Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspicious Activity, Windows Opened [Solved]

Started by joseph456 , Mar 23 2014 01:50 PM

  • This topic is locked This topic is locked

#1
joseph456
Posted 23 March 2014 - 01:50 PM

joseph456

    Member

  • Member
  • PipPipPip
  • 455 posts

I was unable to get on the internet at one point. When I came back to the computer a couple of hours later I noticed their were windows opened that I do not think I opened and was concerned whether or not someone hacked into my computer. Then when I went to use a program called "SoftPerfect Wifi Guard" which shows what computers are on your wireless network it said I needed an update and somehow I ended up almost installing a 7 zip program instead of an update.

Following are the results from OTL. I am trying to find out how I know everything is ok. Also ran the full version of MSE - found nothing. Prior to that ran Malwarebytes and the only thing it did not like was a PUP file in the Recycler which was the installer for 7 zip.

 

3/24/2014 11:01 - Here is an update: About 11:30 last night with the computer left unattended and open on

Firefox home pages when I came back to the computer about 1;00 a.m. I was able to see that several windows were opened every minute or so as well as some shortcuts from my desktop.  I was able to track the activity by looking at the Firefox history and do a Windows Search for files/folders modified or accessed that day and then sort it in reverse order by time.  If I combined it with the Firefox history it would look like something was being opened every minute or so.  Cannot figure out what is causing this problem.  Seems now it is unrelated to update for the Wifi Guard.  When I came back to the computer all the windows were opened, one on top of the other.

Thanks for your help.

OTL logfile created on: 3/23/2014 3:27:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.24% Memory free
3.86 Gb Paging File | 3.34 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): C:\pagefile.sys 2060 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.65 Gb Free Space | 28.58% Space Free | Partition Type: NTFS

Computer Name: S0034324532 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/23 15:15:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2014/03/18 09:49:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/17 00:41:44 | 000,527,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [1999/12/02 16:44:12 | 008,456,192 | ---- | M] (Intuit) -- C:\QUICKENW\QW.EXE


========== Modules (No Company Name) ==========

MOD - [2014/03/18 09:48:40 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/12 17:56:49 | 016,276,872 | ---- | M] () -- C:\WINNT\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/17 23:46:30 | 000,643,948 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2014/02/12 21:01:43 | 000,221,696 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/02/12 20:56:29 | 000,762,880 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8556fa9ad747e43a85e107dbeb42659e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 20:56:26 | 000,787,456 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 20:56:25 | 000,649,728 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
MOD - [2014/02/12 20:52:14 | 006,817,280 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Data\2c4f9ef6baacb578ab136a5b30ada098\System.Data.ni.dll
MOD - [2014/02/12 20:51:48 | 001,014,272 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/02/12 20:51:36 | 005,628,928 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/02/12 20:51:24 | 013,199,360 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014/02/12 20:51:16 | 007,070,720 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll
MOD - [2014/02/12 20:50:59 | 001,667,584 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014/02/12 20:50:52 | 009,099,776 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/02/12 20:50:35 | 014,416,896 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2006/06/26 19:02:49 | 000,049,852 | ---- | M] () -- C:\WINNT\system32\pdf995mon.dll
MOD - [1998/12/12 12:57:56 | 000,054,272 | ---- | M] () -- C:\QUICKENW\ab_dll.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/03/18 09:49:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 17:56:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2003/10/15 18:13:06 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe -- (PassThru)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - [2013/09/10 19:25:16 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2006/04/26 21:44:22 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/08/09 20:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/31 15:21:32 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2003/10/14 17:05:28 | 000,252,144 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/07/17 18:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/03/17 18:39:12 | 000,020,352 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\iqvw32.sys -- (NAL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Overture
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.overture....s={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://classic.netaddress.com/tpl [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...urce=gama&hl=en
IE - HKCU\..\SearchScopes,DefaultScope = {91E988AB-50B7-46B0-B45D-5CF6103F052F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{79141AC0-4211-45BD-8AD5-0CAC7ACCA01B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{91E988AB-50B7-46B0-B45D-5CF6103F052F}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.netvibes....le.com/finance"
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:5.12.12.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINNT\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/01 11:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/03/20 16:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions
[2013/12/16 10:20:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2014/03/18 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/18 09:49:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/10/25 19:13:12 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\billmind.exe (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gofsg.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050C88C6-9DB9-4307-B7C2-8D384252F0A1}: DhcpNameServer = 192.168.100.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62DA5302-5FB3-4816-A3DE-94EFDB50EBF7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/15 23:31:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/23 15:15:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/03/18 09:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/02 20:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013
[2006/10/10 20:40:37 | 000,389,120 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Administrator\remote.exe

========== Files - Modified Within 30 Days ==========

[2014/03/23 15:18:01 | 000,002,256 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2014/03/23 15:17:53 | 000,000,155 | ---- | M] () -- C:\WINNT\INTUIT.INI
[2014/03/23 15:15:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/03/23 14:46:16 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/03/23 14:17:49 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2014/03/23 13:59:42 | 000,000,384 | -H-- | M] () -- C:\WINNT\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/23 13:50:51 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2014/03/23 13:48:59 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2014/03/23 13:30:52 | 000,388,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2014/03/22 17:27:45 | 000,004,616 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2014/03/22 10:29:22 | 000,163,059 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Documents_for_your_DocuSign_Signature_-_Updat.pdf
[2014/03/21 10:22:11 | 000,312,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v2.pdf
[2014/03/19 21:32:56 | 000,018,637 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.pdf
[2014/03/19 21:30:00 | 000,018,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\012014StatementDisplay.aspx
[2014/03/19 21:29:36 | 000,018,637 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.aspx
[2014/03/18 19:56:21 | 000,043,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\889956908_build.pdf
[2014/03/17 18:54:43 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/03/16 18:38:35 | 000,521,577 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\f4868.pdf
[2014/03/15 19:42:06 | 000,198,529 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VBMTPMenuFeb14.pdf
[2014/03/15 19:12:25 | 000,081,277 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\https citieasydeals.universalcard.pdf
[2014/03/15 10:26:01 | 000,015,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Intuit.pdf
[2014/03/14 21:55:23 | 000,488,206 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\qph75 v1-1-0.zip
[2014/03/14 18:01:01 | 001,111,963 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2014/03/13 22:43:08 | 000,411,907 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FE_Social_Security_Methodology_0214.pdf
[2014/03/12 10:02:27 | 000,505,162 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2014/03/12 10:02:26 | 000,087,298 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2014/03/09 17:13:26 | 000,832,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\financialplanning201310-13799126730002dad1a4d13-pp.pdf
[2014/03/02 20:18:48 | 000,001,177 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/01 02:43:08 | 000,000,457 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fishing Boats at A Dock Original Oil Painting by Florence Wilkins Furst eBay.url
[2014/02/28 20:25:44 | 000,001,343 | ---- | M] () -- C:\quotes.csv
[2014/02/27 00:19:55 | 000,128,545 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-021714.pdf
[2014/02/27 00:19:08 | 000,128,441 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-121213.pdf
[2014/02/27 00:18:07 | 000,128,532 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-100813.pdf
[2014/02/27 00:17:18 | 000,128,691 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-080913.pdf
[2014/02/27 00:16:05 | 000,128,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-061013.pdf
[2014/02/27 00:14:36 | 000,128,309 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-040913.pdf
[2014/02/27 00:10:36 | 000,128,537 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-021113.pdf
[2014/02/27 00:04:52 | 000,128,532 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-121112.pdf
[2014/02/27 00:03:58 | 000,128,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-101012.pdf
[2014/02/27 00:03:14 | 000,128,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-081012.pdf
[2014/02/27 00:02:22 | 000,128,398 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-061112.pdf
[2014/02/27 00:01:48 | 000,128,577 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-041012.pdf
[2014/02/27 00:01:03 | 000,128,542 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-021012.pdf
[2014/02/26 18:19:48 | 000,676,553 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OfficeMax Customer Satisfaction Survey.pdf
[2014/02/25 01:44:41 | 000,522,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks.html
[2014/02/25 01:44:11 | 000,354,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks-2014-02-25.json
[2014/02/24 02:13:37 | 000,000,049 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2014/02/23 01:26:20 | 000,030,377 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Person Details for Alexander Lucher, United States Social Security Death Index — FamilySearch.pdf
[2014/02/22 00:24:31 | 000,007,347 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Quote.pdf

========== Files Created - No Company Name ==========

[2014/03/23 13:30:52 | 000,388,792 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2014/03/22 10:29:24 | 000,163,059 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Documents_for_your_DocuSign_Signature_-_Updat.pdf
[2014/03/21 10:22:10 | 000,312,501 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v2.pdf
[2014/03/19 21:32:55 | 000,018,637 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.pdf
[2014/03/19 21:30:09 | 000,018,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\012014StatementDisplay.aspx
[2014/03/19 21:29:48 | 000,018,637 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.aspx
[2014/03/18 19:56:24 | 000,043,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\889956908_build.pdf
[2014/03/16 18:38:33 | 000,521,577 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\f4868.pdf
[2014/03/15 19:12:23 | 000,081,277 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\https citieasydeals.universalcard.pdf
[2014/03/15 10:25:10 | 000,015,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Intuit.pdf
[2014/03/14 21:55:24 | 000,488,206 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\qph75 v1-1-0.zip
[2014/03/14 18:00:46 | 001,111,963 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2014/03/13 22:43:05 | 000,411,907 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FE_Social_Security_Methodology_0214.pdf
[2014/03/09 17:13:22 | 000,832,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\financialplanning201310-13799126730002dad1a4d13-pp.pdf
[2014/03/02 20:11:17 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/03/02 14:30:38 | 000,198,529 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VBMTPMenuFeb14.pdf
[2014/03/01 02:43:08 | 000,000,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fishing Boats at A Dock Original Oil Painting by Florence Wilkins Furst eBay.url
[2014/02/28 20:25:58 | 000,001,343 | ---- | C] () -- C:\quotes.csv
[2014/02/27 00:19:55 | 000,128,545 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-021714.pdf
[2014/02/27 00:19:08 | 000,128,441 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-121213.pdf
[2014/02/27 00:18:08 | 000,128,532 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-100813.pdf
[2014/02/27 00:17:17 | 000,128,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-080913.pdf
[2014/02/27 00:16:03 | 000,128,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-061013.pdf
[2014/02/27 00:14:36 | 000,128,309 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-040913.pdf
[2014/02/27 00:10:36 | 000,128,537 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-021113.pdf
[2014/02/27 00:04:53 | 000,128,532 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-121112.pdf
[2014/02/27 00:03:58 | 000,128,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-101012.pdf
[2014/02/27 00:03:14 | 000,128,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-081012.pdf
[2014/02/27 00:02:22 | 000,128,398 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-061112.pdf
[2014/02/27 00:01:47 | 000,128,577 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-041012.pdf
[2014/02/27 00:01:03 | 000,128,542 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bill-0001630140112890-021012.pdf
[2014/02/26 18:19:45 | 000,676,553 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OfficeMax Customer Satisfaction Survey.pdf
[2014/02/25 01:44:38 | 000,522,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks.html
[2014/02/25 01:44:08 | 000,354,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bookmarks-2014-02-25.json
[2014/02/23 01:26:16 | 000,030,377 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Person Details for Alexander Lucher, United States Social Security Death Index — FamilySearch.pdf
[2014/02/22 00:22:26 | 000,007,347 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Quote.pdf
[2013/10/08 21:41:44 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.backup.dm
[2012/01/12 20:15:28 | 004,379,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515416071-1635729839-3118798863-500-0.dat
[2012/01/12 20:15:25 | 000,372,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/12 19:55:59 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/20 12:49:01 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Administrator\secsetup.sdb
[2011/07/11 23:50:36 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/16 20:08:56 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe
[2008/02/13 16:43:33 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2006/06/08 23:07:13 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Administrator\backup.sus
[2005/11/16 19:37:50 | 000,052,337 | ---- | C] () -- C:\Documents and Settings\Administrator\WinPatrolLog.html
[2005/11/10 21:48:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/02 17:50:38 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/10/18 21:18:38 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/26 23:06:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\chkdsk
[2005/08/05 22:22:18 | 000,000,302 | ---- | C] () -- C:\Program Files\temp995.bat

========== ZeroAccess Check ==========

[2003/10/07 08:59:36 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINNT\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINNT\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/06/02 19:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\aignes
[2010/01/31 13:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AltrixSoft
[2012/10/20 09:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2010/01/03 16:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2014/03/01 02:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2010/02/14 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cronometer
[2012/04/19 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2012/09/08 10:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
[2007/09/20 19:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2005/11/01 22:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Learn2.com
[2009/07/13 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Neverball
[2004/10/25 23:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2007/05/08 13:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2008/12/24 00:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2008/12/13 01:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2013/11/09 17:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2009/01/08 00:22:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2013/08/08 19:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/01/02 19:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/12 10:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/01/03 16:25:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/11/28 23:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/10/14 20:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/03/15 09:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 02:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2014/03/17 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/28 23:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/10/23 21:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/09/06 04:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/05 19:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2012/10/28 20:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3B35EBF-B1F6-4DE1-9682-ED71913E187B}
[2012/03/03 19:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Here is the SoftPerfect WiFI Guard link: http://www.softperfe...ucts/wifiguard/


Edited by joseph456, 24 March 2014 - 09:05 AM.

  • 0

Advertisements

#2
crooleeck
Posted 29 March 2014 - 10:18 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi joseph456 and welcome at GeekstoGo!
 
I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.
 
Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.
 
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.
 
Note:
  • Please watch this topic. Part of the fix may require you to being Safe Mode, which will not allow you to access the internet, or my instructions! Please save or print following instrucions.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
  • You must reply within 3 days or your topic will be closed
 
 
Step 1:
aswMBR scan:
  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.
 
aswMBR1.png
 
  • On completion of the scan click Save log, save it to your desktop as mbrfix.txt and post in your next reply.
 
aswMBR2.png
 
  • Click Exit.
 
Step 2:
Download AdwCleaner to your desktop.
  • run AdwCleaner accept license and select Scan
  • On completion of the scan please click on Log button. Log will be showed, please copy content and post in next replay
  • Close AdwCleaner

In your next post I want to see AdwCleaner and aswMBR logs. Also please answer me: This computer is your home machine?


  • 0

#3
joseph456
Posted 29 March 2014 - 03:46 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts

Thanks for your help.  This is a laptop that I use as a desktop replacement at home.

 

Here is the aswMBR.txt

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-29 14:56:39
-----------------------------
14:56:39.247    OS Version: Windows 5.1.2600 Service Pack 3
14:56:39.247    Number of processors: 2 586 0x209
14:56:39.247    ComputerName: S0034324532  UserName:
14:56:39.700    Initialize success
15:31:05.575    AVAST engine defs: 14032902
17:00:04.953    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:00:04.953    Disk 0 Vendor: IC25N040ATMR04-0 MO2OAD4A Size: 38154MB BusType: 3
17:00:05.140    Disk 0 MBR read successfully
17:00:05.140    Disk 0 MBR scan
17:00:05.218    Disk 0 Windows XP default MBR code
17:00:05.250    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        38154 MB offset 63
17:00:05.328    Disk 0 scanning sectors +78140160
17:00:05.781    Disk 0 scanning C:\WINNT\system32\drivers
17:00:34.671    Service scanning
17:00:54.781    Service MpKsl02b5f9f3 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6A256EA-37C0-4763-903B-A1C3E6D41D87}\MpKsl02b5f9f3.sys **LOCKED** 32
17:01:19.234    Modules scanning
17:01:36.593    Disk 0 trace - called modules:
17:01:36.640    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
17:01:36.656    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a568ab8]
17:01:36.671    3 CLASSPNP.SYS[f7677fd7] -> nt!IofCallDriver -> \Device\00000081[0x8a557030]
17:01:36.703    5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a59ea38]
17:01:37.171    AVAST engine scan C:\WINNT
17:01:55.109    AVAST engine scan C:\WINNT\system32
17:09:10.656    AVAST engine scan C:\WINNT\system32\drivers
17:09:43.578    AVAST engine scan C:\Documents and Settings\Administrator
17:22:16.484    AVAST engine scan C:\Documents and Settings\All Users
17:23:57.625    Scan finished successfully
17:38:00.531    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:38:00.546    The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\mbrfix.txt"


AdwCleaner.txt

 

# AdwCleaner v3.022 - Report created 29/03/2014 at 17:39:15
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - S0034324532
# Running from : C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\Administrator\WebConnect
Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\WINNT\system32\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\prefs.js ]


*************************

AdwCleaner[R0].txt - [2896 octets] - [29/03/2014 17:39:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2956 octets] ##########
 


  • 0

#4
crooleeck
Posted 30 March 2014 - 11:19 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1:
OTL fix:
  • Please copy following script: 

:commands

[createrestorepoint]
 
:otl
[2005/08/26 23:06:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\chkdsk
[2005/08/05 22:22:18 | 000,000,302 | ---- | C] () -- C:\Program Files\temp995.bat
[2010/12/16 20:08:56 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe
 
:commands
[emptytemp]
  • Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.
 
Step 2:
AdwCleaner fix:
  • Rerun AdwCleaner
  • Select Scan button
  • Wait untill scan is in process
  • Select Delete button
  • Close any others programs and hit OK.
  • At the end of removing, log will be desplayed, please post it.
 
Step 3:
New OTL log.
OTLI.gifOTL
  • Double click on the OTL icon to run it. 
otlico.png
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Select: options:

  • All users.

  • 64-bit scan if appears.

  • Under Extra registry select Use SafeList

  • LOP Check

  • Purity Check

otl.png
  • Under the Custom Scan box paste this in:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
  • Click the Run scan button.
 
Please post OTL new log and AdwCleaner removing log.
 
How notebook is working now?

  • 0

#5
joseph456
Posted 30 March 2014 - 01:24 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts

I appreciate your help.  Laptop running fine.  Still wondering what caused the windows to open automatically when I was online and left the computer unattended.

 

Here is something different and better.  For the longest time I was unable to run chkdsk from the "Run" box.  Now it works.  Before it would always ask what program I wanted to use.  Thanks!

 

Can I remove the programs downloaded and logs.  Or should I use those program periodically?

 

Here is the first OTL log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Documents and Settings\Administrator\chkdsk moved successfully.
C:\Program Files\temp995.bat moved successfully.
C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 115889902 bytes
->Temporary Internet Files folder emptied: 1856059 bytes
->FireFox cache emptied: 71926974 bytes
->Flash cache emptied: 9247 bytes
 
User: All Users
 
User: Computer Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 21214 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67469 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11896007 bytes
 
Total Files Cleaned = 192.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03302014_143906

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

AdwCleaner

 

# AdwCleaner v3.022 - Report created 30/03/2014 at 14:51:52
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - S0034324532
# Running from : C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\WINNT\system32\AI_RecycleBin
Folder Deleted : C:\Documents and Settings\Administrator\WebConnect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\prefs.js ]


*************************

AdwCleaner[R0].txt - [3036 octets] - [29/03/2014 17:39:15]
AdwCleaner[R1].txt - [3096 octets] - [30/03/2014 14:50:14]
AdwCleaner[S0].txt - [3071 octets] - [30/03/2014 14:51:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3131 octets] ##########
 

2nd OTL Log after scan

 

OTL logfile created on: 3/30/2014 3:02:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.00% Memory free
3.86 Gb Paging File | 3.40 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): C:\pagefile.sys 2060 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.42 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
 
Computer Name: S0034324532 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/23 15:15:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2014/03/18 09:49:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/23 16:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/18 09:48:40 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/12 17:56:49 | 016,276,872 | ---- | M] () -- C:\WINNT\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2006/06/26 19:02:49 | 000,049,852 | ---- | M] () -- C:\WINNT\system32\pdf995mon.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/03/18 09:49:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 17:56:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2003/10/15 18:13:06 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe -- (PassThru)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - [2013/09/10 19:25:16 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2006/04/26 21:44:22 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/08/09 20:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/31 15:21:32 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2003/10/14 17:05:28 | 000,252,144 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/07/17 18:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/03/17 18:39:12 | 000,020,352 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\iqvw32.sys -- (NAL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Overture
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.overture....s={searchTerms}
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://classic.netaddress.com/tpl [Binary data over 200 bytes]
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...urce=gama&hl=en
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\..\SearchScopes\{79141AC0-4211-45BD-8AD5-0CAC7ACCA01B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\..\SearchScopes\{91E988AB-50B7-46B0-B45D-5CF6103F052F}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.netvibes....le.com/finance"
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:5.12.12.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINNT\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/10/01 11:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/03/20 16:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions
[2013/12/16 10:20:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2014/03/18 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/18 09:49:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012/10/25 19:13:12 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-515416071-1635729839-3118798863-500\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-515416071-1635729839-3118798863-500..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINNT\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINNT\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\billmind.exe (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKU\S-1-5-21-515416071-1635729839-3118798863-500\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gofsg.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050C88C6-9DB9-4307-B7C2-8D384252F0A1}: DhcpNameServer = 192.168.100.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{268204A6-66E6-4020-A2ED-28CD4BE3D120}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/15 23:31:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/30 14:39:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/29 18:44:25 | 004,787,368 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/03/29 17:39:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/29 14:53:46 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2014/03/23 15:15:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/03/18 09:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/02 20:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2013
[2006/10/10 20:40:37 | 000,389,120 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Administrator\remote.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/30 15:04:22 | 000,000,384 | -H-- | M] () -- C:\WINNT\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/30 14:54:51 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2014/03/30 14:54:04 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2014/03/30 14:46:01 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/03/29 21:57:00 | 000,002,256 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2014/03/29 20:26:58 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2014/03/29 19:31:39 | 000,171,084 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\211172-GA-1.pdf
[2014/03/29 19:12:16 | 000,190,131 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\http   www.ebay.pdf
[2014/03/29 18:45:56 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/03/29 18:45:27 | 004,787,368 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/03/29 18:42:35 | 004,257,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Commercial Catalog.pdf
[2014/03/29 18:02:47 | 000,025,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eBay.pdf
[2014/03/29 17:38:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2014/03/29 14:54:48 | 001,950,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/03/29 14:54:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2014/03/29 14:50:45 | 000,004,616 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2014/03/29 14:40:10 | 000,094,785 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Infiniti USA eStore.htm
[2014/03/28 09:49:31 | 000,312,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v3.pdf
[2014/03/23 15:17:53 | 000,000,155 | ---- | M] () -- C:\WINNT\INTUIT.INI
[2014/03/23 15:15:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/03/23 13:30:52 | 000,388,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2014/03/22 10:29:22 | 000,163,059 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Documents_for_your_DocuSign_Signature_-_Updat.pdf
[2014/03/21 10:22:11 | 000,312,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v2.pdf
[2014/03/19 21:32:56 | 000,018,637 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.pdf
[2014/03/18 19:56:21 | 000,043,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\889956908_build.pdf
[2014/03/17 18:54:43 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/03/16 18:38:35 | 000,521,577 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\f4868.pdf
[2014/03/15 19:42:06 | 000,198,529 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VBMTPMenuFeb14.pdf
[2014/03/15 19:12:25 | 000,081,277 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\https   citieasydeals.universalcard.pdf
[2014/03/15 10:26:01 | 000,015,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Intuit.pdf
[2014/03/14 21:55:23 | 000,488,206 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\qph75 v1-1-0.zip
[2014/03/14 18:01:01 | 001,111,963 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2014/03/13 22:43:08 | 000,411,907 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FE_Social_Security_Methodology_0214.pdf
[2014/03/12 17:56:53 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerApp.exe
[2014/03/12 17:56:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2014/03/12 10:02:27 | 000,505,162 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2014/03/12 10:02:26 | 000,087,298 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2014/03/09 17:13:26 | 000,832,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\financialplanning201310-13799126730002dad1a4d13-pp.pdf
[2014/03/02 20:18:48 | 000,001,177 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/01 02:43:08 | 000,000,457 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fishing Boats at A Dock Original Oil Painting by Florence Wilkins Furst  eBay.url
[2014/02/28 20:25:44 | 000,001,343 | ---- | M] () -- C:\quotes.csv
 
========== Files Created - No Company Name ==========
 
[2014/03/29 19:31:40 | 000,171,084 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\211172-GA-1.pdf
[2014/03/29 19:12:15 | 000,190,131 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\http   www.ebay.pdf
[2014/03/29 18:45:56 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/03/29 18:41:48 | 004,257,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Commercial Catalog.pdf
[2014/03/29 18:02:44 | 000,025,579 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eBay.pdf
[2014/03/29 17:38:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2014/03/29 14:54:05 | 001,950,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/03/29 14:40:09 | 000,094,785 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Infiniti USA eStore.htm
[2014/03/28 09:49:31 | 000,312,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v3.pdf
[2014/03/23 13:30:52 | 000,388,792 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2014/03/22 10:29:24 | 000,163,059 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Documents_for_your_DocuSign_Signature_-_Updat.pdf
[2014/03/21 10:22:10 | 000,312,501 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v2.pdf
[2014/03/19 21:32:55 | 000,018,637 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.pdf
[2014/03/18 19:56:24 | 000,043,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\889956908_build.pdf
[2014/03/16 18:38:33 | 000,521,577 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\f4868.pdf
[2014/03/15 19:12:23 | 000,081,277 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\https   citieasydeals.universalcard.pdf
[2014/03/15 10:25:10 | 000,015,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Intuit.pdf
[2014/03/14 21:55:24 | 000,488,206 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\qph75 v1-1-0.zip
[2014/03/14 18:00:46 | 001,111,963 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2014/03/13 22:43:05 | 000,411,907 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FE_Social_Security_Methodology_0214.pdf
[2014/03/09 17:13:22 | 000,832,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\financialplanning201310-13799126730002dad1a4d13-pp.pdf
[2014/03/02 20:11:17 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/03/02 14:30:38 | 000,198,529 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VBMTPMenuFeb14.pdf
[2014/03/01 02:43:08 | 000,000,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fishing Boats at A Dock Original Oil Painting by Florence Wilkins Furst  eBay.url
[2014/02/28 20:25:58 | 000,001,343 | ---- | C] () -- C:\quotes.csv
[2013/10/08 21:41:44 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.backup.dm
[2012/01/12 20:15:28 | 004,379,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515416071-1635729839-3118798863-500-0.dat
[2012/01/12 20:15:25 | 000,372,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/12 19:55:59 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/20 12:49:01 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Administrator\secsetup.sdb
[2011/07/11 23:50:36 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/02/13 16:43:33 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2006/06/08 23:07:13 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Administrator\backup.sus
[2005/11/16 19:37:50 | 000,052,337 | ---- | C] () -- C:\Documents and Settings\Administrator\WinPatrolLog.html
[2005/11/10 21:48:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/02 17:50:38 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/10/18 21:18:38 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2003/10/07 08:59:36 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINNT\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINNT\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007/06/02 19:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\aignes
[2010/01/31 13:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AltrixSoft
[2012/10/20 09:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2010/01/03 16:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2014/03/01 02:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2010/02/14 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cronometer
[2012/04/19 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2012/09/08 10:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
[2007/09/20 19:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2005/11/01 22:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Learn2.com
[2009/07/13 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Neverball
[2004/10/25 23:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2007/05/08 13:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2008/12/24 00:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2008/12/13 01:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2013/11/09 17:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2009/01/08 00:22:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2013/08/08 19:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/01/02 19:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/12 10:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/01/03 16:25:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/11/28 23:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/10/14 20:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/03/15 09:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 02:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2014/03/25 08:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/28 23:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/10/23 21:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/05 19:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2012/10/28 20:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3B35EBF-B1F6-4DE1-9682-ED71913E187B}
[2012/03/03 19:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
[2011/11/27 13:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer Admin\Application Data\Canon Easy-WebPrint EX
[2012/01/12 19:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Canon Easy-WebPrint EX
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINNT\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\system32\dllcache\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINNT\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: SERVICES  >
[2003/03/31 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINNT\system32\drivers\etc\services
 
< MD5 for: SERVICES._  >
[2003/03/31 07:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINNT\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 02:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.CNF  >
[2005/08/07 22:09:00 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Inetpub\wwwroot\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.EX_  >
[2003/03/31 07:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\I386\SERVICES.EX_
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINNT\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINNT\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINNT\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\system32\services.exe
 
< MD5 for: SERVICES.EXE.000  >
[2004/08/04 01:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINNT\$NtServicePackUninstall$\services.exe.000
 
< MD5 for: SERVICES.HTML  >
[2014/01/23 22:53:14 | 000,006,329 | ---- | M] () MD5=89DEC3D453DBE77544CC378866F543AF -- C:\Program Files\BillP Studios\WinPatrol\services.html
 
< MD5 for: SERVICES.LNK  >
[2008/06/03 22:42:48 | 000,001,590 | ---- | M] () MD5=C143DC39C0D20B7AA6D4B2C6485DC9F4 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MS_  >
[2003/03/31 07:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_
 
< MD5 for: SERVICES.MSC  >
[2003/03/31 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINNT\system32\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\dllcache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe
[2004/08/04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINNT\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINNT\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINNT\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe
 
< MD5 for: WINSOCK.DL_  >
[2003/03/31 07:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\I386\WINSOCK.DL_
 
< MD5 for: WINSOCK.DLL  >
[2003/03/31 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINNT\system32\dllcache\winsock.dll
[2003/03/31 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINNT\system32\winsock.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 


Edited by joseph456, 30 March 2014 - 01:34 PM.

  • 0

#6
crooleeck
Posted 31 March 2014 - 12:57 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Here is something different and better. For the longest time I was unable to run chkdsk from the "Run" box. Now it works. Before it would always ask what program I wanted to use. Thanks!

Glad to hear that! :thumbsup:
 

Can I remove the programs downloaded and logs. Or should I use those program periodically?

A good workman always cleans up after himself. I will let you know when those programs should be removed in right time. Now I can't tell which app might be useful yet.
 

Step 1:
Run OTL

  • Hit None button.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    /md5start
hidserv.dll
/md5stop
  • Hit Run Scan button.

OTL will take a few minutes to generate a log, please post the result.


  • 0

#7
joseph456
Posted 31 March 2014 - 05:19 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts

Thanks Again

 

Here is the OTL Log:

 

OTL logfile created on: 3/31/2014 7:17:57 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.46% Memory free
3.86 Gb Paging File | 3.57 Gb Available in Paging File | 92.36% Paging File free
Paging file location(s): C:\pagefile.sys 2060 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.42 Gb Free Space | 27.96% Space Free | Partition Type: NTFS
 
Computer Name: S0034324532 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< MD5 for: HIDSERV.DLL  >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:hidserv.dll
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:hidserv.dll
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:hidserv.dll
[2010/05/23 20:23:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:hidserv.dll
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:hidserv.dll
[2010/05/23 20:23:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:hidserv.dll
[2004/08/04 01:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9376E6893E52B368ABC6255BF54F0B28 -- C:\WINNT\$NtServicePackUninstall$\hidserv.dll
[2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DEB04DA35CC871B6D309B77E1443C796 -- C:\WINNT\ServicePackFiles\i386\hidserv.dll
[2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DEB04DA35CC871B6D309B77E1443C796 -- C:\WINNT\system32\dllcache\hidserv.dll

< End of report >
 


  • 1

#8
crooleeck
Posted 01 April 2014 - 10:49 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Step 1:
OTL fix:
Please copy following script:

 

:otl
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
 
:files
C:\WINNT\Driver Cache\i386\sp3.cab:hidserv.dll /E
copy c:\hidserv.dll C:\WINNT\System32\hidserv.dll /C
 
:commands
[reboot]

 
Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.
 
Step 2:
Run OTL

  • Hit None button.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    BASESERVICES
  • Hit Run Scan button.

OTL will take a few minutes to generate a log, please post the result.


  • 0

#9
joseph456
Posted 01 April 2014 - 06:58 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts

Thanks Again

 

1st Scan - Note did not post after rebooting.  Had to find it by searching for *.log and then found it under C:\_OTL\moved files

 

========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== FILES ==========
hidserv.dll extracted to C:\
< copy c:\hidserv.dll C:\WINNT\System32\hidserv.dll /C >
        1 file(s) copied.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 04012014_203854
 

2nd Scan

 

OTL logfile created on: 4/1/2014 8:53:20 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.88% Memory free
3.86 Gb Paging File | 3.60 Gb Available in Paging File | 93.08% Paging File free
Paging file location(s): C:\pagefile.sys 2060 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.50 Gb Free Space | 28.17% Space Free | Partition Type: NTFS
 
Computer Name: S0034324532 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINNT\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wkssvc.dll -- (lanmanworkstation)

< End of report >
 


  • 0

#10
crooleeck
Posted 02 April 2014 - 10:02 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
OK, looks good. But I always ask for whole system scan, just to make sure it's clean.
 
Step 1:
ESET Online Scanner:
 
Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.
  • Please go here to run the scan...
  • In the window that now appears called Launch ESET Online Scanner
  • Double-click on esetsmartinstaller_enu.exe to download the ESET Smart Installer
  • Then in the lower left hand corner of the browser window double click on esetgc1.jpg >> follow the prompts
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

  • Scan for potentially unwanted applications

  • Scan for potentially unsafe applications

  • Enable Anti-Stealth Technology

  • Now click on:  Start
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. 
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall. 
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
 
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
Step 2:
bf_new.gif Please download Malwarebytes' Anti-Malware from Here.
 
Double Click mbam-setup.exe to install the application. Before you finished, on Completing the Malwarebytes Anti-Malware Setup Wizard tab untick Enable free trial of Malwarebytes Anti-Malware PRO
 
mbam1.png
 
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
 
Extra Note:
 
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
Step 3:
Please look for C:\Documents and Settings\Administrator\Desktop\Extras.txt and post its content.

  • 0

Advertisements

#11
joseph456
Posted 02 April 2014 - 10:55 AM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Thanks.

Will take care of this tonight when I have access to the laptop.

I do not have Google Chrome. I am using IE or Firefox. Does that matter?

Can I follow the same instructions?
  • 0

#12
crooleeck
Posted 02 April 2014 - 11:24 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

It will be work either IE or FF in XP. In IE you will need to accept ActivX run.


  • 0

#13
joseph456
Posted 02 April 2014 - 10:13 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts

Thanks.  Here are the results:

 

ESet:

 

C:\Documents and Settings\Administrator\desktop\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Cleanup Tools\Auslogics Disk Defrag\disk-defrag-setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application
C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Cleanup Tools\Auslogics Disk Defrag\New Folder\disk-defrag-setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application
C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Cleanup Tools\Speccy\spsetup122.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Cleanup Tools\Speccy\spsetup123.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2014
Scan Time: 12:09:08 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.03.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250847
Time Elapsed: 19 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#14
crooleeck
Posted 03 April 2014 - 08:54 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

OK, please look for extras.txt :)


  • 0

#15
joseph456
Posted 03 April 2014 - 05:18 PM

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts

Sorry - missed this the first time.  This is from 3/30/14

 

Thanks for your help

 

OTL Extras logfile created on: 3/30/2014 3:02:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.00% Memory free
3.86 Gb Paging File | 3.40 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): C:\pagefile.sys 2060 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.42 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
 
Computer Name: S0034324532 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Soluto\solutoinstaller.exe" = C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Soluto\solutoinstaller.exe:*:Enabled:SolutoInstaller
"C:\WINNT\system32\dxdiag.exe" = C:\WINNT\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINNT\system32\dpvsetup.exe" = C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\desktop\solutoinstaller-_we5LFw2c3A4.exe" = C:\Documents and Settings\Administrator\desktop\solutoinstaller-_we5LFw2c3A4.exe:*:Enabled:SolutoInstaller
"C:\Documents and Settings\Administrator\My Documents\Downloads\solutoinstaller.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\solutoinstaller.exe:*:Enabled:SolutoInstaller
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE80E58-0774-4EC3-B6BA-68876B88D4B9}" = TurboTax 2011 wvaiper
"{287BDB2F-3402-47D3-A9A0-E3EAC1EF6E79}" = TurboTax 2013 wvaiper
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1" = SoftPerfect WiFi Guard version 1.0.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46805428-E44F-4529-8008-867DD190D506}" = TurboTax 2012 wvaiper
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"aignesamdeadlink_is1" = AM-DeadLink 4.6
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.4
"Branding" =
"Broadcom 802.11b Network Adapter" = BCM Wireless Network Adapter
"Canon MP490 series User Registration" = Canon MP490 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CleanCache 3.0_is1" = CleanCache 3.5
"CleanUp!" = CleanUp!
"Connection Manager" =
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Interactive Training" =
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCHealth" =
"Pdf995" = Pdf995
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quicken Deluxe 98" = Quicken Deluxe 98
"Revo Uninstaller" = Revo Uninstaller 1.95
"Signature995" = Signature995
"Speccy" = Speccy
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"TurboTax 2013" = TurboTax 2013
"Tweak UI 2.10" = Tweak UI
"TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPhlash" = WinPhlash
"WinPokerushr" = WinPoker 6 Shareware
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/16/2014 5:05:17 PM | Computer Name = S0034324532 | Source = ESENT | ID = 489
Description = wuauclt (3676) An attempt to open the file "C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file
operation will fail with error -1032 (0xfffffbf8).
 
Error - 3/16/2014 5:05:17 PM | Computer Name = S0034324532 | Source = ESENT | ID = 455
Description = wuaueng.dll (3676) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error - 3/16/2014 5:05:27 PM | Computer Name = S0034324532 | Source = ESENT | ID = 489
Description = wuauclt (3676) An attempt to open the file "C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file
operation will fail with error -1032 (0xfffffbf8).
 
Error - 3/16/2014 5:05:27 PM | Computer Name = S0034324532 | Source = ESENT | ID = 455
Description = wuaueng.dll (3676) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log.
 
[ System Events ]
Error - 3/16/2014 7:07:02 PM | Computer Name = S0034324532 | Source = Print | ID = 6161
Description = The document untitled owned by Administrator failed to print on printer
 Canon MP490 series Printer. Data type: NT EMF 1.008. Size of the spool file in
bytes: 3932160. Number of bytes printed: 0. Total number of pages in the document:
 2. Number of pages printed: 0. Client machine: \\S0034324532. Win32 error code
returned by the print processor: 2 (0x2).
 
Error - 3/17/2014 6:47:19 PM | Computer Name = S0034324532 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E0B85CBA51 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 3/18/2014 3:29:28 PM | Computer Name = S0034324532 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
 within the timeout period.  This may indicate an error in the EC hardware or firmware,
 or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.  
The EC driver will retry the failed transaction if possible.
 
Error - 3/20/2014 7:08:59 AM | Computer Name = S0034324532 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E0B85CBA51 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 3/20/2014 4:47:43 PM | Computer Name = S0034324532 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
 address 00E0B85CBA51 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 3/21/2014 9:20:14 AM | Computer Name = S0034324532 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
 within the timeout period.  This may indicate an error in the EC hardware or firmware,
 or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.  
The EC driver will retry the failed transaction if possible.
 
Error - 3/22/2014 9:19:46 AM | Computer Name = S0034324532 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00E0B85CBA51 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 3/22/2014 7:47:55 PM | Computer Name = S0034324532 | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service v4 service terminated unexpectedly.  It
has done this 1 time(s).
 
Error - 3/23/2014 2:28:58 AM | Computer Name = S0034324532 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
 address 00E0B85CBA51 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 3/23/2014 12:57:23 PM | Computer Name = S0034324532 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
 address 00E0B85CBA51 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >
 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP