Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet pages go to weird site [Closed]

Started by Erock702 , Jan 25 2014 01:21 PM

  • This topic is locked This topic is locked

#1
Erock702
Posted 25 January 2014 - 01:21 PM

Erock702

    Member

  • Member
  • PipPip
  • 20 posts
Hello,

I actually have two issues... every time i turn on my computer i get the message that the drive needs to be checked for consistency. Also if I type in an invalid website it takes me to some site that says start.sweetpacks.com then redirects me to bing.

Was hoping someone could review my OTL log and let me know if there are any issues.

Thanks

OTL logfile created on: 1/25/2014 1:54:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\eric.havrilla\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 75.94% Memory free
5.29 Gb Paging File | 4.54 Gb Available in Paging File | 85.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 19.08 Gb Free Space | 25.60% Space Free | Partition Type: NTFS

Computer Name: N-HAVRILLAE3 | User Name: eric.havrilla | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/25 13:53:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eric.havrilla\My Documents\Downloads\OTL.exe
PRC - [2014/01/11 05:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/01/29 22:32:58 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/11/08 13:27:20 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2012/11/02 10:36:46 | 000,379,752 | ---- | M] (SolarWinds) -- C:\WINDOWS\dwrcs\DWRCST.exe
PRC - [2012/11/02 10:36:44 | 000,705,384 | ---- | M] (SolarWinds) -- C:\WINDOWS\dwrcs\DWRCS.exe
PRC - [2012/10/23 18:15:52 | 000,318,536 | ---- | M] () -- C:\Program Files\Synergy\synergyd.exe
PRC - [2012/09/11 19:55:52 | 009,449,848 | ---- | M] () -- C:\Program Files\Products\System Time\systimetem.exe
PRC - [2012/09/05 05:46:46 | 000,672,408 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/08/29 03:23:20 | 001,105,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2011/03/07 15:31:16 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/09 14:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/09/28 20:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files\Greenshot\Greenshot.exe
PRC - [2009/07/28 16:39:28 | 000,081,920 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe
PRC - [2009/07/28 16:39:06 | 000,847,872 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2009/04/10 12:08:18 | 001,810,432 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/04/10 12:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/03/19 18:25:06 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2008/12/19 14:12:12 | 005,099,589 | ---- | M] (Reuters) -- c:\Program Files\Reuters\RMC\RMC.exe
PRC - [2008/12/19 14:06:28 | 000,524,359 | ---- | M] (Reuters) -- C:\Program Files\Reuters\RMC\RunRM.exe
PRC - [2008/11/18 20:19:28 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6124v037\WDM\stacsv.exe
PRC - [2008/11/04 11:09:58 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/07/31 21:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/07/31 21:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/06/19 12:59:06 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/06/19 12:59:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/05/20 16:21:30 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/30 16:26:22 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/21 20:32:04 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/12/06 22:56:58 | 000,238,240 | ---- | M] (1E Ltd.) -- C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/04/13 01:50:00 | 000,271,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ccmsetup\Ccmsetup.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2005/01/21 15:07:16 | 000,081,920 | ---- | M] (TerraNovum) -- C:\WINDOWS\system32\PMService.exe
PRC - [2002/08/29 07:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/11 05:29:21 | 000,399,640 | ---- | M] () -- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 05:29:19 | 013,615,896 | ---- | M] () -- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 05:29:17 | 004,055,320 | ---- | M] () -- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 05:28:11 | 001,634,584 | ---- | M] () -- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2012/10/23 18:15:52 | 000,318,536 | ---- | M] () -- C:\Program Files\Synergy\synergyd.exe
MOD - [2012/09/11 19:55:52 | 009,449,848 | ---- | M] () -- C:\Program Files\Products\System Time\systimetem.exe
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/06/26 07:58:51 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/06/26 07:57:52 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/06/26 07:36:53 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/26 07:35:52 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/06/26 07:30:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/06/26 07:30:28 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/26 07:27:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/06/26 07:27:23 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/04/01 10:53:28 | 000,499,712 | ---- | M] () -- C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
MOD - [2010/12/09 14:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 14:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files\Greenshot\Greenshot.exe
MOD - [2010/07/12 07:52:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Greenshot\GreenshotPlugin.dll
MOD - [2010/04/28 17:17:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\_pdfxp.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/22 13:13:30 | 000,323,160 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
MOD - [2010/01/22 13:13:16 | 000,045,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
MOD - [2010/01/22 13:11:36 | 000,150,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll
MOD - [2010/01/22 13:11:30 | 000,057,432 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll
MOD - [2008/12/19 14:19:10 | 001,118,280 | ---- | M] () -- C:\Program Files\Reuters\RMC\RTC_RE.dll
MOD - [2008/12/19 14:18:36 | 000,524,360 | ---- | M] () -- C:\Program Files\Reuters\RMC\RMCLog.dll
MOD - [2008/12/19 14:17:56 | 004,673,613 | ---- | M] () -- C:\Program Files\Reuters\RMC\GUIControls.dll
MOD - [2008/12/19 14:15:12 | 000,581,713 | ---- | M] () -- C:\Program Files\Reuters\RMC\RMCInboxManager.dll
MOD - [2008/12/19 14:12:48 | 000,266,320 | ---- | M] () -- C:\Program Files\Reuters\RMC\EmailTransport.dll
MOD - [2008/12/19 14:12:30 | 000,249,934 | ---- | M] () -- C:\Program Files\Reuters\RMC\ClickToShare.dll
MOD - [2008/12/19 14:08:04 | 000,303,181 | ---- | M] () -- c:\Program Files\Reuters\RMC\RMCCoreMock.dll
MOD - [2008/12/19 14:07:30 | 000,200,786 | ---- | M] () -- C:\Program Files\Reuters\RMC\ServiceIconCache.dll
MOD - [2008/12/19 14:07:28 | 000,344,138 | ---- | M] () -- C:\Program Files\Reuters\RMC\RMCEmail.dll
MOD - [2008/12/19 14:07:02 | 002,228,306 | ---- | M] () -- c:\Program Files\Reuters\RMC\RMEnabledBrowser.dll
MOD - [2008/12/19 14:06:56 | 000,188,490 | ---- | M] () -- c:\Program Files\Reuters\RMC\RMCMARSI.dll
MOD - [2008/12/19 14:06:38 | 000,405,578 | ---- | M] () -- c:\Program Files\Reuters\RMC\DebugLog.dll
MOD - [2008/12/19 14:06:34 | 000,483,403 | ---- | M] () -- c:\Program Files\Reuters\RMC\Utilities.dll
MOD - [2008/12/19 14:06:12 | 000,131,150 | ---- | M] () -- C:\Program Files\Reuters\RMC\RMDlgTracker.dll
MOD - [2008/12/19 14:06:00 | 000,168,009 | ---- | M] () -- c:\Program Files\Reuters\RMC\RMCHook.dll
MOD - [2008/12/19 14:05:22 | 004,431,955 | ---- | M] () -- C:\Program Files\Reuters\RMC\RMCGlobalResource.dll
MOD - [2008/09/11 14:20:22 | 003,264,512 | ---- | M] () -- C:\Program Files\PatchLink\Update Agent\cryptocme2.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 07:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Services (SafeList) ==========

SRV - [2013/05/21 08:59:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/02 10:36:44 | 000,705,384 | ---- | M] (SolarWinds) [Auto | Running] -- C:\WINDOWS\dwrcs\DWRCS.exe -- (dwmrcs)
SRV - [2012/10/23 18:15:52 | 000,318,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Synergy\synergyd.exe -- (Synergy)
SRV - [2012/09/11 19:55:52 | 009,449,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Products\System Time\systimetem.exe -- (systimetem)
SRV - [2012/09/05 05:46:46 | 000,672,408 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2011/04/15 12:26:56 | 000,497,272 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2011/04/15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/07/28 16:39:28 | 000,081,920 | ---- | M] (PatchLink Corporation) [Auto | Running] -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2009/04/10 12:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/03/04 11:25:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6124v037\WDM\stacsv.exe -- (STacSV)
SRV - [2008/07/31 21:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 21:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/06/19 12:59:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2008/06/19 12:59:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2008/06/03 15:28:50 | 000,386,328 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2007/12/06 22:56:58 | 000,238,240 | ---- | M] (1E Ltd.) [Auto | Running] -- C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe -- (SMSWUagent)
SRV - [2007/04/13 01:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/04/13 01:50:00 | 000,271,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\ccmsetup\Ccmsetup.exe -- (ccmsetup)
SRV - [2005/01/21 15:07:16 | 000,081,920 | ---- | M] (TerraNovum) [Auto | Running] -- C:\WINDOWS\system32\PMService.exe -- (EPA_GPO_PMService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Asset Services Management\ProcObsrv.sys -- (ProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\omci.sys -- (omci)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - [2013/08/14 15:24:22 | 000,263,968 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2013/08/14 15:24:10 | 000,036,128 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2013/08/14 14:53:10 | 001,517,600 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2012/11/28 09:01:16 | 000,021,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\System Time\mktools.sys -- (Mandiant_Tools)
DRV - [2012/09/05 05:46:46 | 000,038,296 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2011/07/20 01:28:40 | 000,178,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/07/20 01:28:40 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/07/20 01:28:40 | 000,059,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/12/07 14:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/01/14 20:50:44 | 000,338,448 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2008/11/18 20:19:28 | 001,392,819 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/08/27 11:37:18 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/07/31 21:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/30 16:44:18 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/06/19 12:35:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/06/02 11:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/08 13:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/05/08 13:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/05/08 13:52:50 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/18 22:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/04/04 12:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2008/03/14 04:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2008/02/20 21:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/02/05 00:07:46 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2008/02/05 00:07:28 | 000,155,120 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2008/02/05 00:07:28 | 000,155,120 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2008/01/07 20:57:44 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/04/13 01:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/11/28 11:44:06 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2005/11/28 11:44:04 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{22CAAA4E-7045-46D2-B1F6-8DF6F0C61537}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...0-00216A653B9A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://thehub.thoms...ers.com/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://thehub.thoms...ers.com/welcome
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKCU\..\SearchScopes\{22CAAA4E-7045-46D2-B1F6-8DF6F0C61537}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...0-00216A653B9A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wtd.ten.thoms...s.com/proxy.pac


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=5.1.0.00000: C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/19 11:04:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/19 11:04:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/07 15:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://start.sweetpa...0-00216A653B9A}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://start.sweetpa...0-00216A653B9A}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00C2\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: VMware Remote Console and Client Integration Plug-in (Enabled) = C:\Program Files\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\dwrcs\DWRCST.exe (SolarWinds)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe (Environmental Protection Agency)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe ()
O4 - HKCU..\Run: [RMC] c:\Program Files\Reuters\RMC\RunRM.exe (Reuters)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKLM\..Trusted Domains: ariba.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: betasys.com ([*.betalan] * in Local intranet)
O15 - HKLM\..Trusted Domains: datastream.com ([cactusweb] http in Local intranet)
O15 - HKLM\..Trusted Domains: datastream.com ([gdacontracts] http in Local intranet)
O15 - HKLM\..Trusted Domains: reuters.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: reuters.com ([citrixcrm.ime] http in Trusted sites)
O15 - HKLM\..Trusted Domains: reuters.com ([siebel7.emea.ime] https in Trusted sites)
O15 - HKLM\..Trusted Domains: taleo.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: tfn.com ([*.tfservicedesk] http in Local intranet)
O15 - HKLM\..Trusted Domains: tfn.com ([cao] http in Local intranet)
O15 - HKLM\..Trusted Domains: tfn.com ([knowitall] http in Local intranet)
O15 - HKLM\..Trusted Domains: tfn.com ([mytf] http in Local intranet)
O15 - HKLM\..Trusted Domains: tfn.com ([salestools] http in Trusted sites)
O15 - HKLM\..Trusted Domains: tfn.com ([tfezcomp] https in Local intranet)
O15 - HKLM\..Trusted Domains: tfn.com ([tru] http in Local intranet)
O15 - HKLM\..Trusted Domains: tfn.com ([trustage] http in Local intranet)
O15 - HKLM\..Trusted Domains: thomson.com ([*.erf] * in Local intranet)
O15 - HKLM\..Trusted Domains: thomson.com ([gsmstools] http in Trusted sites)
O15 - HKLM\..Trusted Domains: thomson.com ([safe] https in Local intranet)
O15 - HKLM\..Trusted Domains: thomsonreuters.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: thomsonreuters.com ([*.int] * in Local intranet)
O15 - HKLM\..Trusted Domains: thomsonreuters.com ([ohrm] https in Local intranet)
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range2 ([http] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range3 ([http] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range4 ([http] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range5 ([http] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range6 ([http] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range7 ([http] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range8 ([http] in Local intranet)
O15 - HKCU\..Trusted Domains: ariba.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: betasys.com ([*.betalan] * in Local intranet)
O15 - HKCU\..Trusted Domains: datastream.com ([cactusweb] http in Local intranet)
O15 - HKCU\..Trusted Domains: datastream.com ([gdacontracts] http in Local intranet)
O15 - HKCU\..Trusted Domains: ocdp-erfmarc01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ocdp-erfmarc02 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ocdp-erfmarc03 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ocdp-erfmarj01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: reuters.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: reuters.com ([citrixcrm.ime] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reuters.com ([siebel7.emea.ime] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taleo.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: tfn.com ([*.tfservicedesk] http in Local intranet)
O15 - HKCU\..Trusted Domains: tfn.com ([cao] http in Local intranet)
O15 - HKCU\..Trusted Domains: tfn.com ([knowitall] http in Local intranet)
O15 - HKCU\..Trusted Domains: tfn.com ([mytf] http in Local intranet)
O15 - HKCU\..Trusted Domains: tfn.com ([salestools] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tfn.com ([tfezcomp] https in Local intranet)
O15 - HKCU\..Trusted Domains: tfn.com ([tru] http in Local intranet)
O15 - HKCU\..Trusted Domains: tfn.com ([trustage] http in Local intranet)
O15 - HKCU\..Trusted Domains: thomson.com ([*.erf] * in Local intranet)
O15 - HKCU\..Trusted Domains: thomson.com ([am-p-erfmarc01.erf] * in Local intranet)
O15 - HKCU\..Trusted Domains: thomson.com ([am-p-erfmarc02.erf] * in Local intranet)
O15 - HKCU\..Trusted Domains: thomson.com ([am-p-erfmarc03.erf] * in Local intranet)
O15 - HKCU\..Trusted Domains: thomson.com ([am-p-erfmarj01.erf] * in Local intranet)
O15 - HKCU\..Trusted Domains: thomson.com ([gsmstools] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thomson.com ([safe] https in Local intranet)
O15 - HKCU\..Trusted Domains: thomsonreuters.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: thomsonreuters.com ([*.int] * in Local intranet)
O15 - HKCU\..Trusted Domains: thomsonreuters.com ([ohrm] https in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range3 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range4 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range5 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range6 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range7 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range8 ([http] in Local intranet)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://usstrend1:43...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://usstrend1:43...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1261407012687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1259000180312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tfcorp.tfn.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5840321-2680-49D5-97A8-8E6BCCDA7896}: DhcpNameServer = 192.168.1.1 167.206.245.130 167.206.245.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\MRCNotify: DllName - (C:\WINDOWS\dwrcs\DWRCWXL.dll) - C:\WINDOWS\dwrcs\DWRCWXL.dll (SolarWinds)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/07 11:53:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/24 14:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms
[2014/01/10 12:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric.havrilla\My Documents\Eikon for Office Training
[2014/01/10 10:45:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\eric.havrilla\Recent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/25 13:06:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/25 13:05:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/25 13:05:24 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/24 16:25:27 | 000,018,775 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/01/24 16:07:59 | 000,009,832 | RHS- | M] () -- C:\Documents and Settings\eric.havrilla\ntuser.pol
[2014/01/24 15:48:04 | 000,001,772 | -H-- | M] () -- C:\Documents and Settings\eric.havrilla\My Documents\Default.rdp
[2014/01/24 15:24:20 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2007.lnk
[2014/01/24 14:46:56 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2007.lnk
[2014/01/24 14:35:14 | 000,000,455 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2014/01/24 14:34:23 | 000,009,670 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2014/01/24 13:59:19 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1604221776-839522115-89822.job
[2014/01/24 13:59:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1604221776-839522115-89822.job
[2014/01/15 21:28:35 | 000,002,364 | ---- | M] () -- C:\Documents and Settings\eric.havrilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/15 21:28:35 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\eric.havrilla\Desktop\Google Chrome.lnk
[2014/01/13 13:45:28 | 000,739,790 | ---- | M] () -- C:\Documents and Settings\eric.havrilla\Desktop\PowerLink_20140113_13h36_pid6044_1.zip
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/13 13:57:16 | 000,739,790 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\Desktop\PowerLink_20140113_13h36_pid6044_1.zip
[2013/01/24 15:13:24 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\.recently-used.xbel
[2012/08/07 11:18:14 | 009,383,936 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\Datastream DFO Add-In.msi
[2012/08/03 11:50:00 | 007,015,304 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\Datastream Charting Add-In Setup.exe
[2012/08/03 11:49:34 | 006,870,528 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\Datastream Charting Add-In.msi
[2012/06/26 14:38:28 | 002,227,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/14 14:26:58 | 016,815,616 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\T1SLink.msi
[2012/06/05 22:03:16 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/16 08:34:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 03:54:56 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/17 17:47:12 | 000,279,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
[2011/09/06 11:06:42 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\g2mdlhlpx.exe
[2011/02/12 21:47:10 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/12/19 11:04:41 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 15:22:22 | 004,932,434 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1604221776-839522115-89822-0.dat
[2010/09/08 15:22:22 | 000,278,796 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/15 05:59:04 | 002,387,480 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\SVGView.exe
[2010/05/14 14:13:18 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\Install.bat
[2010/03/16 12:10:38 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\GoToAssistDownloadHelper.exe
[2010/03/11 15:19:18 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2010/02/18 17:28:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\fusioncache.dat
[2010/02/18 15:54:59 | 000,009,832 | RHS- | C] () -- C:\Documents and Settings\eric.havrilla\ntuser.pol
[2009/03/04 11:09:24 | 000,018,775 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2008/11/07 15:15:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/19 16:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2013/01/24 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2010/02/19 12:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/09/24 10:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2013/07/19 07:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DameWare Development
[2012/09/25 12:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Datastream
[2012/12/29 12:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maptech
[2010/02/22 07:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2014/01/20 21:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Time
[2011/05/31 12:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson Financial
[2013/08/29 09:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson Reuters
[2012/03/27 08:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winbase
[2013/11/26 10:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2012/12/29 12:53:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{405FE636-0A15-4E0E-8789-BDFAB66C6D8B}
[2011/07/22 12:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2013/03/16 09:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\DSite
[2011/11/21 10:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Greenshot
[2013/01/24 15:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\gtk-2.0
[2010/04/05 10:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\ICAClient
[2011/03/07 11:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\ImgBurn
[2010/10/12 14:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\IObit
[2010/12/19 11:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Local
[2010/02/18 16:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\MessageOne
[2011/02/03 14:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\OMAHA
[2010/02/19 15:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Research In Motion
[2008/11/13 16:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Reuters
[2010/09/08 10:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\TextAnalytics2
[2010/02/18 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Thomson Financial
[2013/07/05 07:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Thomson Reuters
[2013/07/12 07:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\ThomsonReuters
[2010/07/19 06:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\ticker-instant_April2010
[2014/01/13 08:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\webex
[2012/12/29 12:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\WinBatch
[2011/02/25 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Windows Search
[2011/06/27 09:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric.havrilla\Application Data\Xerox

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 25 January 2014 - 10:06 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Erock702,

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click zoek.zip
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Copy the text below and paste it into the large window in the zoek tool:

StandardSearch;
AutoClean;

  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
  • 0

#3
Erock702
Posted 27 January 2014 - 08:55 PM

Erock702

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
==== System Restore Info ======================

Failed to create System Restore Point

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"42668:TCP"="42668:TCP:*:Enabled:Trend Micro OfficeScan Listener"
"6129:TCP"="6129:TCP:*:Enabled:DameWare Mini Remote Control Service"
"6129:UDP"="6129:UDP:*:Enabled:DameWare Mini Remote Control Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"42668:TCP"="42668:TCP:*:Enabled:Trend Micro OfficeScan Listener"
"6129:TCP"="6129:TCP:*:Enabled:DameWare Mini Remote Control Service"
"6129:UDP"="6129:UDP:*:Enabled:DameWare Mini Remote Control Service"

==== Creating Sample_20140127_0901.zip ======================

Process chrome.exe killed
Copied file C:\Documents and Settings\eric.havrilla\Datastream Charting Add-In Setup.exe to sample\Datastream Charting Add-In Setup.exe
Copied file C:\Documents and Settings\eric.havrilla\SVGView.exe to sample\SVGView.exe
sample\Datastream Charting Add-In Setup.exe renamed to F3E67BDF623C91E10527FAEA49470AFE
sample\SVGView.exe renamed to 86FA7E8626680C8D8B6E260ECF79C999

C:\Documents and Settings\All Users\Desktop\sample_20140127_0901.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\WINDOWS\dwrcs\dwrcs.exe
C:\WINDOWS\system32\PMService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
C:\Program Files\Synergy\synergyd.exe
C:\Program Files\Products\System Time\systimetem.exe
C:\WINDOWS\dwrcs\DWRCST.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\program files\reuters\rmc\RunRM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\reuters\rmc\rmc.exe
C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\eric.havrilla\Desktop\zoek.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\vShare.tv plugin deleted
C:\Program Files\SweetIM deleted
C:\Documents and Settings\eric.havrilla\Application Data\DSite deleted
C:\Documents and Settings\eric.havrilla\Install.bat deleted
C:\Documents and Settings\All Users\Application Data\APN deleted
C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\WINDOWS\002907_.tmp deleted
C:\WINDOWS\DUMP51d9.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\tasks\DGChrome18384 Watcher.job deleted
C:\prefs.js deleted
C:\Documents and Settings\eric.havrilla\Datastream Charting Add-In Setup.exe deleted
C:\Documents and Settings\eric.havrilla\SVGView.exe deleted
"C:\Documents and Settings\eric.havrilla\Application Data\Intel" deleted

==== System Specs ======================

Windows: Windows XP Professional Service Pack 3 (Build 2600)
Memory (RAM): 3536 MB
CPU Info: Intel® Core™2 Duo CPU T9550 @ 2.66GHz
CPU Speed: 199.0 MHz
Sound Card: IDT Audio |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Microsoft SMS Mirror Driver | Mobile Intel® 4 Series Express Chipset Family | DameWare Development Mirror Driver | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug and Play Monitor | Plug and Play Monitor |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Intel® WiFi Link 5300 AGN - Packet Scheduler Miniport | Nortel IPSECSHM Adapter - Packet Scheduler Miniport | Intel® 82567LM Gigabit Network Connection - Packet Scheduler Miniport
CD / DVD Drives: 1x (D: | ) D: MATSHITADVD+-RW UJ862A
Ports: COM5 | COM6 | COM4 LPT Port NOT Present.
Mouse: 2 Button Wheel Mouse Present
Hard Disks: C: 74.5GB
Hard Disks - Free: C: 20.3GB
Manufacturer *:
BIOS Info: AT/AT COMPATIBLE | 05/11/09 | DELL - 27d9050b
Time Zone: Eastern Standard Time
Motherboard *:
Country: United States
Language: ENU

==== System Specs (Software) ======================

Internet Explorer version: 8.0.6001.18702
Google Chrome version: 32.0.1700.76
Adobe Reader version: 9.0.0.2008061200
Sun Java version: 1.6.0_24 (32-bit)
Shockwave Player version: 11.0.3r472

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\ERIC~1.HAV\LOCALS~1\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Documents and Settings\eric.havrilla\Application Data ======
====== C:\Documents and Settings\eric.havrilla ======
2014-01-10 15:45:47 -------- d--h--r- C:\Documents and Settings\eric.havrilla\Recent

====== C: exe-files ==
2014-01-25 18:53:34 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Documents and Settings\eric.havrilla\My Documents\Downloads\OTL.exe
=== C: other files ==
2014-01-28 02:01:13 B85E4C6DBD314A04E931F76ACB4C3FE5 8966650 ----a-w- C:\Documents and Settings\All Users\Desktop\sample_20140127_0901.zip
2014-01-27 21:13:13 2BD479CF9142962CB3E8813FBE0E367D 85654 ----a-w- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Thomson Reuters\TRD 6\Cache\SL1-2GR54RI\daps\Xtra60_20140127T2113130650.zip
2014-01-27 16:21:01 E5F99594E98907DF2F5E1EF26C3EA8DA 265372 ----a-w- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Thomson Reuters\TRD 6\Cache\SL1-2GR54RI\daps\m_public_v2.dat_20140127T1621010300.zip
2014-01-27 16:20:33 D1CF4CC32F307E32FE52157326C403C0 262225 ----a-w- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Thomson Reuters\TRD 6\Cache\SL1-2GR54RI\daps\m_public_v1.dat_20140127T1620330389.zip
2014-01-27 16:20:33 9CACB41315C42547619947F8A0F73DAA 55479 ----a-w- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Thomson Reuters\TRD 6\Cache\SL1-2GR54RI\daps\header.001_20140127T1620330075.zip
2014-01-27 16:20:33 1FF24D80E014BE937EE96D91BD261573 195 ----a-w- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Thomson Reuters\TRD 6\Cache\SL1-2GR54RI\daps\m_version.dat_20140127T1620330514.zip
2014-01-27 16:20:32 EBD8E954F338AC46B57B114569584EC1 161951 ----a-w- C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Thomson Reuters\TRD 6\Cache\SL1-2GR54RI\daps\enumtype.def_20140127T1620320949.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Windows\CurrentVersion\Run]
"RMC"="c:\program files\reuters\rmc\RunRM.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe /startup"
"Google Update"="C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"Greenshot"="C:\Program Files\Greenshot\Greenshot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe -HideWindow"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"BlackBerryAutoUpdate"="C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"DellControlPoint"="C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
"DellConnectionManager"="C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
"PDDM"="C:\Program Files\PatchLink\Update Agent\pddm.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"DivX Download Manager"="C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start"
"DameWare MRC Agent"="C:\WINDOWS\dwrcs\DWRCST.exe"
"AESTFltr"="%SystemRoot%\system32\AESTFltr.exe /NoDlg"
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray.exe "
"EPA_EZ_GPO_Tool"="C:\WINDOWS\system32\EZ_GPO_Tool.exe "
"KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RMC"="c:\program files\reuters\rmc\RunRM.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe /startup"
"Google Update"="C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"Greenshot"="C:\Program Files\Greenshot\Greenshot.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/21/2013 08:59 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cef0f931ee52b6.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/23/2011 10:18 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1604221776-839522115-89822Core1cef030b67244f0.job --a------ C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [08/04/2011 04:54 AM]
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1604221776-839522115-89822.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe []
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1604221776-839522115-89822.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe []
C:\WINDOWS\tasks\ReclaimerResumeInstall_eric.havrilla.job --a------ C:\Documents and Settings\eric.havrilla\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [09/09/2013 11:37 AM]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"="C:\Program Files\Updater By SweetPacks\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"="C:\Program Files\Updater By SweetPacks\Firefox" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[12/08/2010 04:15 PM]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
kpionmjnkbpcdpcflammlgllecmejgjj - C:\Program Files\vShare.tv plugin\vshareplg.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[12/08/2010 04:15 PM]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[]

YouTube - eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
DivX HiQ - eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae
vshare plugin - eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Google Wallet - eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Gmail - eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://thehub.thoms...rs.com/welcome"
"Default_Page_URL"="https://thehub.thoms...rs.com/welcome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="https://thehub.thoms...rs.com/welcome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...ox&FORM=IE8SRC"
{22CAAA4E-7045-46D2-B1F6-8DF6F0C61537} @ieframe.dll,-12512 Url="http://search.live.c...ox&Form=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.co...ge={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully
HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_USERS\S-1-5-21-515967899-1604221776-839522115-89822\Software\Microsoft\Internet Explorer\Approved Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\[email protected] deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully

==== HijackThis Entries ======================

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\dwrcs\DWRCST.exe
O4 - HKCU\..\Run: [RMC] c:\program files\reuters\rmc\RunRM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
O4 - HKUS\S-1-5-21-515967899-1604221776-839522115-89822\..\Run: [RMC] c:\program files\reuters\rmc\RunRM.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-1604221776-839522115-89822\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-1604221776-839522115-89822\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-515967899-1604221776-839522115-89822\..\Run: [Google Update] "C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-515967899-1604221776-839522115-89822\..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (User '?')
O4 - S-1-5-21-515967899-1604221776-839522115-89822 Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (User '?')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Add to Evernote 4 - res://C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://citrixcrm.ime.reuters.com
O15 - Trusted Zone: http://salestools.tfn.com
O15 - Trusted Zone: http://gsmstools.thomson.com
O15 - Trusted Zone: http://citrixcrm.ime.reuters.com (HKLM)
O15 - Trusted Zone: http://salestools.tfn.com (HKLM)
O15 - Trusted Zone: http://gsmstools.thomson.com (HKLM)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://usstrend1:43...ll/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://usstrend1:43...stall/setup.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.7.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1261407012687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1259000180312
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tfcorp.tfn.com
O17 - HKLM\Software\..\Telephony: DomainName = wks.tfcorp.tfn.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tfcorp.tfn.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tfn.com,tfcorp.tfn.com,erf.thomson.com,amers.ime.reuters.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tfcorp.tfn.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tfn.com,tfcorp.tfn.com,erf.thomson.com,amers.ime.reuters.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tfcorp.tfn.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = tfn.com,tfcorp.tfn.com,erf.thomson.com,amers.ime.reuters.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tfn.com,tfcorp.tfn.com,erf.thomson.com,amers.ime.reuters.com
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: MRCNotify - C:\WINDOWS\dwrcs\DWRCWXL.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - SolarWinds - C:\WINDOWS\dwrcs\dwrcs.exe
O23 - Service: Energy Star™ EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: SMSWUagent - 1E Ltd. - C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
O23 - Service: Synergy - Unknown owner - C:\Program Files\Synergy\synergyd.exe
O23 - Service: System Time (systimetem) - Unknown owner - C:\Program Files\Products\System Time\systimetem.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\eric.havrilla\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\eric.havrilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=23 folders=14 12635266 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully
C:\Documents and Settings\eric.havrilla\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ERIC~1.HAV\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\eric.havrilla\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Mon 01/27/2014 at 21:11:52.60 ======================
  • 0

#4
emeraldnzl
Posted 27 January 2014 - 09:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Erock702,

Please run chkdsk.

To do this:

  • Click Start, select Run,
  • Then type cmd in the box; to get to the Command Prompt utility
  • Click Ok
  • Run the chkdsk utility by typing in the following command:
chkdsk c: /f /r

Note: The gaps should be there.

  • at the question "Would you like to schedule this volume to be checked the next time the system restarts?" type Y
  • Restart you computer and let chkdsk run
The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Be patient, it can take a long time.

Next

Please run the System File Checker.

Follow these steps:

  • Click Start > Run and type sfc /scannow (note the space, it should be there), and then press ENTER.
  • Follow the prompts throughout the System File Checker process.
  • Restart your computer when System File Checker process is complete.
Come back and tell me how it went and if you had any error messages.
  • 0

#5
Erock702
Posted 28 January 2014 - 02:08 PM

Erock702

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Disk Check went fine it said volume was clean

System file checker came up with a dialog:

"Windows File Protection
Files that are required for Windows to run properly must be copied to the DLL cache.

Insert your windows XP professional Service Pack 3 CD now."

I don't have that nor will it let me progress.

I get the option to Retry More information and Cancel.
  • 0

#6
Erock702
Posted 28 January 2014 - 02:15 PM

Erock702

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am actually able to go through this by selecting cancel when that message pops up and click yes to skip those files. it is painstaking but I can go through them.

everytime I do that it says Windows may require me to run the cd later. Should I be doing this?
  • 0

#7
emeraldnzl
Posted 28 January 2014 - 04:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

"Windows File Protection
Files that are required for Windows to run properly must be copied to the DLL cache.


I don't have that


It seems you have some corrupt system files.

Seeing you don't have an installation disk I think the best thing would be a re-installation of SP3.

Before we do that though let's make sure your machine is clean of malware.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#8
emeraldnzl
Posted 05 February 2014 - 03:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP