Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

(Trojan.Agent) -> Quarantined


  • Please log in to reply

#1
bonezz777

bonezz777

    Member

  • Member
  • PipPip
  • 99 posts
Hello,first thanks for your help;I ran mamb(trial)it found 16 issues,said it removed them but ever since,my people pc(isp)home page has been totaly changed as well as my browser(i.e.)After reading a couple of your forums,I ran oltimers n have the logs,I also will give the logs from mamb..I'm 52yrs old and NOT computer literate..IMalwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.26.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user1 :: COMPUTER11 [administrator]

Protection: Enabled

2/26/2014 12:13:07 PM
mbam-log-2014-02-26 (12-13-07).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 310937
Time elapsed: 1 hour(s), 10 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\sfx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\sFxdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|sfx (Rootkit.Agent) -> Data: sfx^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 2
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Detected: 7
C:\WINDOWS\system32\UACqwgsvnsyjbgejwjmq.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

(end)
have windows xp professional and (dial up)sorry its all I can affored at the moment...Tim....

Attached Files

  • Attached File  OTS.Txt   117.68KB   73 downloads

  • 0

Advertisements


#2
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello bonezz777, welcome to GeeksToGo!

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed


Warning
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

The KoobFace infection targets non-financial accounts so your bank accounts should be safe, however it's better to be safe than sorry and change those passwords too. Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

We don't tend to use OTS any more and OTL is our tool of choice, so could you get me some OTL logs please:

OTL

Please download OTL (by OldTimer) from the link below and save it to your Desktop.

Download Mirror #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting OTL in any way. If you are unsure how to do this, see THIS.
  • Double-click OTL.exe to run it.
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom
  • 0

#3
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hello bonezz777, welcome to GeeksToGo!

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed


Warning
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

The KoobFace infection targets non-financial accounts so your bank accounts should be safe, however it's better to be safe than sorry and change those passwords too. Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

We don't tend to use OTS any more and OTL is our tool of choice, so could you get me some OTL logs please:

OTL

Please download OTL (by OldTimer) from the link below and save it to your Desktop.

Download Mirror #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting OTL in any way. If you are unsure how to do this, see THIS.
  • Double-click OTL.exe to run it.
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom

Hi Tom,replying to your post,I guess this is how??Sorry if not...OTL logfile created on: 3/7/2014 11:36:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 627.36 Mb Available Physical Memory | 61.84% Memory free
2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 42.69 Gb Free Space | 66.18% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER11 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 11:33:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/28 22:58:00 | 000,087,840 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\PPShared.exe
PRC - [2013/02/28 22:57:59 | 000,172,832 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\BartShel.exe
PRC - [2010/03/16 19:42:08 | 000,640,936 | ---- | M] () -- C:\Program Files\iolo\System Mechanic\SMSystemAnalyzer.exe
PRC - [2010/03/16 19:05:26 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/01 22:40:44 | 000,293,152 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PPCInstall.dll
MOD - [2013/02/28 22:58:00 | 000,087,840 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\PPShared.exe
MOD - [2013/02/28 22:57:59 | 000,172,832 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\BartShel.exe
MOD - [2013/02/28 22:57:48 | 000,031,008 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PPCResEnglish.dll
MOD - [2013/02/28 22:57:42 | 000,100,640 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PaceSync.dll
MOD - [2013/02/28 22:57:39 | 000,102,176 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\ISPUtil8.dll
MOD - [2010/03/16 19:42:08 | 000,640,936 | ---- | M] () -- C:\Program Files\iolo\System Mechanic\SMSystemAnalyzer.exe
MOD - [2010/03/16 19:39:26 | 000,486,912 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\LMResource.dll
MOD - [2010/03/16 19:39:26 | 000,051,712 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\Corvus.dll
MOD - [2010/03/16 19:05:26 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
MOD - [2003/02/25 00:49:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/02/05 14:39:00 | 000,047,416 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/02/05 10:07:09 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/16 19:05:26 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/03/16 19:05:26 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/02/21 22:55:04 | 000,197,120 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) [Disabled | Stopped] -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe -- (SynapseUpdateSvc)
SRV - [2009/08/06 17:35:54 | 000,024,576 | ---- | M] (Agfa Healthcare) [Disabled | Stopped] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/07/11 06:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/07/11 00:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/08/07 12:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003/10/22 12:19:22 | 000,065,536 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/07/11 06:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007/01/30 13:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/03 12:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 12:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 12:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 12:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 12:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 12:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 12:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 12:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 12:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 12:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 12:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 12:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 12:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 12:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 12:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/07/29 12:20:02 | 000,018,216 | ---- | M] (Midmark Diagnostics Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mdgspr.sys -- (MDGSPIRO)
DRV - [2004/07/29 12:11:50 | 000,017,448 | ---- | M] (Midmark Diagnostics Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mdgspldr.sys -- (SPIROLDR)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
IE - HKCU\..\SearchScopes,DefaultScope = {B930BB79-8B60-4936-BD43-3F098FE4F2AA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B930BB79-8B60-4936-BD43-3F098FE4F2AA}: "URL" = http://search.people...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\PeoplePC, Inc\Toolbar\ElnkPuB.dll (PeoplePC, Inc.)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\PeoplePC, Inc\Toolbar\ProtctIE.dll (PeoplePC, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (PeoplePC Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\PeoplePC, Inc\Toolbar\Toolbar.dll (PeoplePC, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PeoplePC Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\PeoplePC, Inc\Toolbar\Toolbar.dll (PeoplePC, Inc.)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP8500\BIN\PPCOLink.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://mrhsportal.c...aredSession.dll (SharedSessionService Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001} https://ssl.pacs.rao...kstationInf.cab (Synapse)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9554D93D-C653-4AFD-854C-AF61F7BF7F42} https://ssl.pacs.rao...kstationInf.cab (Synapse Workstation Class)
O16 - DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} https://mrhsportal.c...r/mckapprun.cab (McKesson Application Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} https://mrhsportal.c...s/mckntauth.ocx (Mckntauth Control)
O16 - DPF: {F88E6FA9-579E-4AE9-8DDA-C48BB36B0A32} https://ssl.pacs.rao...95/FujiInst.cab (SynapseInstallHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = trinitypediatrics.lan
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 11:33:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2014/03/07 10:23:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Recent
[2014/03/01 07:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WOLFCODERS ScreenSnag
[2014/03/01 07:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\WOLFCODERS ScreenSnag
[2014/02/28 20:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2014/02/28 19:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PopCap Games
[2014/02/28 19:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2014/02/28 15:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2014/02/28 10:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\SlimWare Utilities Inc
[2014/02/28 09:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/02/27 17:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2014/02/27 17:21:32 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2014/02/27 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2014/02/27 13:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeoplePC Online
[2014/02/27 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC Accelerated
[2014/02/27 13:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC, Inc
[2014/02/27 13:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PeoplePC
[2014/02/27 13:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC
[2014/02/27 12:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\ElevatedDiagnostics
[2014/02/27 12:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/02/27 12:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/26 20:18:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/02/26 16:36:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/26 10:54:26 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\My Documents\mbam-setup-1.75.0.1300.exe
[2014/02/26 10:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Malwarebytes
[2014/02/26 10:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/26 10:53:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/26 10:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/26 08:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/25 17:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/02/25 12:33:22 | 000,000,000 | ---D | C] -- C:\Intel
[2014/02/22 12:07:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Videos
[2014/02/21 14:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\PeoplePC Online
[2014/02/21 14:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PeoplePC Online
[2014/02/21 12:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2014/02/21 12:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\iolo
[2014/02/21 12:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2014/02/21 10:07:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\PrivacIE
[2014/02/21 10:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Google
[2014/02/21 10:04:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IECompatCache
[2014/02/21 09:56:42 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2014/02/21 09:56:25 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2014/02/21 09:56:25 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2014/02/21 09:32:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Administrative Tools
[2014/02/21 09:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\PCHealth
[2014/02/21 09:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\PeoplePal
[2014/02/21 09:15:36 | 000,073,192 | ---- | C] (PeoplePC) -- C:\WINDOWS\System32\unPPC.exe
[2014/02/21 09:15:35 | 000,042,784 | ---- | C] (PeoplePC, Inc.) -- C:\WINDOWS\System32\ppcwebi.dll
[2014/02/21 09:15:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.DLL
[2014/02/21 09:15:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.dll
[2014/02/21 09:15:31 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL70.dll
[2014/02/21 09:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Macromedia
[2014/02/21 09:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Adobe
[2014/02/20 15:03:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IETldCache
[2014/02/20 15:02:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user1\Application Data\Microsoft
[2014/02/20 15:02:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\SendTo
[2014/02/20 15:02:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Application Data
[2014/02/20 15:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Startup
[2014/02/20 15:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu
[2014/02/20 15:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Pictures
[2014/02/20 15:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Music
[2014/02/20 15:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents
[2014/02/20 15:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Favorites
[2014/02/20 15:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Accessories
[2014/02/20 15:02:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\Cookies
[2014/02/20 15:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\Templates
[2014/02/20 15:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\PrintHood
[2014/02/20 15:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\NetHood
[2014/02/20 15:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\Local Settings
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Symantec
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Symantec
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Sun
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Seven Zip
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\SampleView
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft Help
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\InstallShield
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Identities
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop
[2014/02/20 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\ApplicationHistory

========== Files - Modified Within 30 Days ==========

[2014/03/07 11:33:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2014/03/07 05:43:23 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/07 05:33:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/07 05:33:08 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 05:33:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/01 16:04:58 | 000,001,222 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140301_160455.reg
[2014/03/01 07:07:26 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WOLFCODERS ScreenSnag.lnk
[2014/02/28 19:45:36 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2014/02/28 19:45:36 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2014/02/28 19:44:01 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2014/02/27 17:21:38 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\System Mechanic.lnk
[2014/02/27 13:04:31 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Help.LNK
[2014/02/27 13:04:30 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Online.LNK
[2014/02/27 13:04:30 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeoplePC Online.LNK
[2014/02/27 10:45:46 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/27 10:45:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/27 10:45:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/27 07:55:40 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140227_075537.reg
[2014/02/27 07:21:22 | 000,845,944 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\PandaCloudAntivirus.exe
[2014/02/27 07:14:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/26 10:54:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 10:53:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\My Documents\mbam-setup-1.75.0.1300.exe
[2014/02/25 17:57:04 | 000,011,438 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140225_175700.reg
[2014/02/25 17:54:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/22 21:07:39 | 000,492,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/22 21:07:39 | 000,090,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/22 12:07:35 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/21 15:38:53 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2014/02/21 12:33:06 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2014/02/20 15:08:19 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 18:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 18:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 18:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 18:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 18:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 18:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 18:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 18:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 18:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 18:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 17:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

========== Files Created - No Company Name ==========

[2014/03/06 16:17:48 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/01 16:04:57 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140301_160455.reg
[2014/03/01 07:07:26 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WOLFCODERS ScreenSnag.lnk
[2014/02/28 19:45:36 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2014/02/28 19:44:02 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2014/02/28 19:44:01 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2014/02/27 17:21:38 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\System Mechanic.lnk
[2014/02/27 17:21:30 | 002,315,688 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2014/02/27 17:21:03 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2014/02/27 17:21:03 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2014/02/27 13:04:31 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Help.LNK
[2014/02/27 13:04:30 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Online.LNK
[2014/02/27 13:04:30 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeoplePC Online.LNK
[2014/02/27 13:00:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ppcpanel.cpl
[2014/02/27 13:00:12 | 000,058,144 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2014/02/27 13:00:11 | 000,041,592 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2014/02/27 07:55:39 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140227_075537.reg
[2014/02/27 07:20:56 | 000,845,944 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\PandaCloudAntivirus.exe
[2014/02/26 10:54:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/25 17:57:02 | 000,011,438 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140225_175700.reg
[2014/02/25 17:54:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/22 12:07:35 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/21 12:37:22 | 000,000,386 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2014/02/21 12:33:06 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2014/02/21 09:15:36 | 000,070,432 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2014/02/21 09:15:35 | 000,256,288 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2014/02/21 09:15:35 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2014/02/21 09:15:34 | 000,029,984 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2014/02/20 15:03:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Internet Explorer.lnk
[2014/02/20 15:02:59 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Windows Media Player.lnk
[2014/02/20 15:02:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/20 15:02:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/02/20 15:02:49 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Remote Assistance.lnk
[2014/02/20 15:02:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Outlook Express.lnk
[2012/07/18 15:35:15 | 000,000,259 | ---- | C] () -- C:\WINDOWS\op_mainfrm.ini
[2012/07/18 15:35:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\datecheck.ini

========== ZeroAccess Check ==========

[2007/10/09 01:03:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/17 12:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Connexin Software
[2014/02/28 19:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2014/02/21 14:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PeoplePC Online
[2009/10/23 11:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/09 01:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2014/02/27 12:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ElevatedDiagnostics
[2014/02/27 17:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\iolo
[2014/02/26 08:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PeoplePal
[2014/02/21 14:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PeoplePC Online
[2007/10/09 01:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SampleView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44FF837E

< End of report >
OTL Extras logfile created on: 3/7/2014 11:36:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 627.36 Mb Available Physical Memory | 61.84% Memory free
2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 42.69 Gb Free Space | 66.18% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER11 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Medisoft\Bin\MAPA.EXE" = C:\Program Files\Medisoft\Bin\MAPA.EXE:*:Enabled:MAPA -- ()
"C:\Program Files\Medisoft\Bin\Ohp.exe" = C:\Program Files\Medisoft\Bin\Ohp.exe:*:Enabled:Ohp -- ()
"C:\OP\op.exe" = C:\OP\op.exe:*:Enabled:Office Practicum
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{481875AB-8D00-46D0-92E2-27BB13B20975}_is1" = WOLFCODERS ScreenSnag
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{823EF5EF-F14B-4BCE-9073-5FDCE2D2C6C3}" = AltovaXML 2006
"{86FD8326-909D-45F5-BB61-0619D0D31293}" = HP Support Solutions Framework
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952A2C38-110B-40EF-BA8D-3D14BA40F49C}" = Midmark IQmanager 8.3.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AED5656D-2D0C-4F14-BD1F-4F7938E3ED79}" = Midmark IQmanager 8.3.2
"{AF4FCC6E-88E8-4541-9CC2-254B8195BCD2}" = AGFA IMPAX Client 6.3.1.4527
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}" = PeoplePC PeoplePal Toolbar
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7322EAB-A201-4AA2-8EA6-E38DE9A79A20}" = Midmark IQmanager 8.3.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD51C55D-A617-479A-B01A-961F91321370}" = Synapse Workstation
"{E063B3E2-6641-4375-9F09-ADA9E589EB90}" = hp LaserJet 4250/4350/4240
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"BDE_is1" = BDE Version 5.2.0.2
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"hp LaserJet 4250 4350 4240" = hp LaserJet 4250/4350/4240
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ISPSimpleSwitch" = PeoplePC Simple Switch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Medisoft Network Professional 12" = Medisoft Network Professional 12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office Hours Professional for Networks 12" = Office Hours Professional for Networks 12
"PDF Complete" = PDF Complete
"Peggle Deluxe" = Peggle Deluxe
"PeoplePC Online" = PeoplePC Online
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® PRO Network Connections Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2014 1:32:00 PM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application BartShel.exe, version 8.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2014 6:16:25 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 2/27/2014 6:50:33 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 2/28/2014 10:09:48 AM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application DriverUpdate-setup.exe, version 1.3.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2014 11:53:05 AM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application BartShel.exe, version 8.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2014 4:15:30 PM | Computer Name = COMPUTER11 | Source = MsiInstaller | ID = 11606
Description = Product: Driver Detective -- Error 1606.Could not access network location
http://c15024521.r21...m/AskToo~1.cab.

Error - 2/28/2014 4:17:53 PM | Computer Name = COMPUTER11 | Source = MsiInstaller | ID = 11606
Description = Product: Driver Detective -- Error 1606.Could not access network location
http://c15024521.r21...m/AskToo~1.cab.

Error - 2/28/2014 5:58:43 PM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2014 6:22:26 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.4.304.0, P3 timeout, P4 1.1.10302.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2014 12:34:56 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 3/6/2014 9:43:58 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/6/2014 9:43:58 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 3/6/2014 5:17:00 PM | Computer Name = COMPUTER11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/6/2014 5:17:07 PM | Computer Name = COMPUTER11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/6/2014 5:19:37 PM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/6/2014 5:19:37 PM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/6/2014 7:22:30 PM | Computer Name = COMPUTER11 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 3/7/2014 6:34:54 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/7/2014 6:34:54 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/7/2014 11:24:46 AM | Computer Name = COMPUTER11 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).


< End of report >
  • 0

#4
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi bonezz777,

ComboFix

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1
Download Mirror #2
Download Mirror #3


Note: You must save this directly to your Desktop.

  • Save any open documents, then close any open programs.
  • Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Double-click on combofix.exe then follow the on screen prompts
  • When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.

If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt

Tom
  • 0

#5
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi bonezz777,

ComboFix

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1
Download Mirror #2
Download Mirror #3


Note: You must save this directly to your Desktop.

  • Save any open documents, then close any open programs.
  • Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Double-click on combofix.exe then follow the on screen prompts
  • When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.

If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt

Tom

Hi Tom982,It(bug) kept blocking my download of Combofix,I read where others had same problem,the fix re name file to "Adware.exe"..It was able to then load;Okay I ran Combofix,but I think???I still have a bug or two?,My home page is still messed up(should I delete my ISP and do a re-install??) And it keeps changing my "detect settings automatically" to a "proxy setting" I have dial up...Okay Tom here is the Combo report(thanks)ComboFix 14-03-05.01 - user1 03/09/2014 8:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.471 [GMT -4:00]
Running from: c:\documents and settings\user1\Desktop\Adware.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Common Files\Uninstall
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SFX
-------\Legacy_SFXDRV
.
.
((((((((((((((((((((((((( Files Created from 2014-02-09 to 2014-03-09 )))))))))))))))))))))))))))))))
.
.
2014-03-08 17:01 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-08 17:01 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-08 11:36 . 2014-02-06 07:08 7947048 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{230ADD1C-DB84-470D-9786-F2CB7B59284E}\mpengine.dll
2014-03-07 17:22 . 2014-02-06 07:08 7947048 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-01 12:07 . 2014-03-01 12:07 -------- d-----w- c:\program files\WOLFCODERS ScreenSnag
2014-03-01 01:33 . 2014-03-01 01:33 -------- d-----w- c:\program files\Hp
2014-03-01 00:43 . 2014-03-01 00:45 -------- d-----w- c:\program files\PopCap Games
2014-02-28 20:59 . 2014-02-28 20:59 -------- d-----w- c:\program files\SystemRequirementsLab
2014-02-27 22:21 . 2010-03-17 00:42 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2014-02-27 22:21 . 2010-03-17 00:42 2315688 ----a-w- c:\windows\system32\Incinerator.dll
2014-02-27 22:21 . 2010-02-03 15:21 12288 ----a-w- c:\windows\system32\smrgdf.exe
2014-02-27 22:21 . 2010-02-03 15:21 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-02-27 22:20 . 2014-02-27 22:20 -------- d-----w- c:\program files\iolo
2014-02-27 18:04 . 2014-02-27 18:04 -------- d-----w- c:\program files\PeoplePC Accelerated
2014-02-27 18:00 . 2014-02-27 18:01 -------- d-----w- c:\program files\Common Files\PeoplePC
2014-02-27 18:00 . 2014-02-27 18:04 -------- d-----w- c:\program files\PeoplePC
2014-02-27 18:00 . 2013-03-01 03:58 58144 ------w- c:\windows\system32\PPCOUNIN.exe
2014-02-27 18:00 . 2013-03-01 00:05 61440 ------w- c:\windows\system32\ppcpanel.cpl
2014-02-27 18:00 . 2013-03-01 03:58 41592 ------w- c:\windows\system32\PPCClean.exe
2014-02-26 21:36 . 2014-02-27 17:51 -------- d-----w- C:\AdwCleaner
2014-02-26 15:53 . 2014-02-26 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-26 15:53 . 2014-02-27 17:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-26 15:53 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-26 13:06 . 2014-02-26 13:06 -------- d-----w- c:\program files\CCleaner
2014-02-25 17:33 . 2014-02-25 17:33 -------- d-----w- C:\Intel
2014-02-21 19:24 . 2014-02-21 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PeoplePC Online
2014-02-21 17:37 . 2014-02-21 17:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2014-02-21 17:33 . 2014-02-21 17:33 74703 ----a-w- c:\windows\system32\mfc45.dll
2014-02-21 17:32 . 2014-03-01 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2014-02-21 14:56 . 2001-08-17 18:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2014-02-21 14:56 . 2001-08-17 18:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2014-02-21 14:56 . 2001-08-17 18:28 871388 ----a-w- c:\windows\system32\drivers\BCMDM.sys
2014-02-21 14:56 . 2001-08-17 18:28 871388 ----a-w- c:\windows\system32\dllcache\bcmdm.sys
2014-02-21 14:15 . 2013-03-01 03:58 70432 ------w- c:\windows\system32\unPPC6000.exe
2014-02-21 14:15 . 2011-05-11 02:18 73192 ------w- c:\windows\system32\unPPC.exe
2014-02-21 14:15 . 2013-03-01 03:58 42784 ------w- c:\windows\system32\ppcwebi.dll
2014-02-21 14:15 . 2013-03-01 03:58 256288 ------w- c:\windows\system32\PPCInfo.exe
2014-02-21 14:15 . 2011-05-11 02:03 34136 ------w- c:\windows\system32\RegHero.exe
2014-02-21 14:15 . 2013-03-01 03:58 29984 ------w- c:\windows\system32\PopWait.exe
2014-02-21 14:15 . 2011-05-11 02:03 1060864 ------w- c:\windows\system32\MFC71.DLL
2014-02-21 14:15 . 2011-05-11 02:03 89088 ------w- c:\windows\system32\ATL71.dll
2014-02-21 14:15 . 2011-05-11 02:03 84992 ------w- c:\windows\system32\ATL70.dll
2014-02-20 20:02 . 2014-03-09 11:41 -------- d-----w- c:\documents and settings\user1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 23:26 . 2004-08-04 08:00 920064 ------w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 08:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-05 15:07 . 2012-03-30 12:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 15:07 . 2011-05-17 12:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-04 03:13 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 11:13 . 2012-12-16 21:13 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"Bart Station"="c:\program files\PeoplePC\ISP8500\BIN\PPCOLink.exe" [2013-03-01 26912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FujiSynapseBridge]
2010-02-22 03:40 230784 ----a-w- c:\program files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-09-25 09:12 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-09-25 09:13 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-08-07 17:59 331288 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-09-25 09:12 94208 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2006-05-12 19:50 1138688 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 21:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-04-24 17:42 888832 ----a-w- c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 19:01 525824 ----a-w- c:\program files\Compaq\SetRefresh\SetRefresh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synapse URLSearchHook Configuration]
2010-04-28 21:15 3245440 ----a-w- c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFld.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SynapseUpdateSvc"=2 (0x2)
"SQLWriter"=2 (0x2)
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"pdfcDispatcher"=2 (0x2)
"PCA"=2 (0x2)
"PACS Client Updater"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQL$MSSMLBIZ"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"IviRegMgr"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Medisoft\\Bin\\MAPA.EXE"=
"c:\\Program Files\\Medisoft\\Bin\\Ohp.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
.
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/27/2014 6:21 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/27/2014 6:21 PM 704432]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/26/2014 11:53 AM 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/26/2014 11:53 AM 22856]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2/5/2014 3:39 PM 47416]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/26/2014 11:53 AM 701512]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 MDGSPIRO;Midmark Spirometer USB Driver (mdgspr.sys);c:\windows\system32\drivers\mdgspr.sys [7/29/2004 1:20 PM 18216]
S3 SPIROLDR;Midmark Spirometer USB Loader(mdgspldr.sys);c:\windows\system32\drivers\mdgspldr.sys [7/29/2004 1:11 PM 17448]
S4 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [8/6/2009 6:35 PM 24576]
S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/9/2007 2:09 AM 540184]
S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 1:02 AM 328992]
S4 SynapseUpdateSvc;Synapse Update Manager;c:\program files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe [2/21/2010 11:55 PM 197120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:07]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-23 12:44]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-23 12:44]
.
2014-03-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01]
.
2014-03-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-08 01:59]
.
2014-03-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-08 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.peoplepc.com/websearch
DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} - hxxps://mrhsportal.corp.munroeregional.com/portal/applets/SharedSession.dll
DPF: {1FBD11EF-1260-11D1-87A7-444553540001} - hxxps://ssl.pacs.raocala.com/osd/SynapseWorkstationInf.cab
DPF: {9554D93D-C653-4AFD-854C-AF61F7BF7F42} - hxxps://ssl.pacs.raocala.com/osd/synapseWorkstationInf.cab
DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} - hxxps://mrhsportal.corp.munroeregional.com/portal/mckesson/eig/viewer/mckapprun.cab
DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} - hxxps://mrhsportal.corp.munroeregional.com/portal/applets/mckntauth.ocx
DPF: {F88E6FA9-579E-4AE9-8DDA-C48BB36B0A32} - hxxps://ssl.pacs.raocala.com/osd/x86/win95/FujiInst.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-09 08:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\program files\Fuji Medical System\Synapse\Workstation\FujiFld.dll
c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFldR.dll
c:\program files\Fuji Medical System\Synapse\Workstation\DBCmds.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\PeoplePC\ISP8500\Browser\Bartshel.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\PeoplePC\ISP8500\Browser\PPShared.exe
.
**************************************************************************
.
Completion time: 2014-03-09 08:39:33 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-09 12:39
.
Pre-Run: 45,712,887,808 bytes free
Post-Run: 46,122,991,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F717E722CC7E282BC7C8DAA3A5B963F6
0C808E7238C810543120B2DC771ED1BA
  • 0

#6
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi bonezz777,

Combofix has removed a few files and services, but we will probably need to run a further OTL fix to remove the rest of the symptoms. Let's get a new log and see what things look like now:

OTL

  • Run OTL by double-clicking on it.
  • Change the following options:

    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom
  • 0

#7
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi bonezz777,

Combofix has removed a few files and services, but we will probably need to run a further OTL fix to remove the rest of the symptoms. Let's get a new log and see what things look like now:

OTL

  • Run OTL by double-clicking on it.
  • Change the following options:

    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom

Hi Tom,Again Thank YOU for Your help,here's the logs You requested:OTL logfile created on: 3/9/2014 5:55:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 649.85 Mb Available Physical Memory | 64.06% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 42.92 Gb Free Space | 66.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER11 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 12:33:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
PRC - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 15:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/28 23:58:00 | 000,087,840 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\PPShared.exe
PRC - [2013/02/28 23:57:59 | 000,172,832 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\BartShel.exe
PRC - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/01 23:40:44 | 000,293,152 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PPCInstall.dll
MOD - [2013/02/28 23:58:00 | 000,087,840 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\PPShared.exe
MOD - [2013/02/28 23:57:59 | 000,172,832 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\BartShel.exe
MOD - [2013/02/28 23:57:48 | 000,031,008 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PPCResEnglish.dll
MOD - [2013/02/28 23:57:42 | 000,100,640 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PaceSync.dll
MOD - [2013/02/28 23:57:39 | 000,102,176 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\ISPUtil8.dll
MOD - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
MOD - [2003/02/25 01:49:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/02/05 15:39:00 | 000,047,416 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/02/05 11:07:09 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/02/21 23:55:04 | 000,197,120 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) [Disabled | Stopped] -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe -- (SynapseUpdateSvc)
SRV - [2009/08/06 18:35:54 | 000,024,576 | ---- | M] (Agfa Healthcare) [Disabled | Stopped] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/08/07 13:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003/10/22 13:19:22 | 000,065,536 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Adware\catchme.sys -- (catchme)
DRV - [2013/04/04 15:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/07/11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007/01/30 14:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/07/29 13:20:02 | 000,018,216 | ---- | M] (Midmark Diagnostics Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mdgspr.sys -- (MDGSPIRO)
DRV - [2004/07/29 13:11:50 | 000,017,448 | ---- | M] (Midmark Diagnostics Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mdgspldr.sys -- (SPIROLDR)
DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 14:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes,DefaultScope = {B930BB79-8B60-4936-BD43-3F098FE4F2AA}
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes\{B930BB79-8B60-4936-BD43-3F098FE4F2AA}: "URL" = http://search.people...q={searchTerms}
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2014/03/09 08:36:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\PeoplePC, Inc\Toolbar\ElnkPuB.dll (PeoplePC, Inc.)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\PeoplePC, Inc\Toolbar\ProtctIE.dll (PeoplePC, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (PeoplePC Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\PeoplePC, Inc\Toolbar\Toolbar.dll (PeoplePC, Inc.)
O3 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\Toolbar\WebBrowser: (PeoplePC Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\PeoplePC, Inc\Toolbar\Toolbar.dll (PeoplePC, Inc.)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP8500\BIN\PPCOLink.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://mrhsportal.c...aredSession.dll (SharedSessionService Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001} https://ssl.pacs.rao...kstationInf.cab (Synapse)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9554D93D-C653-4AFD-854C-AF61F7BF7F42} https://ssl.pacs.rao...kstationInf.cab (Synapse Workstation Class)
O16 - DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} https://mrhsportal.c...r/mckapprun.cab (McKesson Application Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} https://mrhsportal.c...s/mckntauth.ocx (Mckntauth Control)
O16 - DPF: {F88E6FA9-579E-4AE9-8DDA-C48BB36B0A32} https://ssl.pacs.rao...95/FujiInst.cab (SynapseInstallHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = trinitypediatrics.lan
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/09 17:27:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Recent
[2014/03/09 17:23:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/09 08:25:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/03/09 07:55:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/09 07:55:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/09 07:55:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/09 07:55:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/09 07:55:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/09 07:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/03/09 07:51:41 | 005,187,267 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\Adware.exe
[2014/03/08 13:01:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/08 13:01:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/03/07 12:33:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2014/03/01 08:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WOLFCODERS ScreenSnag
[2014/03/01 08:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\WOLFCODERS ScreenSnag
[2014/02/28 21:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2014/02/28 20:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PopCap Games
[2014/02/28 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2014/02/28 16:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2014/02/28 11:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\SlimWare Utilities Inc
[2014/02/28 10:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/02/27 18:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2014/02/27 18:21:32 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2014/02/27 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2014/02/27 14:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeoplePC Online
[2014/02/27 14:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC Accelerated
[2014/02/27 14:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC, Inc
[2014/02/27 14:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PeoplePC
[2014/02/27 14:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC
[2014/02/27 13:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\ElevatedDiagnostics
[2014/02/27 13:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/02/27 13:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/26 21:18:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/02/26 17:36:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/26 11:54:26 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\My Documents\mbam-setup-1.75.0.1300.exe
[2014/02/26 11:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Malwarebytes
[2014/02/26 11:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/26 11:53:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/26 11:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/26 09:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/25 18:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/02/25 13:33:22 | 000,000,000 | ---D | C] -- C:\Intel
[2014/02/22 13:07:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Videos
[2014/02/21 15:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\PeoplePC Online
[2014/02/21 15:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PeoplePC Online
[2014/02/21 13:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2014/02/21 13:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\iolo
[2014/02/21 13:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2014/02/21 11:07:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\PrivacIE
[2014/02/21 11:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Google
[2014/02/21 11:04:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IECompatCache
[2014/02/21 10:56:42 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2014/02/21 10:56:25 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2014/02/21 10:56:25 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2014/02/21 10:32:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Administrative Tools
[2014/02/21 10:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\PCHealth
[2014/02/21 10:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\PeoplePal
[2014/02/21 10:15:36 | 000,073,192 | ---- | C] (PeoplePC) -- C:\WINDOWS\System32\unPPC.exe
[2014/02/21 10:15:35 | 000,042,784 | ---- | C] (PeoplePC, Inc.) -- C:\WINDOWS\System32\ppcwebi.dll
[2014/02/21 10:15:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.DLL
[2014/02/21 10:15:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.dll
[2014/02/21 10:15:31 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL70.dll
[2014/02/21 10:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Macromedia
[2014/02/21 10:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Adobe
[2014/02/20 16:03:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IETldCache
[2014/02/20 16:02:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user1\Application Data\Microsoft
[2014/02/20 16:02:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\SendTo
[2014/02/20 16:02:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Application Data
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Startup
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Pictures
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Music
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Favorites
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Accessories
[2014/02/20 16:02:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\Cookies
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\Templates
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\PrintHood
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\NetHood
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\Local Settings
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Symantec
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Symantec
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Sun
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Seven Zip
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\SampleView
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft Help
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\InstallShield
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Identities
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\ApplicationHistory

========== Files - Modified Within 30 Days ==========

[2014/03/09 17:29:59 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/09 17:20:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/09 17:19:52 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/09 17:19:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/09 17:19:44 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/09 08:36:19 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/09 08:36:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/09 08:25:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/03/09 07:52:04 | 005,187,267 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\Adware.exe
[2014/03/09 06:41:50 | 000,492,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/09 06:41:50 | 000,090,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/07 15:07:55 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/07 12:33:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2014/03/01 17:04:58 | 000,001,222 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140301_160455.reg
[2014/03/01 08:07:26 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WOLFCODERS ScreenSnag.lnk
[2014/02/28 20:45:36 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2014/02/28 20:45:36 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2014/02/28 20:44:01 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2014/02/27 18:21:38 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\System Mechanic.lnk
[2014/02/27 14:04:31 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Help.LNK
[2014/02/27 14:04:30 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Online.LNK
[2014/02/27 14:04:30 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeoplePC Online.LNK
[2014/02/27 11:45:46 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/27 11:45:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/27 11:45:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/27 08:55:40 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140227_075537.reg
[2014/02/27 08:21:22 | 000,845,944 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\PandaCloudAntivirus.exe
[2014/02/27 08:14:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/26 11:54:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 11:53:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\My Documents\mbam-setup-1.75.0.1300.exe
[2014/02/25 21:59:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/02/25 21:59:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/02/25 18:57:04 | 000,011,438 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140225_175700.reg
[2014/02/25 18:54:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/22 13:07:35 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/21 16:38:53 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2014/02/21 13:33:06 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2014/02/20 16:08:19 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2014/03/09 08:25:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/03/09 08:25:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/03/09 07:55:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/09 07:55:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/09 07:55:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/09 07:55:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/09 07:55:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/09 06:39:34 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/09 06:39:30 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/06 17:17:48 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/01 17:04:57 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140301_160455.reg
[2014/03/01 08:07:26 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WOLFCODERS ScreenSnag.lnk
[2014/02/28 20:45:36 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2014/02/28 20:44:02 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2014/02/28 20:44:01 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2014/02/27 18:21:38 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\System Mechanic.lnk
[2014/02/27 18:21:30 | 002,315,688 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2014/02/27 18:21:03 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2014/02/27 18:21:03 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2014/02/27 14:04:31 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Help.LNK
[2014/02/27 14:04:30 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Online.LNK
[2014/02/27 14:04:30 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeoplePC Online.LNK
[2014/02/27 14:00:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ppcpanel.cpl
[2014/02/27 14:00:12 | 000,058,144 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2014/02/27 14:00:11 | 000,041,592 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2014/02/27 08:55:39 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140227_075537.reg
[2014/02/27 08:20:56 | 000,845,944 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\PandaCloudAntivirus.exe
[2014/02/26 11:54:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/25 18:57:02 | 000,011,438 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140225_175700.reg
[2014/02/25 18:54:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/22 13:07:35 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/21 13:37:22 | 000,000,386 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2014/02/21 13:33:06 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2014/02/21 10:15:36 | 000,070,432 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2014/02/21 10:15:35 | 000,256,288 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2014/02/21 10:15:35 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2014/02/21 10:15:34 | 000,029,984 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2014/02/20 16:03:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Internet Explorer.lnk
[2014/02/20 16:02:59 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Windows Media Player.lnk
[2014/02/20 16:02:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/20 16:02:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/02/20 16:02:49 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Remote Assistance.lnk
[2014/02/20 16:02:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Outlook Express.lnk
[2012/07/18 16:35:15 | 000,000,259 | ---- | C] () -- C:\WINDOWS\op_mainfrm.ini
[2012/07/18 16:35:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\datecheck.ini

========== ZeroAccess Check ==========

[2007/10/09 02:03:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/10/09 02:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/05/17 13:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Connexin Software
[2014/02/28 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2014/02/21 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PeoplePC Online
[2007/10/09 02:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2007/10/09 02:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2014/02/21 13:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2014/02/27 13:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ElevatedDiagnostics
[2014/02/27 18:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\iolo
[2014/02/26 09:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PeoplePal
[2014/02/21 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PeoplePC Online
[2007/10/09 02:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SampleView

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 3/9/2014 5:55:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 649.85 Mb Available Physical Memory | 64.06% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 42.92 Gb Free Space | 66.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER11 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Medisoft\Bin\MAPA.EXE" = C:\Program Files\Medisoft\Bin\MAPA.EXE:*:Enabled:MAPA -- ()
"C:\Program Files\Medisoft\Bin\Ohp.exe" = C:\Program Files\Medisoft\Bin\Ohp.exe:*:Enabled:Ohp -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{481875AB-8D00-46D0-92E2-27BB13B20975}_is1" = WOLFCODERS ScreenSnag
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{823EF5EF-F14B-4BCE-9073-5FDCE2D2C6C3}" = AltovaXML 2006
"{86FD8326-909D-45F5-BB61-0619D0D31293}" = HP Support Solutions Framework
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952A2C38-110B-40EF-BA8D-3D14BA40F49C}" = Midmark IQmanager 8.3.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AED5656D-2D0C-4F14-BD1F-4F7938E3ED79}" = Midmark IQmanager 8.3.2
"{AF4FCC6E-88E8-4541-9CC2-254B8195BCD2}" = AGFA IMPAX Client 6.3.1.4527
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}" = PeoplePC PeoplePal Toolbar
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7322EAB-A201-4AA2-8EA6-E38DE9A79A20}" = Midmark IQmanager 8.3.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD51C55D-A617-479A-B01A-961F91321370}" = Synapse Workstation
"{E063B3E2-6641-4375-9F09-ADA9E589EB90}" = hp LaserJet 4250/4350/4240
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"BDE_is1" = BDE Version 5.2.0.2
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"hp LaserJet 4250 4350 4240" = hp LaserJet 4250/4350/4240
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ISPSimpleSwitch" = PeoplePC Simple Switch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Medisoft Network Professional 12" = Medisoft Network Professional 12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office Hours Professional for Networks 12" = Office Hours Professional for Networks 12
"PDF Complete" = PDF Complete
"Peggle Deluxe" = Peggle Deluxe
"PeoplePC Online" = PeoplePC Online
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® PRO Network Connections Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2014 6:50:33 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 2/28/2014 10:09:48 AM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application DriverUpdate-setup.exe, version 1.3.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2014 11:53:05 AM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application BartShel.exe, version 8.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2014 4:15:30 PM | Computer Name = COMPUTER11 | Source = MsiInstaller | ID = 11606
Description = Product: Driver Detective -- Error 1606.Could not access network location
http://c15024521.r21...m/AskToo~1.cab.

Error - 2/28/2014 4:17:53 PM | Computer Name = COMPUTER11 | Source = MsiInstaller | ID = 11606
Description = Product: Driver Detective -- Error 1606.Could not access network location
http://c15024521.r21...m/AskToo~1.cab.

Error - 2/28/2014 5:58:43 PM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2014 6:22:26 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.4.304.0, P3 timeout, P4 1.1.10302.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 3/7/2014 12:34:56 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 3/9/2014 7:53:38 AM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 3/9/2014 5:50:45 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 3/9/2014 6:41:10 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/9/2014 6:41:10 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/9/2014 8:36:42 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/9/2014 8:36:42 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/9/2014 8:46:20 AM | Computer Name = COMPUTER11 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.167.1473.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/9/2014 10:04:31 AM | Computer Name = COMPUTER11 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 3/9/2014 10:20:26 AM | Computer Name = COMPUTER11 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 3/9/2014 5:20:29 PM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/9/2014 5:20:29 PM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/9/2014 5:30:22 PM | Computer Name = COMPUTER11 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.167.1473.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
  • 0

#8
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi bonezz777,

Your log looks a lot better now! Let's run a few supplementary scans just to make sure everything has gone:

Malwarebytes Scan

Can you open MBAM and run a Full Scan please? Post the log here when complete.

ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

After you have done this, can you tell me how your computer is performing please? Any sign of the home page changes now?

I also noticed in your OTL log that Windows Update failed recently, is it still failing with 0x8024402c?

code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Tom
  • 0

#9
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
SNAG-14031114355900.png SNAG-14031114381300.png

Hi bonezz777,

Your log looks a lot better now! Let's run a few supplementary scans just to make sure everything has gone:

Malwarebytes Scan

Can you open MBAM and run a Full Scan please? Post the log here when complete.

ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

After you have done this, can you tell me how your computer is performing please? Any sign of the home page changes now?

I also noticed in your OTL log that Windows Update failed recently, is it still failing with 0x8024402c?

code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Tom

Hello Tom,It's Not going well,this darn BUG refuses to go;It wont let me down load eset,I ran a full scan mamw,but even that log dont look right,Pluss I cant use my cd/dvd player anymore,and my homepage is still wacked out,I deleted it and reinstalled it,but it is computer is Still curruped....P.S."if" You can find n fix this damage will I be able to keep this from happening agin??...Thanks,Tim.Oh yeah updates still not working right,and System restore wont work on Any date???Tim...Tom I found this,it was not "in order"I was just looking & found it..Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user1 :: COMPUTER11 [administrator]

Protection: Disabled

3/11/2014 1:38:51 PM
mbam-log-2014-03-11 (13-38-51).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314310
Time elapsed: 44 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by bonezz777, 11 March 2014 - 01:09 PM.

  • 0

#10
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi bonezz777,

It wont let me down load eset,


Can you try again with this link please? It's strange that the previous one wouldn't load for you, it's working fine for me.

http://www.eset.com/...online-scanner/

I just want to try this link before looking at what could be potentially blocking this site.

I ran a full scan mamw,but even that log dont look right


The log is perfect and thankfully Malwarebytes' Anti Malware hasn't detected any malicious files!

Pluss I cant use my cd/dvd player anymore


No problem, we can deal with that when we're sure all the malware has gone.

and my homepage is still wacked out,I deleted it and reinstalled it,but it is computer is Still curruped


Your current home page is: http://home.peoplepc.com/websearch. Is this not what you want it to be? I can change it to whatever you want for you, I just assumed this is what you wanted it left as because it's your ISPs website :)

....P.S."if" You can find n fix this damage will I be able to keep this from happening agin??


I can't guarantee anything, but I'll do my best! When we've sorted everything out I will help prevent any future malware infections both with software and some advice for you. We'll need to investigate the Windows Update error a little more, but I suspect that will be a one off occasion as I think it's related to the malware you have/had on your system - the error code it's failing with suggests a network issue is causing the problem.

System restore wont work on Any date???


I'll look into that at the end as well, though it may well be related to the infection.

So give that new ESET link a shot and let me know how you get on, then we can decide how to progress from there :)

Tom
  • 0

Advertisements


#11
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
SNAG-14031205253400.png SNAG-14031205302800.png

Hi bonezz777,

It wont let me down load eset,


Can you try again with this link please? It's strange that the previous one wouldn't load for you, it's working fine for me.

http://www.eset.com/...online-scanner/

I just want to try this link before looking at what could be potentially blocking this site.

I ran a full scan mamw,but even that log dont look right


The log is perfect and thankfully Malwarebytes' Anti Malware hasn't detected any malicious files!

Pluss I cant use my cd/dvd player anymore


No problem, we can deal with that when we're sure all the malware has gone.

and my homepage is still wacked out,I deleted it and reinstalled it,but it is computer is Still curruped


Your current home page is: http://home.peoplepc.com/websearch. Is this not what you want it to be? I can change it to whatever you want for you, I just assumed this is what you wanted it left as because it's your ISPs website :)

....P.S."if" You can find n fix this damage will I be able to keep this from happening agin??


I can't guarantee anything, but I'll do my best! When we've sorted everything out I will help prevent any future malware infections both with software and some advice for you. We'll need to investigate the Windows Update error a little more, but I suspect that will be a one off occasion as I think it's related to the malware you have/had on your system - the error code it's failing with suggests a network issue is causing the problem.

System restore wont work on Any date???


I'll look into that at the end as well, though it may well be related to the infection.

So give that new ESET link a shot and let me know how you get on, then we can decide how to progress from there :)

Tom

Hi Tom,3:00am Fl.time I finaly got eset to load,it found "0";But ya know whats weird is eset said your "avg"antivirus is active n could effect the test...as far as I know it's never had avg,I searched all over the machine and found No such...Just a thought,What "if" this hacker is Pretending to be avg??,as to "not be singled out as a threat and removed?..They do it all the time w/ebay,paypal,& I think my peoplepc.com..Tom,I'm going to take a snap shot of my New homepage addition,then You can see what I'm talking about,then "You"can go to peoplepc.com and see the differant's,even the color,layout everything;Honestly I think it's "troganed disgised"????Dont know,thanks agin Tom for Your hard work on this,I wish I wasn't old n sick,I would like to take this course n learn what You know,anyway,here's the snapshot::thanks,Tim.. :rolleyes:
  • 0

#12
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Tim,

It's very strange that it's mentioned AVG because there are no signs of it in your logs - if AVG was running, we would see it. I wouldn't worry about the malware trying to disguise itself as AVG, the tools we have used here are very clever and would have picked up on something like that!

This is what I see when I go to the PeoplePC website:

Posted Image

It looks like your screenshot; is this not normal? Perhaps they have changed their website?

Let's get some fresh OTL logs and see if everything is in order now:

OTL

  • Run OTL by double-clicking on it.
  • Change the following options:

    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

I'm sorry to hear about your ill health, I hope you get better soon! :)

Tom
  • 0

#13
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi Tim,

It's very strange that it's mentioned AVG because there are no signs of it in your logs - if AVG was running, we would see it. I wouldn't worry about the malware trying to disguise itself as AVG, the tools we have used here are very clever and would have picked up on something like that!

This is what I see when I go to the PeoplePC website:

Posted Image

It looks like your screenshot; is this not normal? Perhaps they have changed their website?

Let's get some fresh OTL logs and see if everything is in order now:

OTL

  • Run OTL by double-clicking on it.
  • Change the following options:

    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

I'm sorry to hear about your ill health, I hope you get better soon! :)

Tom

Hi Tom,as far as my home page,I can work around that,by shrinking that page & opening I.Explorer..,As for the avg I found "traces" it was there at one time,found in "c files" wasn't active so I deleted it;when I got this computer(free)from a doctor who upgraded it had chrome,I deleted it as well,wont work w/my dial up,too slow..here are the otl logs..Thanks::OTL logfile created on: 3/13/2014 6:02:35 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 657.22 Mb Available Physical Memory | 64.79% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 43.24 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER11 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 12:33:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
PRC - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/28 23:58:00 | 000,087,840 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\PPShared.exe
PRC - [2013/02/28 23:57:59 | 000,172,832 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\BartShel.exe
PRC - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/01 23:40:44 | 000,293,152 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PPCInstall.dll
MOD - [2013/02/28 23:58:00 | 000,087,840 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\PPShared.exe
MOD - [2013/02/28 23:57:59 | 000,172,832 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Browser\BartShel.exe
MOD - [2013/02/28 23:57:48 | 000,031,008 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PPCResEnglish.dll
MOD - [2013/02/28 23:57:42 | 000,100,640 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\PaceSync.dll
MOD - [2013/02/28 23:57:39 | 000,102,176 | ---- | M] () -- C:\Program Files\PeoplePC\ISP8500\Bin\ISPUtil8.dll
MOD - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
MOD - [2003/02/25 01:49:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/02/05 15:39:00 | 000,047,416 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/02/05 11:07:09 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/03/16 20:05:26 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/02/21 23:55:04 | 000,197,120 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) [Disabled | Stopped] -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe -- (SynapseUpdateSvc)
SRV - [2009/08/06 18:35:54 | 000,024,576 | ---- | M] (Agfa Healthcare) [Disabled | Stopped] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/08/07 13:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003/10/22 13:19:22 | 000,065,536 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Adware\catchme.sys -- (catchme)
DRV - [2013/04/04 15:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/07/11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007/01/30 14:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/07/29 13:20:02 | 000,018,216 | ---- | M] (Midmark Diagnostics Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mdgspr.sys -- (MDGSPIRO)
DRV - [2004/07/29 13:11:50 | 000,017,448 | ---- | M] (Midmark Diagnostics Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mdgspldr.sys -- (SPIROLDR)
DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 14:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes,DefaultScope = {B930BB79-8B60-4936-BD43-3F098FE4F2AA}
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\SearchScopes\{B930BB79-8B60-4936-BD43-3F098FE4F2AA}: "URL" = http://search.people...q={searchTerms}
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2014/03/09 08:36:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\PeoplePC, Inc\Toolbar\ElnkPuB.dll (PeoplePC, Inc.)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\PeoplePC, Inc\Toolbar\ProtctIE.dll (PeoplePC, Inc.)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\PeoplePC, Inc\Toolbar\uninsttb.dll (PeoplePC, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (PeoplePC Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\PeoplePC, Inc\Toolbar\Toolbar.dll (PeoplePC, Inc.)
O3 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\..\Toolbar\WebBrowser: (PeoplePC Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\PeoplePC, Inc\Toolbar\Toolbar.dll (PeoplePC, Inc.)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP8500\BIN\PPCOLink.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-925058173-3912707714-2379387614-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: PeoplePC Google Search - C:\Program Files\PeoplePC, Inc\Toolbar\SearchUI.dll (PeoplePC, Inc.)
O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://mrhsportal.c...aredSession.dll (SharedSessionService Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001} https://ssl.pacs.rao...kstationInf.cab (Synapse)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9554D93D-C653-4AFD-854C-AF61F7BF7F42} https://ssl.pacs.rao...kstationInf.cab (Synapse Workstation Class)
O16 - DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} https://mrhsportal.c...r/mckapprun.cab (McKesson Application Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} https://mrhsportal.c...s/mckntauth.ocx (Mckntauth Control)
O16 - DPF: {F88E6FA9-579E-4AE9-8DDA-C48BB36B0A32} https://ssl.pacs.rao...95/FujiInst.cab (SynapseInstallHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = trinitypediatrics.lan
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/13 05:30:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Recent
[2014/03/12 10:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeoplePC Online
[2014/03/12 10:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC Accelerated
[2014/03/12 09:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC, Inc
[2014/03/12 09:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC
[2014/03/12 05:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2014/03/11 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/03/09 17:23:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/09 08:25:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/03/09 07:55:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/09 07:55:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/09 07:55:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/09 07:55:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/09 07:55:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/09 07:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/03/09 07:51:41 | 005,187,267 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\Adware.exe
[2014/03/08 13:01:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/08 13:01:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/03/07 12:33:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2014/03/01 08:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WOLFCODERS ScreenSnag
[2014/03/01 08:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\WOLFCODERS ScreenSnag
[2014/02/28 21:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hp
[2014/02/28 20:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PopCap Games
[2014/02/28 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2014/02/28 16:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2014/02/28 11:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\SlimWare Utilities Inc
[2014/02/28 10:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014/02/27 18:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic
[2014/02/27 18:21:32 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2014/02/27 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2014/02/27 14:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PeoplePC
[2014/02/27 13:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\ElevatedDiagnostics
[2014/02/27 13:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/02/27 13:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/26 21:18:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/02/26 17:36:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/26 11:54:26 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\My Documents\mbam-setup-1.75.0.1300.exe
[2014/02/26 11:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Malwarebytes
[2014/02/26 11:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/26 11:53:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/26 11:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/26 09:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/25 18:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/02/25 13:33:22 | 000,000,000 | ---D | C] -- C:\Intel
[2014/02/22 13:07:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Videos
[2014/02/21 15:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\PeoplePC Online
[2014/02/21 15:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PeoplePC Online
[2014/02/21 13:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2014/02/21 13:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\iolo
[2014/02/21 13:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2014/02/21 11:07:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\PrivacIE
[2014/02/21 11:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Google
[2014/02/21 11:04:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IECompatCache
[2014/02/21 10:56:42 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2014/02/21 10:56:25 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2014/02/21 10:56:25 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2014/02/21 10:32:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Administrative Tools
[2014/02/21 10:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\PCHealth
[2014/02/21 10:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\PeoplePal
[2014/02/21 10:15:36 | 000,073,192 | ---- | C] (PeoplePC) -- C:\WINDOWS\System32\unPPC.exe
[2014/02/21 10:15:35 | 000,042,784 | ---- | C] (PeoplePC, Inc.) -- C:\WINDOWS\System32\ppcwebi.dll
[2014/02/21 10:15:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.DLL
[2014/02/21 10:15:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.dll
[2014/02/21 10:15:31 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL70.dll
[2014/02/21 10:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Macromedia
[2014/02/21 10:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Adobe
[2014/02/20 16:03:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\IETldCache
[2014/02/20 16:02:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user1\Application Data\Microsoft
[2014/02/20 16:02:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\SendTo
[2014/02/20 16:02:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user1\Application Data
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Startup
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Pictures
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents\My Music
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\My Documents
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Favorites
[2014/02/20 16:02:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Start Menu\Programs\Accessories
[2014/02/20 16:02:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user1\Cookies
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\Templates
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\PrintHood
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\NetHood
[2014/02/20 16:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user1\Local Settings
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Symantec
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Symantec
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Sun
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Seven Zip
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\SampleView
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft Help
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\InstallShield
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Identities
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop
[2014/02/20 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\ApplicationHistory

========== Files - Modified Within 30 Days ==========

[2014/03/13 05:32:19 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/13 05:22:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/13 05:22:12 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/13 05:22:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/13 05:22:04 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/12 10:00:50 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Online.LNK
[2014/03/12 10:00:50 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeoplePC Online.LNK
[2014/03/12 00:03:55 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/03/11 08:24:38 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140311_082435.reg
[2014/03/11 08:22:48 | 000,000,968 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140311_082245.reg
[2014/03/09 08:36:19 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/09 08:36:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/09 08:25:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/03/09 07:52:04 | 005,187,267 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\Adware.exe
[2014/03/09 06:41:50 | 000,492,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/09 06:41:50 | 000,090,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/07 15:07:55 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/07 12:33:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2014/03/01 17:04:58 | 000,001,222 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140301_160455.reg
[2014/03/01 08:07:26 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WOLFCODERS ScreenSnag.lnk
[2014/02/28 20:45:36 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2014/02/28 20:45:36 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2014/02/28 20:44:01 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2014/02/27 18:21:38 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\System Mechanic.lnk
[2014/02/27 11:45:46 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/27 11:45:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/27 11:45:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/27 08:55:40 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140227_075537.reg
[2014/02/27 08:21:22 | 000,845,944 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\PandaCloudAntivirus.exe
[2014/02/27 08:14:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/26 11:54:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/26 11:53:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user1\My Documents\mbam-setup-1.75.0.1300.exe
[2014/02/25 21:59:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/02/25 21:59:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/02/25 18:57:04 | 000,011,438 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\cc_20140225_175700.reg
[2014/02/22 13:07:35 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/21 16:38:53 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2014/02/21 13:33:06 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2014/02/20 16:08:19 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2014/03/12 10:00:50 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeoplePC Online.LNK
[2014/03/12 10:00:49 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PeoplePC Online.LNK
[2014/03/12 09:53:31 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ppcpanel.cpl
[2014/03/12 09:53:31 | 000,058,144 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2014/03/11 08:24:36 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140311_082435.reg
[2014/03/11 08:22:47 | 000,000,968 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140311_082245.reg
[2014/03/09 08:25:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/03/09 08:25:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/03/09 07:55:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/09 07:55:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/09 07:55:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/09 07:55:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/09 07:55:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/09 06:39:34 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/09 06:39:30 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/06 17:17:48 | 1063,768,064 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/01 17:04:57 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140301_160455.reg
[2014/03/01 08:07:26 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WOLFCODERS ScreenSnag.lnk
[2014/02/28 20:45:36 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peggle Deluxe.lnk
[2014/02/28 20:44:02 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2014/02/28 20:44:01 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2014/02/27 18:21:38 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\System Mechanic.lnk
[2014/02/27 18:21:30 | 002,315,688 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2014/02/27 18:21:03 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2014/02/27 18:21:03 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2014/02/27 08:55:39 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140227_075537.reg
[2014/02/27 08:20:56 | 000,845,944 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\PandaCloudAntivirus.exe
[2014/02/26 11:54:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/25 18:57:02 | 000,011,438 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\cc_20140225_175700.reg
[2014/02/25 18:54:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/22 13:07:35 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/02/21 13:37:22 | 000,000,386 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2014/02/21 13:33:06 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2014/02/21 10:15:36 | 000,070,432 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2014/02/21 10:15:35 | 000,256,288 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2014/02/21 10:15:35 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2014/02/21 10:15:34 | 000,029,984 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2014/02/20 16:03:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Internet Explorer.lnk
[2014/02/20 16:02:59 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Windows Media Player.lnk
[2014/02/20 16:02:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/20 16:02:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/02/20 16:02:49 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Remote Assistance.lnk
[2014/02/20 16:02:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Outlook Express.lnk
[2012/07/18 16:35:15 | 000,000,259 | ---- | C] () -- C:\WINDOWS\op_mainfrm.ini
[2012/07/18 16:35:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\datecheck.ini

========== ZeroAccess Check ==========

[2007/10/09 02:03:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/10/09 02:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/05/17 13:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Connexin Software
[2014/02/28 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2014/02/21 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PeoplePC Online
[2007/10/09 02:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2007/10/09 02:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2014/02/21 13:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2014/03/11 08:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ElevatedDiagnostics
[2014/03/12 05:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2014/02/27 18:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\iolo
[2014/02/26 09:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PeoplePal
[2014/02/21 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PeoplePC Online
[2007/10/09 02:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SampleView

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 3/13/2014 6:02:35 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 657.22 Mb Available Physical Memory | 64.79% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 43.24 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.22 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER11 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Medisoft\Bin\MAPA.EXE" = C:\Program Files\Medisoft\Bin\MAPA.EXE:*:Enabled:MAPA -- ()
"C:\Program Files\Medisoft\Bin\Ohp.exe" = C:\Program Files\Medisoft\Bin\Ohp.exe:*:Enabled:Ohp -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{481875AB-8D00-46D0-92E2-27BB13B20975}_is1" = WOLFCODERS ScreenSnag
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{823EF5EF-F14B-4BCE-9073-5FDCE2D2C6C3}" = AltovaXML 2006
"{86FD8326-909D-45F5-BB61-0619D0D31293}" = HP Support Solutions Framework
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952A2C38-110B-40EF-BA8D-3D14BA40F49C}" = Midmark IQmanager 8.3.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AED5656D-2D0C-4F14-BD1F-4F7938E3ED79}" = Midmark IQmanager 8.3.2
"{AF4FCC6E-88E8-4541-9CC2-254B8195BCD2}" = AGFA IMPAX Client 6.3.1.4527
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}" = PeoplePC PeoplePal Toolbar
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7322EAB-A201-4AA2-8EA6-E38DE9A79A20}" = Midmark IQmanager 8.3.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD51C55D-A617-479A-B01A-961F91321370}" = Synapse Workstation
"{E063B3E2-6641-4375-9F09-ADA9E589EB90}" = hp LaserJet 4250/4350/4240
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"BDE_is1" = BDE Version 5.2.0.2
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"hp LaserJet 4250 4350 4240" = hp LaserJet 4250/4350/4240
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ISPSimpleSwitch" = PeoplePC Simple Switch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Medisoft Network Professional 12" = Medisoft Network Professional 12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office Hours Professional for Networks 12" = Office Hours Professional for Networks 12
"PDF Complete" = PDF Complete
"Peggle Deluxe" = Peggle Deluxe
"PeoplePC Online" = PeoplePC Online
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® PRO Network Connections Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2014 3:28:06 PM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/10/2014 3:30:31 PM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/11/2014 6:46:34 AM | Computer Name = COMPUTER11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/11/2014 7:12:41 AM | Computer Name = COMPUTER11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/11/2014 5:20:33 PM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 3/11/2014 8:36:21 PM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2014 6:00:49 AM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2014 6:00:50 AM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2014 6:00:56 AM | Computer Name = COMPUTER11 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 3/13/2014 5:58:01 AM | Computer Name = COMPUTER11 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 3/11/2014 7:00:26 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/11/2014 7:13:10 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/11/2014 7:13:10 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/11/2014 10:01:50 AM | Computer Name = COMPUTER11 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 3/12/2014 8:58:18 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/12/2014 8:58:18 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/12/2014 10:03:06 AM | Computer Name = COMPUTER11 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 3/13/2014 5:22:46 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP Support Solutions
Framework Service service to connect.

Error - 3/13/2014 5:22:46 AM | Computer Name = COMPUTER11 | Source = Service Control Manager | ID = 7000
Description = The HP Support Solutions Framework Service service failed to start
due to the following error: %%1053

Error - 3/13/2014 5:32:53 AM | Computer Name = COMPUTER11 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.167.1723.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
  • 0

#14
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi bonezz777,

Okay, thanks for letting me know. It's important to fully remove anti virus products when you uninstall them because they install themselves deep into the system and can cause problems if they are removed incorrectly. This should search for the remnants of AVG, then when we have identified what version was installed, we can use the proper removal tool.

System Look

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *avg*
    
    :folderfind
    *avg*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Tom
  • 0

#15
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi bonezz777,

Okay, thanks for letting me know. It's important to fully remove anti virus products when you uninstall them because they install themselves deep into the system and can cause problems if they are removed incorrectly. This should search for the remnants of AVG, then when we have identified what version was installed, we can use the proper removal tool.

System Look

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *avg*
    
    :folderfind
    *avg*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Tom

Hi Tom,Yesturday I was doing a search,right in the middle of my search,the system just turned itself off?,when I restarted it,my Original homepage appeared,and all looked normal again,I thought YES;short lived though,no matter what I tried to open,or where I went,it gave me the dreaded"I.E.page cannot be found"; I turned it off rebooted in safe mode"f8" n ran a full scan of mamw and mse both scans came out clean?? I re connected and everything worked ok,but seems latherject amost non responcive,n the new unimproved ppc page was back,but not a big deal..All the avg is removed,I hit deleat,then used ccleaner n rebooted,but here is the new logs You requested.....QUICK Question:I have a Full HP recovery on (D) would it be good or bad to use it?? Do You know??..Thanks,Tim:: SystemLook 30.07.11 by jpshortstuff
Log created at 06:00 on 14/03/2014 by user1
Administrator - Elevation successful

No Context: filefind *avg*

No Context: folderfind *avg*

-= EOF =-
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP