68.1
Preferred DNS server 69.145.248.4
Alternate DNS server 69.146.17.2
Alternate DNS server 69.144.49.29
DHCP Enabled
DHCP server 172.18.131.26
External IP Address 184.166.70.116
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Unknown node type
Link Speed 0 Bps
Computer Name
NetBIOS Name
DNS Name white-10-1-12
Membership Stand-alone
Remote Desktop
Disabled
Console
State Active
Domain WHITE-10-1-12
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest
Adapters List
Realtek RTL8139/810x Family Fast Ethernet NIC
Connection Name Local Area Connection
NetBIOS over TCPIP No
DHCP enabled Yes
MAC Address 00-0C-6E-72-1C-CD
IP Address 184.166.70.116
Subnet mask 255.255.252.0
Gateway server 184.166.68.1
DHCP 172.18.131.26
DNS Server 69.145.248.4
69.146.17.2
69.144.49.29
Network Shares
No network shares
Current TCP Connections
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (1808)
Local 127.0.0.1:1029 LISTEN
C:\Program Files\Google\Chrome\Application\chrome.exe (188)
Local 184.166.70.116:1390 ESTABLISHED Remote 173.194.33.143:80 (Querying... ) (HTTP)
Local 184.166.70.116:1391 ESTABLISHED Remote 173.194.33.143:80 (Querying... ) (HTTP)
Local 184.166.70.116:1434 ESTABLISHED Remote 173.194.33.136:80 (Querying... ) (HTTP)
Local 184.166.70.116:1382 ESTABLISHED Remote 173.194.33.154:80 (Querying... ) (HTTP)
Local 184.166.70.116:1462 ESTABLISHED Remote 173.194.33.156:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1470 ESTABLISHED Remote 173.194.33.154:80 (Querying... ) (HTTP)
Local 184.166.70.116:1496 ESTABLISHED Remote 173.194.33.128:80 (Querying... ) (HTTP)
Local 184.166.70.116:1497 ESTABLISHED Remote 173.194.33.129:80 (Querying... ) (HTTP)
Local 184.166.70.116:1461 ESTABLISHED Remote 173.194.33.156:80 (Querying... ) (HTTP)
Local 184.166.70.116:1178 ESTABLISHED Remote 173.194.33.141:80 (Querying... ) (HTTP)
Local 184.166.70.116:1109 ESTABLISHED Remote 69.144.75.218:80 (Querying... ) (HTTP)
Local 184.166.70.116:1145 ESTABLISHED Remote 173.194.33.128:80 (Querying... ) (HTTP)
Local 184.166.70.116:1158 ESTABLISHED Remote 173.194.33.129:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1199 ESTABLISHED Remote 173.194.33.143:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1237 ESTABLISHED Remote 74.125.28.84:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1354 ESTABLISHED Remote 108.168.208.206:80 (Querying... ) (HTTP)
Local 184.166.70.116:1363 ESTABLISHED Remote 173.194.33.141:80 (Querying... ) (HTTP)
Local 184.166.70.116:1370 ESTABLISHED Remote 173.194.33.153:80 (Querying... ) (HTTP)
Local 184.166.70.116:1374 ESTABLISHED Remote 23.6.97.224:80 (Querying... ) (HTTP)
Local 184.166.70.116:1375 ESTABLISHED Remote 23.6.97.224:80 (Querying... ) (HTTP)
Local 184.166.70.116:1388 ESTABLISHED Remote 173.194.33.143:80 (Querying... ) (HTTP)
Local 184.166.70.116:1389 ESTABLISHED Remote 173.194.33.143:80 (Querying... ) (HTTP)
C:\Program Files\Speccy\Speccy.exe (1144)
Local 184.166.70.116:1503 SYN-SENT Remote 108.171.164.204:80 (Querying... ) (HTTP)
C:\WINDOWS\system32\inetsrv\inetinfo.exe (1456)
Local 0.0.0.0:21 (FTP-data) LISTEN
Local 0.0.0.0:1025 LISTEN
Local 0.0.0.0:443 (HTTPS) LISTEN
Local 0.0.0.0:80 (HTTP) LISTEN
C:\WINDOWS\system32\svchost.exe (820)
Local 0.0.0.0:135 (DCE) LISTEN
System Process
Local 184.166.70.116:1116 TIME-WAIT Remote 173.194.33.134:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1191 TIME-WAIT Remote 74.121.136.104:80 (Querying... ) (HTTP)
Local 184.166.70.116:1163 TIME-WAIT Remote 23.59.189.120:80 (Querying... ) (HTTP)
Local 184.166.70.116:1162 TIME-WAIT Remote 23.59.189.120:80 (Querying... ) (HTTP)
Local 184.166.70.116:1156 TIME-WAIT Remote 23.59.189.113:80 (Querying... ) (HTTP)
Local 184.166.70.116:1258 TIME-WAIT Remote 204.144.141.26:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1151 TIME-WAIT Remote 69.144.75.137:80 (Querying... ) (HTTP)
Local 184.166.70.116:1139 TIME-WAIT Remote 69.144.75.147:80 (Querying... ) (HTTP)
Local 184.166.70.116:1200 TIME-WAIT Remote 23.59.189.121:80 (Querying... ) (HTTP)
Local 184.166.70.116:1212 TIME-WAIT Remote 208.71.121.194:80 (Querying... ) (HTTP)
Local 184.166.70.116:1214 TIME-WAIT Remote 204.144.141.26:80 (Querying... ) (HTTP)
Local 184.166.70.116:1218 TIME-WAIT Remote 68.142.253.16:80 (Querying... ) (HTTP)
Local 184.166.70.116:1222 TIME-WAIT Remote 2.20.32.74:80 (Querying... ) (HTTP)
Local 184.166.70.116:1224 TIME-WAIT Remote 204.144.140.28:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1248 TIME-WAIT Remote 69.144.75.153:80 (Querying... ) (HTTP)
Local 184.166.70.116:1330 TIME-WAIT Remote 204.144.140.28:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1331 TIME-WAIT Remote 204.144.140.28:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1332 TIME-WAIT Remote 208.71.122.1:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1333 TIME-WAIT Remote 208.71.122.1:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1334 TIME-WAIT Remote 208.71.122.1:443 (Querying... ) (HTTPS)
Local 184.166.70.116:1340 TIME-WAIT Remote 2.19.131.146:80 (Querying... ) (HTTP)
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 184.166.70.116:139 (NetBIOS session service) LISTEN
Generated with Speccy v1.24.632



and finnily:

18:20:39.0045 1696 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:20:48.0232 1696 ============================================================
18:20:48.0232 1696 Current date / time: 2013/12/19 18:20:48.0232
18:20:48.0232 1696 SystemInfo:
18:20:48.0232 1696
18:20:48.0232 1696 OS Version: 5.1.2600 ServicePack: 3.0
18:20:48.0232 1696 Product type: Workstation
18:20:48.0232 1696 ComputerName: WHITE-10-1-12
18:20:48.0232 1696 UserName: DUANE
18:20:48.0232 1696 Windows directory: C:\WINDOWS
18:20:48.0232 1696 System windows directory: C:\WINDOWS
18:20:48.0232 1696 Processor architecture: Intel x86
18:20:48.0232 1696 Number of processors: 1
18:20:48.0232 1696 Page size: 0x1000
18:20:48.0232 1696 Boot type: Normal boot
18:20:48.0232 1696 ============================================================
18:20:50.0451 1696 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:20:50.0451 1696 ============================================================
18:20:50.0451 1696 \Device\Harddisk0\DR0:
18:20:50.0451 1696 MBR partitions:
18:20:50.0451 1696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
18:20:50.0451 1696 ============================================================
18:20:50.0482 1696 C: <-> \Device\Harddisk0\DR0\Partition1
18:20:50.0482 1696 ============================================================
18:20:50.0482 1696 Initialize success
18:20:50.0482 1696 ============================================================
18:21:59.0592 3940 ============================================================
18:21:59.0592 3940 Scan started
18:21:59.0592 3940 Mode: Manual; SigCheck;
18:21:59.0592 3940 ============================================================
18:21:59.0857 3940 ================ Scan system memory ========================
18:21:59.0857 3940 System memory - ok
18:21:59.0873 3940 ================ Scan services =============================
18:22:00.0107 3940 Abiosdsk - ok
18:22:00.0123 3940 abp480n5 - ok
18:22:00.0217 3940 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
18:22:06.0842 3940 ac97intc - ok
18:22:06.0936 3940 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:22:07.0248 3940 ACPI - ok
18:22:07.0279 3940 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:22:07.0561 3940 ACPIEC - ok
18:22:07.0701 3940 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:22:07.0748 3940 AdobeFlashPlayerUpdateSvc - ok
18:22:07.0764 3940 adpu160m - ok
18:22:07.0795 3940 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:22:08.0045 3940 aec - ok
18:22:08.0107 3940 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:22:08.0186 3940 AFD - ok
18:22:08.0217 3940 Aha154x - ok
18:22:08.0232 3940 aic78u2 - ok
18:22:08.0264 3940 aic78xx - ok
18:22:08.0295 3940 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:22:08.0529 3940 Alerter - ok
18:22:08.0576 3940 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:22:08.0732 3940 ALG - ok
18:22:08.0748 3940 AliIde - ok
18:22:08.0779 3940 amsint - ok
18:22:08.0842 3940 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:22:08.0967 3940 AppMgmt - ok
18:22:09.0014 3940 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:22:09.0217 3940 Arp1394 - ok
18:22:09.0232 3940 asc - ok
18:22:09.0248 3940 asc3350p - ok
18:22:09.0279 3940 asc3550 - ok
18:22:09.0514 3940 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:22:09.0545 3940 aspnet_state - ok
18:22:09.0607 3940 [ 6F1505608202BBD179095A6A150D103F ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:22:09.0701 3940 aswMonFlt - ok
18:22:09.0732 3940 [ B269C41DF93EFF71DF0986BD982D1C46 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
18:22:09.0764 3940 aswRdr - ok
18:22:09.0795 3940 [ F385467DF95D0A73775CB3B076B8B969 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
18:22:09.0826 3940 aswRvrt - ok
18:22:09.0889 3940 [ 0F639D0526820BA7872C963813E0EB8D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:22:09.0967 3940 aswSnx - ok
18:22:10.0029 3940 [ 7BA7543EA7936A7ADA615F6DE7C95494 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:22:10.0092 3940 aswSP - ok
18:22:10.0123 3940 [ 875D2B1054F2ECD8F575D6CBE78DD7BA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:22:10.0154 3940 aswTdi - ok
18:22:10.0201 3940 [ 1B0662514A68C3A42E60D240C5ABEF28 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
18:22:10.0232 3940 aswVmm - ok
18:22:10.0279 3940 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:22:10.0529 3940 AsyncMac - ok
18:22:10.0576 3940 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:22:10.0811 3940 atapi - ok
18:22:10.0842 3940 Atdisk - ok
18:22:10.0936 3940 [ A2EAEB497CA29ECAEAF0DF66AD85C57D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:22:11.0061 3940 Ati HotKey Poller - ok
18:22:11.0154 3940 [ 312A17DFF710A0F4E6D4DD1D52EAD1A8 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:22:11.0279 3940 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
18:22:11.0279 3940 ATI Smart - detected UnsignedFile.Multi.Generic (1)
18:22:11.0436 3940 [ 492BD2A5F65F218D4EDE5764A3BB67E9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:22:11.0670 3940 ati2mtag - ok
18:22:11.0748 3940 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:22:11.0967 3940 Atmarpc - ok
18:22:12.0029 3940 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:22:12.0232 3940 AudioSrv - ok
18:22:12.0311 3940 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:22:12.0529 3940 audstub - ok
18:22:12.0732 3940 [ D74884939D53612FD84AC82C59CCFE27 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:22:12.0748 3940 avast! Antivirus - ok
18:22:12.0811 3940 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:22:13.0045 3940 Beep - ok
18:22:13.0139 3940 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:22:13.0482 3940 BITS - ok
18:22:13.0561 3940 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:22:13.0686 3940 Browser - ok
18:22:13.0732 3940 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:22:13.0982 3940 cbidf2k - ok
18:22:14.0014 3940 cd20xrnt - ok
18:22:14.0061 3940 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:22:14.0295 3940 Cdaudio - ok
18:22:14.0357 3940 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:22:14.0592 3940 Cdfs - ok
18:22:14.0639 3940 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:22:14.0904 3940 Cdrom - ok
18:22:14.0936 3940 Changer - ok
18:22:14.0998 3940 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:22:15.0217 3940 CiSvc - ok
18:22:15.0264 3940 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:22:15.0482 3940 ClipSrv - ok
18:22:15.0545 3940 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:22:15.0654 3940 clr_optimization_v2.0.50727_32 - ok
18:22:15.0795 3940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:22:15.0857 3940 clr_optimization_v4.0.30319_32 - ok
18:22:15.0857 3940 CmdIde - ok
18:22:15.0889 3940 COMSysApp - ok
18:22:15.0936 3940 Cpqarray - ok
18:22:16.0029 3940 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:22:16.0264 3940 CryptSvc - ok
18:22:16.0295 3940 dac2w2k - ok
18:22:16.0311 3940 dac960nt - ok
18:22:16.0420 3940 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:22:16.0561 3940 DcomLaunch - ok
18:22:16.0639 3940 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:22:16.0873 3940 Dhcp - ok
18:22:16.0951 3940 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:22:17.0201 3940 Disk - ok
18:22:17.0232 3940 dmadmin - ok
18:22:17.0295 3940 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:22:17.0592 3940 dmboot - ok
18:22:17.0654 3940 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:22:17.0904 3940 dmio - ok
18:22:17.0936 3940 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:22:18.0154 3940 dmload - ok
18:22:18.0217 3940 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:22:18.0467 3940 dmserver - ok
18:22:18.0514 3940 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:22:18.0764 3940 DMusic - ok
18:22:18.0826 3940 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:22:18.0967 3940 Dnscache - ok
18:22:19.0014 3940 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:22:19.0232 3940 Dot3svc - ok
18:22:19.0248 3940 dpti2o - ok
18:22:19.0326 3940 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:22:19.0561 3940 drmkaud - ok
18:22:19.0607 3940 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:22:19.0811 3940 EapHost - ok
18:22:19.0873 3940 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:22:20.0107 3940 ERSvc - ok
18:22:20.0170 3940 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:22:20.0248 3940 Eventlog - ok
18:22:20.0326 3940 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:22:20.0404 3940 EventSystem - ok
18:22:20.0467 3940 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:22:20.0701 3940 Fastfat - ok
18:22:20.0779 3940 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:22:20.0889 3940 FastUserSwitchingCompatibility - ok
18:22:20.0936 3940 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:22:21.0186 3940 Fdc - ok
18:22:21.0248 3940 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:22:21.0498 3940 Fips - ok
18:22:21.0545 3940 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:22:21.0779 3940 Flpydisk - ok
18:22:21.0842 3940 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:22:22.0076 3940 FltMgr - ok
18:22:22.0201 3940 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:22:22.0357 3940 FontCache3.0.0.0 - ok
18:22:22.0389 3940 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:22:22.0623 3940 Fs_Rec - ok
18:22:22.0686 3940 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:22:22.0920 3940 Ftdisk - ok
18:22:22.0967 3940 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:22:23.0217 3940 Gpc - ok
18:22:23.0357 3940 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:23.0404 3940 gupdate - ok
18:22:23.0420 3940 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:23.0451 3940 gupdatem - ok
18:22:23.0514 3940 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:22:23.0561 3940 gusvc - ok
18:22:23.0670 3940 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:22:23.0904 3940 helpsvc - ok
18:22:23.0967 3940 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:22:24.0232 3940 HidServ - ok
18:22:24.0311 3940 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:22:24.0545 3940 hidusb - ok
18:22:24.0592 3940 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:22:24.0842 3940 hkmsvc - ok
18:22:24.0857 3940 hpn - ok
18:22:24.0936 3940 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:22:25.0029 3940 HTTP - ok
18:22:25.0076 3940 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:22:25.0326 3940 HTTPFilter - ok
18:22:25.0342 3940 i2omgmt - ok
18:22:25.0373 3940 i2omp - ok
18:22:25.0389 3940 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:22:25.0623 3940 i8042prt - ok
18:22:25.0701 3940 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:22:25.0779 3940 idsvc - ok
18:22:25.0920 3940 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:22:26.0045 3940 IISADMIN - ok
18:22:26.0076 3940 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:22:26.0311 3940 Imapi - ok
18:22:26.0389 3940 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:22:26.0639 3940 ImapiService - ok
18:22:26.0670 3940 ini910u - ok
18:22:26.0717 3940 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:22:26.0982 3940 IntelIde - ok
18:22:27.0045 3940 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:22:27.0311 3940 intelppm - ok
18:22:27.0357 3940 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:22:27.0654 3940 Ip6Fw - ok
18:22:27.0701 3940 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:22:27.0936 3940 IpFilterDriver - ok
18:22:27.0967 3940 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:22:28.0201 3940 IpInIp - ok
18:22:28.0248 3940 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:22:28.0514 3940 IpNat - ok
18:22:28.0561 3940 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:22:28.0826 3940 IPSec - ok
18:22:28.0873 3940 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:22:29.0014 3940 IRENUM - ok
18:22:29.0076 3940 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:22:29.0311 3940 isapnp - ok
18:22:29.0357 3940 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:22:29.0607 3940 Kbdclass - ok
18:22:29.0654 3940 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:22:29.0857 3940 kbdhid - ok
18:22:29.0873 3940 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:22:30.0139 3940 kmixer - ok
18:22:30.0201 3940 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:22:30.0342 3940 KSecDD - ok
18:22:30.0404 3940 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:22:30.0514 3940 lanmanserver - ok
18:22:30.0576 3940 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:22:30.0686 3940 lanmanworkstation - ok
18:22:30.0701 3940 lbrtfdc - ok
18:22:30.0779 3940 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:22:31.0045 3940 LmHosts - ok
18:22:31.0092 3940 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:22:31.0123 3940 MBAMProtector - ok
18:22:31.0201 3940 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:22:31.0264 3940 MBAMScheduler - ok
18:22:31.0326 3940 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:22:31.0389 3940 MBAMService - ok
18:22:31.0467 3940 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:22:31.0748 3940 Messenger - ok
18:22:31.0826 3940 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:22:32.0045 3940 mnmdd - ok
18:22:32.0123 3940 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:22:32.0389 3940 mnmsrvc - ok
18:22:32.0467 3940 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:22:32.0654 3940 Modem - ok
18:22:32.0686 3940 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:22:32.0951 3940 Mouclass - ok
18:22:32.0998 3940 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:22:33.0232 3940 mouhid - ok
18:22:33.0295 3940 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:22:33.0561 3940 MountMgr - ok
18:22:33.0576 3940 mraid35x - ok
18:22:33.0639 3940 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:22:33.0857 3940 MRxDAV - ok
18:22:33.0967 3940 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:22:34.0092 3940 MRxSmb - ok
18:22:34.0154 3940 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:22:34.0389 3940 MSDTC - ok
18:22:34.0467 3940 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:22:34.0717 3940 Msfs - ok
18:22:34.0748 3940 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:22:34.0857 3940 MSFtpsvc - ok
18:22:34.0873 3940 MSIServer - ok
18:22:34.0920 3940 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:22:35.0123 3940 MSKSSRV - ok
18:22:35.0154 3940 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:22:35.0389 3940 MSPCLOCK - ok
18:22:35.0420 3940 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:22:35.0623 3940 MSPQM - ok
18:22:35.0639 3940 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:22:35.0904 3940 mssmbios - ok
18:22:35.0951 3940 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:22:36.0045 3940 Mup - ok
18:22:36.0092 3940 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:22:36.0342 3940 napagent - ok
18:22:36.0420 3940 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:22:36.0670 3940 NDIS - ok
18:22:36.0748 3940 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:22:36.0811 3940 NdisTapi - ok
18:22:36.0857 3940 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:22:37.0107 3940 Ndisuio - ok
18:22:37.0154 3940 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:22:37.0404 3940 NdisWan - ok
18:22:37.0451 3940 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:22:37.0592 3940 NDProxy - ok
18:22:37.0639 3940 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:22:37.0889 3940 NetBIOS - ok
18:22:37.0951 3940 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:22:38.0186 3940 NetBT - ok
18:22:38.0232 3940 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:22:38.0482 3940 NetDDE - ok
18:22:38.0514 3940 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:22:38.0748 3940 NetDDEdsdm - ok
18:22:38.0795 3940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:22:39.0029 3940 Netlogon - ok
18:22:39.0123 3940 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:22:39.0389 3940 Netman - ok
18:22:39.0436 3940 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:22:39.0467 3940 NetTcpPortSharing - ok
18:22:39.0545 3940 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:22:39.0811 3940 NIC1394 - ok
18:22:39.0873 3940 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:22:39.0951 3940 Nla - ok
18:22:39.0998 3940 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:22:40.0264 3940 Npfs - ok
18:22:40.0342 3940 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:22:40.0607 3940 Ntfs - ok
18:22:40.0654 3940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:22:40.0904 3940 NtLmSsp - ok
18:22:40.0982 3940 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:22:41.0232 3940 NtmsSvc - ok
18:22:41.0279 3940 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:22:41.0529 3940 Null - ok
18:22:41.0576 3940 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:22:41.0811 3940 NwlnkFlt - ok
18:22:41.0826 3940 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:22:42.0045 3940 NwlnkFwd - ok
18:22:42.0107 3940 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:22:42.0357 3940 ohci1394 - ok
18:22:42.0404 3940 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:22:42.0639 3940 Parport - ok
18:22:42.0701 3940 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:22:42.0951 3940 PartMgr - ok
18:22:43.0014 3940 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:22:43.0248 3940 ParVdm - ok
18:22:43.0295 3940 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:22:43.0545 3940 PCI - ok
18:22:43.0561 3940 PCIDump - ok
18:22:43.0592 3940 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
18:22:43.0811 3940 PCIIde - ok
18:22:43.0842 3940 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:22:44.0092 3940 Pcmcia - ok
18:22:44.0107 3940 PDCOMP - ok
18:22:44.0123 3940 PDFRAME - ok
18:22:44.0154 3940 PDRELI - ok
18:22:44.0186 3940 PDRFRAME - ok
18:22:44.0217 3940 perc2 - ok
18:22:44.0248 3940 perc2hib - ok
18:22:44.0389 3940 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:22:44.0467 3940 PlugPlay - ok
18:22:44.0482 3940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:22:44.0717 3940 PolicyAgent - ok
18:22:44.0779 3940 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:22:45.0029 3940 PptpMiniport - ok
18:22:45.0076 3940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:22:45.0311 3940 ProtectedStorage - ok
18:22:45.0373 3940 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:22:45.0607 3940 PSched - ok
18:22:45.0639 3940 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:22:45.0873 3940 Ptilink - ok
18:22:45.0889 3940 ql1080 - ok
18:22:45.0920 3940 Ql10wnt - ok
18:22:45.0951 3940 ql12160 - ok
18:22:45.0967 3940 ql1240 - ok
18:22:45.0998 3940 ql1280 - ok
18:22:46.0061 3940 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:22:46.0311 3940 RasAcd - ok
18:22:46.0342 3940 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:22:46.0592 3940 RasAuto - ok
18:22:46.0639 3940 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:22:46.0920 3940 Rasl2tp - ok
18:22:46.0998 3940 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:22:47.0232 3940 RasMan - ok
18:22:47.0279 3940 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:22:47.0529 3940 RasPppoe - ok
18:22:47.0561 3940 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:22:47.0779 3940 Raspti - ok
18:22:47.0842 3940 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:22:48.0076 3940 Rdbss - ok
18:22:48.0123 3940 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:22:48.0389 3940 RDPCDD - ok
18:22:48.0436 3940 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:22:48.0670 3940 rdpdr - ok
18:22:48.0732 3940 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:22:48.0795 3940 RDPWD - ok
18:22:48.0857 3940 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:22:49.0123 3940 RDSessMgr - ok
18:22:49.0186 3940 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:22:49.0436 3940 redbook - ok
18:22:49.0482 3940 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:22:49.0748 3940 RemoteAccess - ok
18:22:49.0795 3940 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:22:50.0061 3940 RemoteRegistry - ok
18:22:50.0107 3940 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:22:50.0311 3940 RpcLocator - ok
18:22:50.0404 3940 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:22:50.0498 3940 RpcSs - ok
18:22:50.0561 3940 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:22:50.0826 3940 RSVP - ok
18:22:50.0873 3940 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
18:22:51.0029 3940 RTL8023xp - ok
18:22:51.0092 3940 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:22:51.0357 3940 rtl8139 - ok
18:22:51.0389 3940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:22:51.0607 3940 SamSs - ok
18:22:51.0717 3940 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:22:51.0998 3940 SCardSvr - ok
18:22:52.0061 3940 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:22:52.0311 3940 Schedule - ok
18:22:52.0404 3940 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:22:52.0529 3940 Secdrv - ok
18:22:52.0592 3940 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:22:52.0873 3940 seclogon - ok
18:22:52.0936 3940 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:22:53.0201 3940 SENS - ok
18:22:53.0248 3940 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:22:53.0514 3940 serenum - ok
18:22:53.0545 3940 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:22:53.0795 3940 Serial - ok
18:22:53.0951 3940 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:22:54.0201 3940 Sfloppy - ok
18:22:54.0279 3940 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:22:54.0576 3940 SharedAccess - ok
18:22:54.0623 3940 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:22:54.0717 3940 ShellHWDetection - ok
18:22:54.0732 3940 Simbad - ok
18:22:54.0826 3940 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
18:22:55.0076 3940 SNMP - ok
18:22:55.0139 3940 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:22:55.0404 3940 SNMPTRAP - ok
18:22:55.0420 3940 Sparrow - ok
18:22:55.0451 3940 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:22:55.0701 3940 splitter - ok
18:22:55.0779 3940 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:22:55.0889 3940 Spooler - ok
18:22:55.0967 3940 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:22:56.0107 3940 sr - ok
18:22:56.0170 3940 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:22:56.0311 3940 srservice - ok
18:22:56.0404 3940 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:22:56.0529 3940 Srv - ok
18:22:56.0592 3940 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:22:56.0748 3940 SSDPSRV - ok
18:22:56.0826 3940 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:22:57.0092 3940 stisvc - ok
18:22:57.0154 3940 [ 64C9BED612147E8203752653746BE44F ] STV673 C:\WINDOWS\system32\drivers\STV673.sys
18:22:57.0232 3940 STV673 ( UnsignedFile.Multi.Generic ) - warning
18:22:57.0232 3940 STV673 - detected UnsignedFile.Multi.Generic (1)
18:22:57.0295 3940 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:22:57.0561 3940 swenum - ok
18:22:57.0607 3940 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:22:57.0857 3940 swmidi - ok
18:22:57.0873 3940 SwPrv - ok
18:22:57.0904 3940 symc810 - ok
18:22:57.0936 3940 symc8xx - ok
18:22:57.0982 3940 sym_hi - ok
18:22:58.0014 3940 sym_u3 - ok
18:22:58.0076 3940 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:22:58.0342 3940 sysaudio - ok
18:22:58.0404 3940 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:22:58.0654 3940 SysmonLog - ok
18:22:58.0717 3940 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:22:58.0998 3940 TapiSrv - ok
18:22:59.0076 3940 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:22:59.0170 3940 Tcpip - ok
18:22:59.0201 3940 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:22:59.0436 3940 TDPIPE - ok
18:22:59.0482 3940 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:22:59.0701 3940 TDTCP - ok
18:22:59.0748 3940 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:23:00.0029 3940 TermDD - ok
18:23:00.0107 3940 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:23:00.0420 3940 TermService - ok
18:23:00.0467 3940 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:23:00.0529 3940 Themes - ok
18:23:00.0592 3940 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:23:00.0732 3940 TlntSvr - ok
18:23:00.0764 3940 TosIde - ok
18:23:00.0842 3940 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:23:01.0123 3940 TrkWks - ok
18:23:01.0170 3940 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:23:01.0404 3940 Udfs - ok
18:23:01.0436 3940 ultra - ok
18:23:01.0529 3940 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:23:01.0811 3940 Update - ok
18:23:01.0873 3940 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:23:02.0045 3940 upnphost - ok
18:23:02.0076 3940 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:23:02.0357 3940 UPS - ok
18:23:02.0389 3940 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:23:02.0529 3940 usbccgp - ok
18:23:02.0576 3940 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:23:02.0639 3940 usbehci - ok
18:23:02.0701 3940 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:23:02.0951 3940 usbhub - ok
18:23:02.0998 3940 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:23:03.0248 3940 usbuhci - ok
18:23:03.0311 3940 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:23:03.0514 3940 VgaSave - ok
18:23:03.0545 3940 ViaIde - ok
18:23:03.0857 3940 [ 2D8D84D0B90C9055C0B83050D8A17A89 ] VirtualFD C:\Documents and Settings\DUANE\My Documents\Downloads\v-floppy\vfd.sys
18:23:03.0889 3940 VirtualFD ( UnsignedFile.Multi.Generic ) - warning
18:23:03.0889 3940 VirtualFD - detected UnsignedFile.Multi.Generic (1)
18:23:03.0936 3940 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:23:04.0217 3940 VolSnap - ok
18:23:04.0279 3940 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:23:04.0467 3940 VSS - ok
18:23:04.0529 3940 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:23:04.0795 3940 W32Time - ok
18:23:04.0857 3940 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:23:04.0967 3940 W3SVC - ok
18:23:05.0045 3940 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:23:05.0295 3940 Wanarp - ok
18:23:05.0311 3940 WDICA - ok
18:23:05.0373 3940 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:23:05.0607 3940 wdmaud - ok
18:23:05.0639 3940 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:23:05.0920 3940 WebClient - ok
18:23:06.0061 3940 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:23:06.0295 3940 winmgmt - ok
18:23:06.0373 3940 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:23:06.0482 3940 WmdmPmSN - ok
18:23:06.0561 3940 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:23:06.0670 3940 Wmi - ok
18:23:06.0748 3940 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:23:07.0014 3940 WmiApSrv - ok
18:23:07.0123 3940 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:23:07.0232 3940 WMPNetworkSvc - ok
18:23:07.0389 3940 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:23:07.0592 3940 WPFFontCache_v0400 - ok
18:23:07.0670 3940 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:23:07.0936 3940 WS2IFSL - ok
18:23:07.0998 3940 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:23:08.0264 3940 wscsvc - ok
18:23:08.0311 3940 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:23:08.0576 3940 wuauserv - ok
18:23:08.0623 3940 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:23:08.0701 3940 WudfPf - ok
18:23:08.0732 3940 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:23:08.0779 3940 WudfRd - ok
18:23:08.0811 3940 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:23:08.0889 3940 WudfSvc - ok
18:23:08.0982 3940 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:23:09.0295 3940 WZCSVC - ok
18:23:09.0357 3940 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:23:09.0623 3940 xmlprov - ok
18:23:09.0639 3940 ================ Scan global ===============================
18:23:09.0686 3940 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:23:09.0779 3940 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
18:23:09.0873 3940 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
18:23:09.0936 3940 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:23:09.0951 3940 [Global] - ok
18:23:09.0967 3940 ================ Scan MBR ==================================
18:23:10.0014 3940 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:23:10.0264 3940 \Device\Harddisk0\DR0 - ok
18:23:10.0279 3940 ================ Scan VBR ==================================
18:23:10.0295 3940 [ 93B8F7023DA980B75611D8DF4EC4EEB7 ] \Device\Harddisk0\DR0\Partition1
18:23:10.0295 3940 \Device\Harddisk0\DR0\Partition1 - ok
18:23:10.0295 3940 ============================================================
18:23:10.0295 3940 Scan finished
18:23:10.0295 3940 ============================================================
18:23:10.0451 3936 Detected object count: 3
18:23:10.0451 3936 Actual detected object count: 3
18:24:33.0795 3936 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine
18:24:33.0795 3936 HKLM\SYSTEM\ControlSet001\services\ATI Smart - will be deleted on reboot
18:24:33.0795 3936 HKLM\SYSTEM\ControlSet002\services\ATI Smart - will be deleted on reboot
18:24:33.0826 3936 HKLM\SYSTEM\ControlSet004\services\ATI Smart - will be deleted on reboot
18:24:33.0842 3936 C:\WINDOWS\system32\ati2sgag.exe - will be deleted on reboot
18:24:33.0842 3936 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Delete
18:24:34.0014 3936 C:\WINDOWS\system32\drivers\STV673.sys - copied to quarantine
18:24:34.0014 3936 HKLM\SYSTEM\ControlSet001\services\STV673 - will be deleted on reboot
18:24:34.0029 3936 HKLM\SYSTEM\ControlSet002\services\STV673 - will be deleted on reboot
18:24:34.0029 3936 HKLM\SYSTEM\ControlSet004\services\STV673 - will be deleted on reboot
18:24:34.0029 3936 C:\WINDOWS\system32\drivers\STV673.sys - will be deleted on reboot
18:24:34.0029 3936 STV673 ( UnsignedFile.Multi.Generic ) - User select action: Delete
18:24:34.0076 3936 C:\Documents and Settings\DUANE\My Documents\Downloads\v-floppy\vfd.sys - copied to quarantine
18:24:34.0076 3936 HKLM\SYSTEM\ControlSet001\services\VirtualFD - will be deleted on reboot
18:24:34.0076 3936 HKLM\SYSTEM\ControlSet002\services\VirtualFD - will be deleted on reboot
18:24:34.0076 3936 HKLM\SYSTEM\ControlSet004\services\VirtualFD - will be deleted on reboot
18:24:34.0092 3936 C:\Documents and Settings\DUANE\My Documents\Downloads\v-floppy\vfd.sys - will be deleted on reboot
18:24:34.0092 3936 VirtualFD ( UnsignedFile.Multi.Generic ) - User select action: Delete
18:25:25.0232 2020 Deinitialize success


ok then, things are getting closer to working!! except avast antiviirus which without im totaly unprotected, dang!! hope we can figure this out, thanks a million dewerly!!!!

Edited by dewerly, 19 December 2013 - 07:40 PM.

  • 0

Advertisements


#11
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
To Who It May Concern:
I will be in and out till midnight my time mst , dont want to get anymore junk on my comp.

be back in a bit
Dewerly
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Probably hit the wrong button in OTL. After you paste the stuff in the box then you have to hit the SCAN button. Looks like you probably hit the Run Fix button. Try it again please. If it still won't run then just do a Quickscan without anything in the box.

Speccy can't tell us much. Your PC is too old to have a temp sensor and even the S.M.A.R.T info for the hard drive isn't working. I expect your hard drive is getting near the end of its life but there is no way to be sure. Your hard drive is very small so you may be running out of room. Without an OTL scan I can't tell. A replacement drive of the same size is on Newegg for $12
http://www.newegg.co...N82E16822136292
But if you plan on keeping the thing you might want to go bigger.

I do see you only have 512 MB of RAM. XP SP3 needs at least 1 GB
in order not to take forever to load.

You can uninstall Speccy. If you haven't checked recently, I would shut down the PC but leave it plugged in then take off the cover and clean out the dust with a vacuum cleaner hose and a small brush. Pay special attention to the CPU heatsink and to the vents at the front of the case. Also check the CPU fan and the power supply fan. Both should start up immediately when you turn on the PC. If they are slow starting or make noise then they need to be replaced.

You were not supposed to kill off stuff in TDSSKiller unless it said TDSS. I'm not sure what all you killed but it probably wasn't malware. It does say that atapi.sys is showing the correct checksum so I'm not sure why you are getting so many blue screens. It may be a reflection of the hard drive failing.
  • 0

#13
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello again again thank you for your help!:)

ok some things i noticed:
if i right-click on desktop for propertys it tries to download a program for ati control center but is fact a virus???
i ran anti virus lastnight kapspersky took 7 hours it found 5 objects!
ran disk clean up-- cleaned registry - 2500 deleted
ran defrag
avast or windows firewall or any protection wont run
windows says firewall service wont start
access deined in many of these
sorry i know my hard drive is shot, have plans to get new one but i dont work in the winter semi retired=no money right now = wife pays the bills with very little leftover, wont have anything till jan. 8th. will do dust clean up and replace fans as they are making noise all the time, we knew it going bad, have plans for new computer this summer was hoping to keep this runing till then.
again i hope we can solve this virus problem soon , will buy antivirus program soon, for now i have to rely on the frebees.
again thank you!!

here is the OTL logs:

OTL logfile created on: 12/20/2013 11:24:52 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\DUANE\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.52 Mb Total Physical Memory | 144.83 Mb Available Physical Memory | 28.76% Memory free
1.94 Gb Paging File | 1.55 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 50.11 Gb Free Space | 73.30% Space Free | Partition Type: NTFS
Drive E: | 641.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WHITE-10-1-12 | User Name: DUANE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/19 18:08:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DUANE\My Documents\Downloads\OTL.exe
PRC - [2013/12/19 16:15:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/19 16:15:24 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/10 14:23:18 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 14:23:04 | 017,403,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c5e68e15ca94f18f85d08eb540813e7e\System.ServiceModel.ni.dll
MOD - [2013/10/10 14:22:20 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1eafc09c8916071b7e6dfd64a5df45ab\System.IdentityModel.ni.dll
MOD - [2013/08/15 19:36:22 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/15 19:35:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 19:31:36 | 000,366,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f483017c91473489833e9f7190a4010e\SMSvcHost.ni.exe
MOD - [2013/08/15 19:31:32 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5610aec044605e6848086b4454ee2e15\SMDiagnostics.ni.dll
MOD - [2013/08/15 19:29:35 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 18:50:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_61006214\mscorlib.dll
MOD - [2013/08/15 18:47:19 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_41422eb6\system.drawing.dll
MOD - [2013/08/15 18:43:20 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_57b552e6\system.xml.dll
MOD - [2013/08/15 18:41:33 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ec412699\system.windows.forms.dll
MOD - [2013/08/15 18:39:39 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e62f4041\system.dll
MOD - [2013/08/15 18:38:55 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/08/15 18:38:51 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/08/15 18:38:47 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/08/15 18:38:40 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/08/15 18:06:19 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 17:56:00 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/08/15 17:55:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/10/01 19:07:45 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012/10/01 19:07:45 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2012/10/01 19:07:44 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Services (SafeList) ==========

SRV - [2013/12/19 16:15:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/11 01:38:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/12/19 16:15:28 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/19 16:15:28 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/19 16:15:28 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/19 16:15:28 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/19 16:15:28 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/19 16:15:28 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/12/19 16:15:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2013/03/17 15:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DUANE\Application Data\Mozilla\Firefox\Profiles\0\extensions
[2013/03/17 15:41:17 | 000,213,444 | ---- | M] () (No name found) -- C:\Documents and Settings\DUANE\Application Data\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3306061&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...3721425726&UM=2,
CHR - homepage: http://www.google.com
CHR - Extension: Google Wallet = C:\Documents and Settings\DUANE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\DUANE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2013/12/19 00:35:01 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SCAPI: Flags = 1051650
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1349132503187 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCEA5834-4843-4346-AA87-E27E9D870192}: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DUANE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/01 15:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/03/25 18:03:42 | 000,024,576 | R--- | M] () - E:\AutoRunMorrowind.exe -- [ CDFS ]
O32 - AutoRun File - [2002/04/03 18:12:04 | 000,000,150 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/19 23:13:34 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/12/19 18:24:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/12/19 18:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/12/19 18:09:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/19 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\AVAST Software
[2013/12/19 16:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/12/19 16:15:43 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/19 16:15:42 | 000,775,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/19 16:15:41 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/19 16:15:40 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/19 16:15:39 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/19 16:15:34 | 000,270,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/19 16:15:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/19 16:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/19 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2013/12/19 13:26:41 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\pvvothin.sys
[2013/12/19 13:25:50 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\tkrncidf.sys
[2013/12/19 12:37:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/19 08:52:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 07:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/19 07:21:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/19 07:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/19 00:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/18 22:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VIPRE
[2013/12/18 22:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/12/18 22:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Local Settings\Application Data\VIPRE
[2013/12/18 22:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\VIPRE
[2013/12/18 20:15:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/18 16:55:34 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2013/12/18 03:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/12/18 00:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2013/12/18 00:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2013/12/17 21:50:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/12/17 20:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Desktop\MARILYN'S NOTES
[2013/12/17 20:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Desktop\MARILYN'S PICTURES
[2013/12/17 15:37:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/12/17 15:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/17 14:10:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/17 14:07:47 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/17 13:58:49 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/12/17 13:58:48 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/12/17 13:58:48 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/12/17 13:58:47 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/12/17 13:58:46 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2013/12/17 13:58:45 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2013/12/17 13:58:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2013/12/17 13:58:35 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2013/12/17 13:58:35 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2013/12/17 13:58:33 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2013/12/17 13:58:32 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2013/12/17 13:58:31 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2013/12/17 13:58:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2013/12/17 13:58:30 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2013/12/17 13:58:30 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2013/12/17 13:58:29 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2013/12/17 13:58:26 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2013/12/17 13:58:26 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2013/12/17 13:58:24 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/12/17 13:58:24 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2013/12/17 13:58:23 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2013/12/17 13:58:23 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2013/12/17 13:58:08 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2013/12/17 13:58:07 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2013/12/17 13:58:06 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2013/12/17 13:58:05 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/12/17 13:58:05 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2013/12/17 13:58:04 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2013/12/17 13:58:04 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2013/12/17 13:58:03 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2013/12/17 13:58:02 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2013/12/17 13:58:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2013/12/17 13:57:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2013/12/17 13:53:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2013/12/17 13:53:05 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/12/17 13:53:04 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/12/17 13:53:04 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/12/17 13:53:03 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/12/17 13:53:03 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/12/17 13:53:02 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2013/12/17 13:53:02 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2013/12/17 13:53:01 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/12/17 13:52:59 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2013/12/17 13:52:59 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2013/12/17 13:52:58 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2013/12/17 13:52:57 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/12/17 13:52:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2013/12/17 13:52:56 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2013/12/17 13:52:56 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2013/12/17 13:52:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2013/12/17 13:52:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2013/12/17 13:52:53 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/12/17 13:52:53 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/12/17 13:52:52 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/12/17 13:52:52 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2013/12/17 13:52:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/12/17 13:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/12/17 13:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/12/16 13:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\ElevatedDiagnostics
[2013/12/16 13:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/12/16 13:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/12/16 11:22:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/12/16 11:11:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2013/12/15 21:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2013/12/15 19:40:03 | 000,000,000 | ---D | C] -- C:\yenicag
[2013/12/15 08:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\ImgBurn
[2013/12/15 00:49:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/12/15 00:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2013/12/15 00:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/12/14 22:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SysTools BKF Recovery
[2013/12/14 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools BKF Recovery
[2013/12/14 14:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\1 NTFS
[2013/12/13 01:25:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/12/12 10:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\Help
[2013/12/12 10:21:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/12/12 09:56:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/12/12 05:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Local Settings\Application Data\Help
[2013/12/12 02:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Desktop\MORE PROGRAMS
[2013/12/11 18:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/12/11 17:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\Malwarebytes
[2013/12/11 17:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/26 04:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\Tibia
[2013/11/26 04:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tibia
[2013/11/26 04:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia
[2013/11/25 22:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\sd_old
[2013/11/25 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/11/25 15:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/11/25 15:36:21 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2013/11/25 15:36:21 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2013/11/25 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/11/24 17:11:13 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/24 16:19:21 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2013/11/24 16:19:21 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2013/11/24 16:19:18 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys
[2013/11/24 16:19:18 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2013/11/24 16:19:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2013/11/24 16:19:12 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2013/11/24 16:19:10 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2013/11/24 16:19:10 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/11/24 16:19:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\OemDir
[2013/11/24 16:19:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2013/11/23 23:43:22 | 000,000,000 | ---D | C] -- C:\ARENA
[2013/11/22 18:35:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2013/11/22 18:35:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2013/11/22 18:35:39 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2013/11/22 18:35:38 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2013/11/22 18:35:33 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2013/11/22 18:35:28 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2013/11/22 18:35:22 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2013/11/22 18:35:11 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/20 10:58:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/20 10:57:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/20 10:57:58 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/20 10:57:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/20 10:57:41 | 528,052,224 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/20 10:47:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/20 10:37:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/20 01:18:49 | 000,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2013/12/19 23:13:35 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/12/19 23:13:16 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 21:05:52 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2013/12/19 16:29:01 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/19 16:15:28 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/19 16:15:28 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/19 16:15:28 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/19 16:15:28 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/19 16:15:28 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/19 16:15:28 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/19 16:15:28 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/19 16:15:26 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/19 16:15:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/19 13:26:41 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\pvvothin.sys
[2013/12/19 13:25:50 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\tkrncidf.sys
[2013/12/19 07:22:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/19 00:40:44 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/19 00:35:01 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/12/19 00:34:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/12/19 00:34:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/12/19 00:24:41 | 000,519,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/19 00:24:41 | 000,089,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/18 22:04:42 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/18 16:55:34 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2013/12/18 05:22:46 | 000,005,384 | ---- | M] () -- C:\Documents and Settings\DUANE\Desktop\MarilynYEARbook1965.jpg
[2013/12/17 15:37:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/12/17 10:29:37 | 000,162,010 | ---- | M] () -- C:\Documents and Settings\DUANE\My Documents\DIAG_MATS_NETWORK_global.DiagCab
[2013/12/17 00:14:49 | 233,677,824 | ---- | M] () -- C:\Documents and Settings\DUANE\My Documents\Backup.bkf
[2013/12/16 15:58:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/16 12:26:14 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config
[2013/12/16 02:10:49 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/15 21:41:23 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/12/15 19:05:32 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apphelp.dll
[2013/12/15 01:08:22 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\mbam.context.scan
[2013/12/15 00:48:52 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/12/15 00:48:52 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/12/14 23:05:27 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/14 23:05:27 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\DUANE\Desktop\Windows Media Player.lnk
[2013/12/14 22:28:23 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\winscp.rnd
[2013/12/14 18:53:38 | 000,250,048 | ---- | M] () -- C:\WINDOWS\System32\ntldr
[2013/12/14 18:52:30 | 000,047,564 | ---- | M] () -- C:\WINDOWS\System32\NTDETECT.COM
[2013/12/13 14:27:06 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2013/12/13 14:27:06 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rcp.exe
[2013/12/13 09:32:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/12 16:28:43 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\filemgmt.dll
[2013/12/12 16:28:43 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filemgmt.dll
[2013/12/12 16:10:02 | 000,092,715 | ---- | M] () -- C:\WINDOWS\System32\services.msc
[2013/12/12 05:31:12 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2013/12/11 01:37:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 01:37:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/10 16:07:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/12/05 03:47:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/11/26 04:19:29 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/11/24 16:19:23 | 000,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2013/11/24 16:19:23 | 000,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2013/11/24 16:19:20 | 000,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys
[2013/11/24 16:19:20 | 000,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2013/11/24 16:19:17 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2013/11/24 16:19:15 | 000,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2013/11/24 16:19:12 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2013/11/24 16:19:12 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/11/24 16:19:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/19 21:05:52 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2013/12/19 20:41:40 | 528,052,224 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/19 16:29:01 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/19 16:28:25 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/19 16:15:43 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/19 16:15:40 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/19 14:48:26 | 000,078,048 | ---- | C] () -- C:\Documents and Settings\DUANE\Desktop\comexp.msc
[2013/12/19 07:22:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 05:22:28 | 000,005,384 | ---- | C] () -- C:\Documents and Settings\DUANE\Desktop\MarilynYEARbook1965.jpg
[2013/12/17 15:37:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/12/17 15:37:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/12/17 13:58:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/12/17 13:58:40 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/12/17 13:58:39 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/12/17 13:58:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/12/17 13:58:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/12/17 13:58:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/12/17 13:58:36 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/12/17 13:58:36 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/12/17 13:58:34 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/12/17 13:58:29 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/12/17 10:29:37 | 000,162,010 | ---- | C] () -- C:\Documents and Settings\DUANE\My Documents\DIAG_MATS_NETWORK_global.DiagCab
[2013/12/16 22:03:54 | 233,677,824 | ---- | C] () -- C:\Documents and Settings\DUANE\My Documents\Backup.bkf
[2013/12/16 12:26:14 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2013/12/15 00:48:52 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/12/15 00:48:52 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/12/14 23:05:27 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/14 23:05:27 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\DUANE\Desktop\Windows Media Player.lnk
[2013/12/14 18:53:42 | 000,250,048 | ---- | C] () -- C:\WINDOWS\System32\ntldr
[2013/12/14 18:53:14 | 000,047,564 | ---- | C] () -- C:\WINDOWS\System32\NTDETECT.COM
[2013/12/13 14:33:22 | 000,075,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/12/13 14:28:14 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\mbam.context.scan
[2013/12/13 09:18:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\winscp.rnd
[2013/12/12 11:15:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/26 07:22:16 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/26 04:19:29 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/11/17 01:27:13 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2013/07/21 13:19:36 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2012/10/05 09:30:12 | 207,830,277 | ---- | C] () -- C:\Program Files\DarkAges735single.exe
[2012/10/02 11:53:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\DUANE\Local Settings\Application Data\fusioncache.dat
[2012/10/02 10:45:33 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2012/10/02 10:45:24 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/10/02 10:45:22 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/10/02 10:45:17 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/10/01 16:42:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/10/01 15:10:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/01 15:03:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/01 07:52:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/01 07:51:27 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/10/01 18:30:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 13:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\All Users\Documents\1 NTFS\LostFiles1\sp3.cab:atapi.sys
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\All Users\Documents\1 NTFS\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\WudfSvc.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rcp.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\apphelp.dll:SummaryInformation

< End of report >


next:

OTL Extras logfile created on: 12/20/2013 11:24:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\DUANE\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.52 Mb Total Physical Memory | 144.83 Mb Available Physical Memory | 28.76% Memory free
1.94 Gb Paging File | 1.55 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 50.11 Gb Free Space | 73.30% Space Free | Partition Type: NTFS
Drive E: | 641.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WHITE-10-1-12 | User Name: DUANE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [doshere] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E98E2A33-05D1-476B-B81B-40F4BD957056}" = Windows Home Server Home Computer Restore CD (Dual Boot)
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avast" = avast! Free Antivirus
"FileASSASSIN" = FileASSASSIN
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Linkrealms_is1" = Linkrealms version 1.0.3.95
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SysTools BKF Recovery_is1" = SysTools BKF Recovery v5.4
"Tibia_is1" = Tibia
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Peregrine's Song" = Peregrine's Song

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

[ Application Events ]
Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.

[ System Events ]
Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 12/20/2013 1:33:35 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7031
Description = The Net.Tcp Port Sharing Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 300000
milliseconds: Restart the service.

Error - 12/20/2013 1:43:17 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5

Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%5

Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Alerter service failed to start due to the following error: %%1079

Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%5

Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%5

Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5

Error - 12/20/2013 1:58:07 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%5

[ System Events ]
Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 12/20/2013 1:33:35 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7031
Description = The Net.Tcp Port Sharing Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 300000
milliseconds: Restart the service.

Error - 12/20/2013 1:43:17 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5

Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%5

Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Alerter service failed to start due to the following error: %%1079

Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%5

Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%5

Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5

Error - 12/20/2013 1:58:07 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%5


< End of report >
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

if i right-click on desktop for propertys it tries to download a program for ati control center but is fact a virus???


Let it download. ATI provides your video. You killed some of it off with TDSSKiller so it would be good to reinstall it.

Let's try Windows Repair all in one:

http://www.tweaking....all_in_one.html

Download it and save it then run it.

You can skip to step 4 or 5 where it gives you the same picture as in the above link.

Make sure all of these are checked before hitting Start:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working

Reboot when done. See if Avast will install now. If we get Avast to work there is no need to buy an anti-virus.
  • 0

#15
dewerly

dewerly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello rk:

didnt work when i clicked on it was shutdown by nt authority/system and computer shutdown

sorry!:(

running windows repair now be back in a bit

thanks
dew

Edited by dewerly, 20 December 2013 - 02:52 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP