Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google running in back ground hidden need help please

I-W

  • Please log in to reply

#1
I-W

I-W

    Member

  • Member
  • PipPip
  • 56 posts

This seems to be part of the problem;

{49d021a0-97e9-377d-1a26-c81b08554a2f}

 

 

Also this is popping up in task manager as well;

 

Xuituosenqal.exe

 

many of these files are running at the same time.

 

OTL Scan results:

 

 

OTL logfile created on: 1/8/2015 8:45:39 PM - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OLD-Fight-The-Bugs\Fight_The_Bugs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 370.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.99 Gb Free Space | 24.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEGASQUIRT
Current User Name: MegaSquirtNspark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/08 20:15:35 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\Xuituosenwal.exe
PRC - [2014/10/24 15:41:24 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 11:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/08/22 06:52:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OLD-Fight-The-Bugs\Fight_The_Bugs\OTL\OTL.exe
PRC - [2008/04/13 19:12:32 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regsvr32.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/08 11:05:24 | 000,569,344 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSetup.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/22 06:52:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OLD-Fight-The-Bugs\Fight_The_Bugs\OTL\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2014/12/20 07:29:58 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/24 15:41:24 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/20 05:35:48 | 000,754,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/07/16 19:58:03 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2013/01/11 11:52:52 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2013/01/11 11:52:50 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/19 04:26:34 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/03/30 01:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/15 21:53:00 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007/11/06 14:22:06 | 000,034,064 | R--- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2007/09/26 02:52:50 | 001,320,960 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csco21.sys -- (CSCO21)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/10 22:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/21 21:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2015/01/08 20:38:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Pfshwgbp] C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Western Digital\Pfshwgbp.dll (FFmpeg Project)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 11:38:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell - "" = AutoRun
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{07105861-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = F:\umenu.exe -- File not found
O33 - MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\Shell - "" = AutoRun
O33 - MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\Shell\AutoRun\command - "" = F:\bin\MobiKEY.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\bin\MobiKEY.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Unable to start service SrService!
 
========== Files/Folders - Created Within 90 Days ==========
 
[2015/01/08 20:38:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/12/07 07:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Desktop\ps mod
[2014/12/02 20:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Desktop\maps
[2014/11/28 16:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Desktop\apartments
[2014/10/24 15:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/10/24 15:42:04 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/10/24 15:42:04 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/10/24 15:41:49 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/10/24 15:41:48 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/10/24 15:41:48 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
 
========== Files - Modified Within 90 Days ==========
 
[2015/01/08 21:12:02 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Desktop\~$w Microsoft Word Document.doc
[2015/01/08 20:44:14 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job
[2015/01/08 20:41:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/01/08 20:41:15 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/01/08 20:41:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2015/01/08 20:41:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/08 20:40:16 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\MegaSquirtNspark\NTUSER.DAT
[2015/01/08 20:40:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\MegaSquirtNspark\ntuser.ini
[2015/01/08 20:38:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2015/01/08 20:09:52 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Desktop\New Microsoft Word Document.doc
[2015/01/08 20:03:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2015/01/08 19:52:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2015/01/08 18:34:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/08 16:53:23 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
[2015/01/02 12:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job
[2014/12/12 16:46:28 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/12 16:46:28 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
[2014/11/25 06:31:39 | 000,644,888 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2014/11/25 06:31:39 | 000,540,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/11/25 06:31:39 | 000,095,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/11/08 15:00:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/10/24 15:41:25 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/10/24 15:41:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/10/24 15:41:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/10/24 15:41:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/10/24 15:41:21 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
 
========== Files Created - No Company Name ==========
 
[2013/10/09 20:13:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/21 03:48:31 | 001,249,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-746137067-1060284298-1003-0.dat
[2013/06/21 03:48:28 | 000,130,630 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/10 14:06:58 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2013/02/10 14:06:56 | 000,010,200 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2013/02/10 13:04:13 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2013/02/10 13:04:13 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2013/02/10 13:04:12 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2013/02/10 13:04:02 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2012/09/20 18:27:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/09/19 15:32:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/09/19 15:29:13 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF630.ini
[2011/10/08 13:56:41 | 000,053,299 | R--- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/11/09 21:45:30 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/11/09 21:31:42 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/21 20:16:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\housecall.guid.cache
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/25 06:15:14 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/02/02 15:04:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/14 15:42:17 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\MTParserCOM.dll
 
========== LOP Check ==========
 
[2008/04/22 16:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Aironet
[2011/07/21 18:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/06/20 20:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/06/28 05:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2013/06/28 08:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2010/08/10 20:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/16 17:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2013/04/29 10:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Epson
[2013/06/28 05:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Garmin
[2009/07/03 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\gtk-2.0
[2011/10/08 14:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Leadertech
[2014/07/22 15:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Oracle
[2012/03/02 19:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\redsn0w
[2012/10/29 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify
[2009/05/10 16:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Desktop Search
[2009/06/05 20:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Search
[2015/01/08 16:53:23 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
 

 

 

Extra:

OTL Extras logfile created on: 1/8/2015 8:45:39 PM - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Documents and Settings\MegaSquirtNspark\My Documents\Fight_The_Bugs\OLD-Fight-The-Bugs\Fight_The_Bugs\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 370.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.99 Gb Free Space | 24.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEGASQUIRT
Current User Name: MegaSquirtNspark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"F:\bin\MobiKEY.exe" = F:\bin\MobiKEY.exe:*:Enabled:MobiKEY -- File not found
"C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.7
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16994070-EF3D-486D-9C26-5D5A76481726}_is1" = TunerStudio MS 0.999.7
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8628749E-CAD6-4FC6-B723-564C1EEBC6D7}" = MegaLogViewer
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DIYAutoTune's Tuning Software Package - MT225P3_is1" = DIYAutoTune's Tuning Software Package - MT225P3 061208
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"Logitech Vid" = Logitech Vid HD
"LogWorks" = LogWorks
"LogWorks3" = LogWorks3
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MegaTunix_is1" = MegaTunix v. 0.9.17-win2K_XP
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ST6UNST #1" = MSTweak3000
"VLC media player" = VLC media player 2.1.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/8/2014 6:08:51 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x0ecdcde8.
 
Error - 12/12/2014 11:49:38 PM | Computer Name = MEGASQUIRT | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
 <http://www.download....E74F89A830A.crt>
 with error: This operation returned because the timeout period expired. 
 
Error - 12/12/2014 11:49:38 PM | Computer Name = MEGASQUIRT | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
 <http://www.download....E74F89A830A.crt>
 with error: This operation returned because the timeout period expired. 
 
Error - 12/12/2014 11:49:38 PM | Computer Name = MEGASQUIRT | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
 <http://www.download....E74F89A830A.crt>
 with error: The specified server cannot perform the requested operation. 
 
Error - 12/12/2014 11:49:38 PM | Computer Name = MEGASQUIRT | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
 <http://www.download....E74F89A830A.crt>
 with error: The specified server cannot perform the requested operation. 
 
Error - 12/12/2014 11:55:00 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x05e0d7e1.
 
Error - 12/19/2014 5:26:25 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.23588, fault address 0x002ba342.
 
Error - 12/31/2014 6:14:29 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.23588, fault address 0x000e1015.
 
Error - 1/8/2015 6:31:11 PM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
Description = Hanging application Xuituosenwal.exe, version 36.0.1985.143, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 1/8/2015 8:51:53 PM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 1/8/2015 8:59:57 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 1/8/2015 9:00:08 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly.  It has done this
1 time(s).
 
Error - 1/8/2015 9:05:45 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The HTTP SSL service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 1/8/2015 9:06:14 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 1/8/2015 9:38:07 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The UMVPFSrv service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 1/8/2015 9:38:08 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 1/8/2015 9:46:44 PM | Computer Name = MEGASQUIRT | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
 
Error - 1/8/2015 9:46:44 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
   %%2
 
Error - 1/8/2015 10:06:25 PM | Computer Name = MEGASQUIRT | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\WINDOWS\system32\SHELL32.dll"
 on line 0.
 
Error - 1/8/2015 10:06:25 PM | Computer Name = MEGASQUIRT | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll.
Reference
 error message: The operation completed successfully.  .
 
 
< End of report >
 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

It' s just pretending to be google.

 

 
Copy the text in the code box by highlighting and Ctrl + c
 
 
:OTL
O4 - HKCU..\Run: [Pfshwgbp] C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Western Digital\Pfshwgbp.dll (FFmpeg Project)
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell - "" = AutoRun
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{07105861-f3f4-11dd-a2b7-004096b5f899}\Shell\AutoRun\command - "" = F:\umenu.exe -- File not found
O33 - MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\Shell - "" = AutoRun
O33 - MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\Shell\AutoRun\command - "" = F:\bin\MobiKEY.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\bin\MobiKEY.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) -  File not found
 
:files
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah
 
 
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
     
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     

    • 0

    #3
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    OTL Log results;

     

    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pfshwgbp deleted successfully.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Western Digital\Pfshwgbp.dll moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07105860-f3f4-11dd-a2b7-004096b5f899}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07105860-f3f4-11dd-a2b7-004096b5f899}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07105860-f3f4-11dd-a2b7-004096b5f899}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07105860-f3f4-11dd-a2b7-004096b5f899}\ not found.
    File E:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07105861-f3f4-11dd-a2b7-004096b5f899}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07105861-f3f4-11dd-a2b7-004096b5f899}\ not found.
    File F:\umenu.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{787ce971-fe0e-11e2-a1cb-f172a1607d39}\ not found.
    File F:\bin\MobiKEY.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\bin\MobiKEY.exe not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:MACHINE BootExecut deleted successfully.
    ========== FILES ==========
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Slfhwbbhg folder moved successfully.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143\VisualElements folder moved successfully.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143\PepperFlash folder moved successfully.
    Folder move failed. C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143\Locales scheduled to be moved on reboot.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143\Extensions folder moved successfully.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143\default_apps folder moved successfully.
    Folder move failed. C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143 scheduled to be moved on reboot.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish folder moved successfully.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Jbcgiiopgs folder moved successfully.
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah folder moved successfully.
    ========== COMMANDS ==========
     
    [EMPTYFLASH]
     
    User: Administrator
    ->Flash cache emptied: 0 bytes
     
    User: All Users
     
    User: Default User
    ->Flash cache emptied: 0 bytes
     
    User: LocalService
     
    User: MegaSquirtNspark
    ->Flash cache emptied: 602 bytes
     
    User: NetworkService
    ->Flash cache emptied: 0 bytes
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYJAVA]
     
    User: Administrator
     
    User: All Users
     
    User: Default User
     
    User: LocalService
     
    User: MegaSquirtNspark
    ->Java cache emptied: 0 bytes
     
    User: NetworkService
    ->Java cache emptied: 0 bytes
     
    Total Java Files Cleaned = 0.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 01092015_164527

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143\Locales not found!
    File\Folder C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\36.0.1985.143 not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    • 0

    #4
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    # AdwCleaner v4.107 - Report created 09/01/2015 at 17:03:07
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : MegaSquirtNspark - MEGASQUIRT
    # Running from : C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\SearchProtect
    Folder Deleted : C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\CrashRpt
    Folder Deleted : C:\Documents and Settings\MegaSquirtNspark\Favorites\Speed Test
    File Deleted : C:\END
    File Deleted : C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282134
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\WEDLMNGR
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\SOFTWARE\Conduit

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    -\\ Google Chrome v

    [C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2663 octets] - [09/01/2015 16:59:18]
    AdwCleaner[S0].txt - [2592 octets] - [09/01/2015 17:03:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2652 octets] ##########


    • 0

    #5
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Microsoft Windows XP x86
    Ran by MegaSquirtNspark on Fri 01/09/2015 at 17:15:26.19
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

     

    ~~~ Folders

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/09/2015 at 17:18:27.17
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0

    #6
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
    Ran by MegaSquirtNspark (administrator) on MEGASQUIRT on 09-01-2015 17:23:34
    Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    Loaded Profile: MegaSquirtNspark (Available profiles: MegaSquirtNspark & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Run: [Google Update] => C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-01] (Google Inc.)
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Winlogon: [Shell]
    BootExecute:

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-515967899-746137067-1060284298-1003 -> DefaultScope {D4286749-BDD9-4EDC-B2B6-2BBF78649F56} URL = https://www.google.c...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-515967899-746137067-1060284298-1003 -> {D4286749-BDD9-4EDC-B2B6-2BBF78649F56} URL = https://www.google.c...?q={searchTerms}
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-515967899-746137067-1060284298-1003 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.69.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-515967899-746137067-1060284298-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-515967899-746137067-1060284298-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (YouTube) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-01]
    CHR Extension: (Google Cast) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-10-10]
    CHR Extension: (Google Search) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-01]
    CHR Extension: (YouTube Center) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gabnjlibfmlilpljjkkbkebfaopgpjmk [2013-09-15]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
    CHR Extension: (Gmail) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-01]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
    R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 CompFilter; C:\WINDOWS\System32\DRIVERS\lvbusflt.sys [22176 2011-08-19] (Logitech Inc.)
    S3 CSCO21; C:\WINDOWS\System32\DRIVERS\csco21.sys [1320960 2007-09-26] (Cisco Systems, Inc.)
    R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
    S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
    R3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-30] (Broadcom Corporation)
    S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [34064 2007-11-06] (CACE Technologies)
    R3 OZSCR; C:\WINDOWS\System32\DRIVERS\ozscr.sys [92550 2005-04-21] (O2Micro)
    S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-01-11] ()
    S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-01-11] ()
    R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
    R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-09 17:23 - 2015-01-09 17:23 - 00000000 ____D () C:\FRST
    2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-09 16:59 - 2015-01-09 17:03 - 00000000 ____D () C:\AdwCleaner
    2015-01-09 16:45 - 2015-01-09 16:45 - 00000000 ____D () C:\_OTL
    2015-01-09 16:41 - 2015-01-09 17:23 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    2015-01-08 20:38 - 2015-01-08 20:38 - 00000000 ____D () C:\_OTM

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-09 17:24 - 2008-02-02 11:47 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp
    2015-01-09 17:07 - 2008-02-02 11:36 - 01235131 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-09 17:04 - 2014-03-12 15:29 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-01-09 17:04 - 2008-02-02 11:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-09 17:04 - 2008-02-02 06:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-01-09 17:04 - 2008-02-02 06:27 - 00000048 _____ () C:\WINDOWS\wiaservc.log
    2015-01-09 17:04 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-09 17:03 - 2008-02-02 11:47 - 00000178 ___SH () C:\Documents and Settings\MegaSquirtNspark\ntuser.ini
    2015-01-09 17:03 - 2008-02-02 11:43 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-09 16:45 - 2012-04-01 09:28 - 00001022 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job
    2015-01-09 16:45 - 2011-09-18 11:46 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Western Digital
    2015-01-09 16:45 - 2008-02-11 17:23 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help
    2015-01-09 16:34 - 2013-01-15 19:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-08 20:38 - 2008-02-02 11:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
    2015-01-08 20:03 - 2010-08-06 17:10 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2015-01-08 19:52 - 2014-06-23 19:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-08 19:47 - 2013-05-28 20:08 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Sun
    2015-01-08 19:06 - 2008-02-02 06:23 - 00908455 _____ () C:\WINDOWS\setupapi.log
    2015-01-08 16:53 - 2010-08-10 21:04 - 00000444 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
    2015-01-08 16:49 - 2008-02-02 11:35 - 00000000 ____D () C:\WINDOWS\system32\Restore
    2015-01-02 16:59 - 2009-10-03 12:35 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Deployment
    2015-01-02 12:44 - 2012-04-01 09:28 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job
    2014-12-20 07:33 - 2014-08-19 16:03 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Adobe
    2014-12-20 07:29 - 2013-07-16 19:54 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Desktop\New Folder
    2014-12-20 07:29 - 2012-04-06 22:04 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-20 07:29 - 2011-05-19 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-12 16:46 - 2012-04-01 09:29 - 00002365 _____ () C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
    2014-12-10 16:48 - 2013-10-09 23:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-10 16:36 - 2008-08-16 11:10 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    Files to move or delete:
    ====================
    C:\Documents and Settings\All Users\dcmsvcsetup.exe
    C:\Documents and Settings\All Users\invokesi.exe
    C:\Documents and Settings\MegaSquirtNspark\tsMS.reg

    Some content of TEMP:
    ====================
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================


    • 0

    #7
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
    Ran by MegaSquirtNspark at 2015-01-09 17:25:17
    Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5173 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.20-051110a1-028793C-Dell - )
    Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
    CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
    Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11160.2 - Cisco Consumer Products LLC)
    C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CompuApps SwissKnife V3 (HKLM\...\CompuApps SwissKnife V3) (Version:  - )
    Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.14 - BVRP Software, Inc)
    DIYAutoTune's Tuning Software Package - MT225P3 061208 (HKLM\...\DIYAutoTune's Tuning Software Package - MT225P3_is1) (Version:  - DIYAutoTune.com)
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Gtk+ Runtime Environment 2.12.9-2 (HKLM\...\Gtk+ Runtime Environment) (Version: 2.12.9-2 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    LogWorks (HKLM\...\LogWorks) (Version: 2.04 - Innovate! Technologies)
    LogWorks3 (HKLM\...\LogWorks3) (Version: 3.01 - Innovate! Technologies)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MegaLogViewer (HKLM\...\{8628749E-CAD6-4FC6-B723-564C1EEBC6D7}) (Version: 2.89 - EFI Analytics)
    MegaTunix v. 0.9.17-win2K_XP (HKLM\...\MegaTunix_is1) (Version:  - )
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version:  - )
    MiniTool Partition Wizard Home Edition 7.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
    MSTweak3000 (HKLM\...\ST6UNST #1) (Version:  - )
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    O2Micro Smartcard Driver (HKLM\...\InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}) (Version: 2.26.0000 - O2Micro Electronics, Inc.)
    O2Micro Smartcard Driver (Version: 2.26.0000 - O2Micro Electronics, Inc.) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Spotify (HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TunerStudio MS 0.999.7 (HKLM\...\{16994070-EF3D-486D-9C26-5D5A76481726}_is1) (Version:  - EFI Analytics)
    Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Warner Bros. Digital Copy Manager (HKLM\...\{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}) (Version: 1.1 - Warner Bros. Entertainment Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.135\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.5\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.23.9\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.145\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.123\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.153\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.24.15\p (the data entry has 17 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.22.3\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.165\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.115\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.22.5\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.111\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.24.7\ps (the data entry has 16 more characters).

    ==================== Restore Points  =========================

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 07:00 - 2015-01-08 20:38 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job => C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job => C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\Data\SpotifyWebHelper.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-515967899-746137067-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-515967899-746137067-1060284298-1004 - Limited - Disabled)
    Guest (S-1-5-21-515967899-746137067-1060284298-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-515967899-746137067-1060284298-1000 - Limited - Disabled)
    MegaSquirtNspark (S-1-5-21-515967899-746137067-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MegaSquirtNspark
    SUPPORT_388945a0 (S-1-5-21-515967899-746137067-1060284298-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: Broadcom 570x Gigabit Integrated Controller
    Description: Broadcom 570x Gigabit Integrated Controller
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Broadcom
    Service: b57w2k
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/08/2015 09:37:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 11.0.8411.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (01/08/2015 09:37:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 11.0.8411.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (01/08/2015 07:51:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (01/08/2015 05:31:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Xuituosenwal.exe, version 36.0.1985.143, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (12/31/2014 05:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x000e1015.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (12/19/2014 04:26:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x002ba342.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (12/12/2014 10:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x05e0d7e1.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (12/12/2014 10:49:38 PM) (Source: crypt32) (EventID: 5) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://www.download....E74F89A830A.crt> with error: The specified server cannot perform the requested operation.

    Error: (12/12/2014 10:49:38 PM) (Source: crypt32) (EventID: 5) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://www.download....E74F89A830A.crt> with error: The specified server cannot perform the requested operation.

    Error: (12/12/2014 10:49:38 PM) (Source: crypt32) (EventID: 5) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://www.download....E74F89A830A.crt> with error: This operation returned because the timeout period expired.

    System errors:
    =============
    Error: (01/09/2015 05:04:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The System Restore Service service terminated with the following error:
    %%2

    Error: (01/09/2015 05:04:23 PM) (Source: SRService) (EventID: 104) (User: )
    Description: The System Restore initialization process failed.

    Error: (01/09/2015 05:03:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (01/09/2015 05:03:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/09/2015 05:03:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Smart Card service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/09/2015 05:03:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The UMVPFSrv service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/09/2015 05:03:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/09/2015 04:49:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The System Restore Service service terminated with the following error:
    %%2

    Error: (01/09/2015 04:49:21 PM) (Source: SRService) (EventID: 104) (User: )
    Description: The System Restore initialization process failed.

    Error: (01/09/2015 04:45:46 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help\ylklyah\Perahhish\Xuituosenwal.exe.
    Reference error message: The operation completed successfully.
    .

    Microsoft Office Sessions:
    =========================
    Error: (01/08/2015 09:37:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: WINWORD.EXE11.0.8411.0hungapp0.0.0.000000000

    Error: (01/08/2015 09:37:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: WINWORD.EXE11.0.8411.0hungapp0.0.0.000000000

    Error: (01/08/2015 07:51:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

    Error: (01/08/2015 05:31:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Xuituosenwal.exe36.0.1985.143hungapp0.0.0.000000000

    Error: (12/31/2014 05:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23588000e1015

    Error: (12/19/2014 04:26:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23588002ba342

    Error: (12/12/2014 10:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe8.0.6001.18702unknown0.0.0.005e0d7e1

    Error: (12/12/2014 10:49:38 PM) (Source: crypt32) (EventID: 5) (User: )
    Description: http://www.download....F89A830A.crtThe specified server cannot perform the requested operation.

    Error: (12/12/2014 10:49:38 PM) (Source: crypt32) (EventID: 5) (User: )
    Description: http://www.download....F89A830A.crtThe specified server cannot perform the requested operation.

    Error: (12/12/2014 10:49:38 PM) (Source: crypt32) (EventID: 5) (User: )
    Description: http://www.download....89A830A.crtThis operation returned because the timeout period expired.

    ==================== Memory info ===========================

    Processor:  Intel® Pentium® M processor 1600MHz
    Percentage of memory in use: 32%
    Total physical RAM: 1023.23 MB
    Available physical RAM: 695.39 MB
    Total Pagefile: 1696.84 MB
    Available Pagefile: 1467.2 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1923.51 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:37.26 GB) (Free:8.88 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive z: () (Network) (Total:931.48 GB) (Free:852.5 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 674E674E)
    Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #8
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    OTL logfile created on: 1/9/2015 5:35:47 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1023.23 Mb Total Physical Memory | 634.48 Mb Available Physical Memory | 62.01% Memory free
    1.66 Gb Paging File | 1.38 Gb Available in Paging File | 83.27% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 8.88 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
    Drive Z: | 931.48 Gb Total Space | 852.50 Gb Free Space | 91.52% Space Free | Partition Type: NTFS
     
    Computer Name: MEGASQUIRT | User Name: MegaSquirtNspark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2015/01/09 16:42:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB\OTL.exe
    PRC - [2014/10/24 15:41:24 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/12 11:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - [2014/12/20 07:29:58 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/10/24 15:41:24 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - [2013/01/11 11:52:52 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2013/01/11 11:52:50 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/08/19 04:26:34 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
    DRV - [2011/03/30 01:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
    DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/12/15 21:53:00 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
    DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2007/11/06 14:22:06 | 000,034,064 | R--- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2007/09/26 02:52:50 | 001,320,960 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csco21.sys -- (CSCO21)
    DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
    DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/11/10 22:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
    DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/04/21 21:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)
    DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
    DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {D4286749-BDD9-4EDC-B2B6-2BBF78649F56}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{D4286749-BDD9-4EDC-B2B6-2BBF78649F56}: "URL" = https://www.google.c...?q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
     
     
     
    ========== Chrome  ==========
     
    CHR - default_search_provider:  (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
    CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gabnjlibfmlilpljjkkbkebfaopgpjmk\1.0.1_0\
    CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2015/01/08 20:38:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1       localhost
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F658D60D-A9E9-4233-BADB-94AF9FF491C8}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/02 11:38:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    NetSvcs: 6to4 -  File not found
    NetSvcs: Ias -  File not found
    NetSvcs: Iprip -  File not found
    NetSvcs: Irmon -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: WmdmPmSp -  File not found
     
    MsConfig - Services: "WmdmPmSN"
    MsConfig - Services: "RDSessMgr"
    MsConfig - Services: "mnmsrvc"
    MsConfig - Services: "helpsvc"
    MsConfig - Services: "FontCache3.0.0.0"
    MsConfig - Services: "Ati HotKey Poller"
    MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2
     
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: klmdb.sys - Driver
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
     
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: klmdb.sys - Driver
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
     
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: Microsoft Base Smart Card Crypto Provider Package -
     
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
     
    CREATERESTOREPOINT
    Unable to start System Restore Service. Error code 5
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2015/01/09 17:23:26 | 000,000,000 | ---D | C] -- C:\FRST
    [2015/01/09 17:15:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2015/01/09 16:59:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2015/01/09 16:45:27 | 000,000,000 | ---D | C] -- C:\_OTL
    [2015/01/09 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    [2015/01/08 20:38:05 | 000,000,000 | ---D | C] -- C:\_OTM
     
    ========== Files - Modified Within 30 Days ==========
     
    [2015/01/09 17:34:56 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
    [2015/01/09 17:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2015/01/09 17:04:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2015/01/09 17:04:37 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2015/01/09 17:04:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2015/01/09 16:45:41 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job
    [2015/01/08 20:38:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2015/01/08 20:03:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2015/01/08 19:52:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2015/01/02 12:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job
    [2014/12/20 07:29:56 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2014/12/20 07:29:55 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2014/12/12 16:46:28 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/12/12 16:46:28 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
     
    ========== Files Created - No Company Name ==========
     
    [2013/10/09 20:13:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2013/06/21 03:48:31 | 001,249,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-746137067-1060284298-1003-0.dat
    [2013/06/21 03:48:28 | 000,130,630 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/02/10 14:07:01 | 002,822,336 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2013/02/10 14:06:58 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2013/02/10 14:06:56 | 000,010,200 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2013/02/10 13:04:13 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
    [2013/02/10 13:04:13 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
    [2013/02/10 13:04:13 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
    [2013/02/10 13:04:12 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
    [2013/02/10 13:04:02 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
    [2010/08/22 07:48:53 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\tsUser.properties
    [2010/08/22 07:48:52 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\tsMS.reg
    [2010/08/13 18:20:23 | 000,003,071 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\mlvUser.properties
    [2010/05/21 20:16:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\housecall.guid.cache
    [2010/02/25 06:15:14 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/17 12:55:36 | 000,300,848 | ---- | C] (                                                            ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
    [2009/07/17 12:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe
    [2009/02/27 22:24:57 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\.recently-used.xbel
     
    ========== ZeroAccess Check ==========
     
    [2009/05/10 16:08:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: IC25N040ATMR04-0
    Partitions: 1
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 37.00GB
    Starting Offset: 32256
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2013/06/20 20:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Adobe
    [2009/12/16 17:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
    [2013/04/29 10:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Epson
    [2013/06/28 05:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Garmin
    [2009/07/03 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\gtk-2.0
    [2008/02/11 17:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Help
    [2008/02/02 11:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Identities
    [2012/09/19 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\InstallShield
    [2011/10/08 14:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Leadertech
    [2011/10/08 15:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Logitech
    [2008/04/22 17:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Macromedia
    [2014/06/23 19:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Malwarebytes
    [2013/05/06 07:14:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Microsoft
    [2014/07/22 15:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Oracle
    [2012/03/02 19:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\redsn0w
    [2013/10/10 02:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Skype
    [2012/10/29 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify
    [2008/02/12 17:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Sun
    [2009/02/05 21:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\U3
    [2014/11/01 19:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\vlc
    [2009/05/10 16:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Desktop Search
    [2009/06/05 20:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Windows Search
     
    < MD5 for: ATAPI.SYS  >
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2009/12/16 17:57:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2009/12/16 17:57:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/03 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\ATAPI.SYS
     
    < MD5 for: CSRSS.EXE  >
    [2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
    [2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
    [2004/08/04 00:56:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
    [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
    [2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
    [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
    [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
    [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
    [2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
    [2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
    [2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
    [2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
     
    < MD5 for: NWPROVAU.DLL  >
    [2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
    [2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
    [2006/10/13 07:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
    [2006/10/13 07:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
    [2004/08/04 00:56:46 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2004/08/04 00:56:46 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
    [2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
    [2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll
     
    < MD5 for: RSVPSP.DLL  >
    [2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\ServicePackFiles\i386\rsvpsp.dll
    [2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll
    [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\WINDOWS\$NtServicePackUninstall$\rsvpsp.dll
     
    < MD5 for: SERVICES.EXE  >
    [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
    [2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2014/05/12 06:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2005/03/02 13:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    [2007/03/08 10:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    [2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
    [2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [2007/03/08 10:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    [2004/08/04 00:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
    [2005/03/02 13:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2014/05/12 06:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2004/08/04 00:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
    [2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
    [2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 05:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 05:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 05:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 05:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 05:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 05:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2008/04/13 19:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
    [2001/08/23 07:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
    [2001/08/23 07:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
    [2009/11/20 06:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
    [2010/12/21 07:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
    [2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
    [2009/11/20 06:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
    [2001/08/23 07:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
    [2001/08/23 07:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
    [2008/04/13 19:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
    [2001/08/23 07:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
    [2001/08/23 07:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
    [2001/08/23 07:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
    [2001/08/23 07:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
    [2001/08/23 07:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
    [2001/08/23 07:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
    [2001/08/23 07:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
    [2001/08/23 07:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
    [2001/08/23 07:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
    [2001/08/23 07:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
    [2001/08/23 07:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
    [2001/08/23 07:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
    [2001/08/23 07:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
    [2001/08/23 07:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
    [2001/08/23 07:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
    [2001/08/23 07:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
    [2001/08/23 07:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
    [2001/08/23 07:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
    [2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
    [2001/08/23 07:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
    [2001/08/23 07:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
    [2001/08/23 07:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
    [2001/08/23 07:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
    [2001/08/23 07:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
    [2001/08/23 07:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
    [2001/08/23 07:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
    [2001/08/23 07:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
    [2001/08/23 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
    [2001/08/23 07:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
    [2001/08/23 07:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
    [2001/08/23 07:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
    [2001/08/23 07:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
    [2001/08/23 07:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
    [2001/08/23 07:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
    [2001/08/23 07:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
    [2001/08/23 07:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
    [2001/08/23 07:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
    [2001/08/23 07:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
    [2001/08/23 07:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
    [2001/08/23 07:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
    [2001/08/23 07:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
    [2001/08/23 07:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
    [2001/08/23 07:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
    [2001/08/23 07:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
    [2001/08/23 07:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
    [2001/08/23 07:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
    [2001/08/23 07:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
    [2001/08/23 07:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
    [2001/08/23 07:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
    [2001/08/23 07:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
    [2001/08/23 07:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
    [2001/08/23 07:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
    [2001/08/23 07:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
    [2001/08/23 07:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
    [2001/08/23 07:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
    [2001/08/23 07:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
    [2001/08/23 07:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
    [2001/08/23 07:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
    [2001/08/23 07:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
    [2001/08/23 07:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
    [2001/08/23 07:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
    [2001/08/23 07:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
    [2001/08/23 07:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
    [2001/08/23 07:00:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

    < End of report >


    • 0

    #9
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    OTL Extras logfile created on: 1/9/2015 5:35:47 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1023.23 Mb Total Physical Memory | 634.48 Mb Available Physical Memory | 62.01% Memory free
    1.66 Gb Paging File | 1.38 Gb Available in Paging File | 83.27% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 8.88 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
    Drive Z: | 931.48 Gb Total Space | 852.50 Gb Free Space | 91.52% Space Free | Partition Type: NTFS
     
    Computer Name: MEGASQUIRT | User Name: MegaSquirtNspark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableConfig" = 0
    "DisableSR" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 4
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
    "F:\bin\MobiKEY.exe" = F:\bin\MobiKEY.exe:*:Enabled:MobiKEY
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.7
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{16994070-EF3D-486D-9C26-5D5A76481726}_is1" = TunerStudio MS 0.999.7
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{8628749E-CAD6-4FC6-B723-564C1EEBC6D7}" = MegaLogViewer
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.1
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Cisco Connect" = Cisco Connect
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
    "CompuApps SwissKnife V3" = CompuApps SwissKnife V3
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DIYAutoTune's Tuning Software Package - MT225P3_is1" = DIYAutoTune's Tuning Software Package - MT225P3 061208
    "Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
    "Logitech Vid" = Logitech Vid HD
    "LogWorks" = LogWorks
    "LogWorks3" = LogWorks3
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "MegaTunix_is1" = MegaTunix v. 0.9.17-win2K_XP
    "Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "ST6UNST #1" = MSTweak3000
    "VLC media player" = VLC media player 2.1.3
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 12/12/2014 11:49:38 PM | Computer Name = MEGASQUIRT | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
     <http://www.download....E74F89A830A.crt>
     with error: This operation returned because the timeout period expired. 
     
    Error - 12/12/2014 11:49:38 PM | Computer Name = MEGASQUIRT | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
     <http://www.download....E74F89A830A.crt>
     with error: The specified server cannot perform the requested operation. 
     
    Error - 12/12/2014 11:49:38 PM | Computer Name = MEGASQUIRT | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
     <http://www.download....E74F89A830A.crt>
     with error: The specified server cannot perform the requested operation. 
     
    Error - 12/12/2014 11:55:00 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
     module unknown, version 0.0.0.0, fault address 0x05e0d7e1.
     
    Error - 12/19/2014 5:26:25 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
     module mshtml.dll, version 8.0.6001.23588, fault address 0x002ba342.
     
    Error - 12/31/2014 6:14:29 PM | Computer Name = MEGASQUIRT | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
     module mshtml.dll, version 8.0.6001.23588, fault address 0x000e1015.
     
    Error - 1/8/2015 6:31:11 PM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
    Description = Hanging application Xuituosenwal.exe, version 36.0.1985.143, hang
    module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error - 1/8/2015 8:51:53 PM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
     hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error - 1/8/2015 10:37:24 PM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.8411.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error - 1/8/2015 10:37:24 PM | Computer Name = MEGASQUIRT | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.8411.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.
     
    [ System Events ]
    Error - 1/9/2015 5:45:46 PM | Computer Name = MEGASQUIRT | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Documents and Settings\MegaSquirtNspark\Local
     Settings\Application Data\Help\ylklyah\Perahhish\Xuituosenwal.exe.  Reference error
     message: The operation completed successfully.  .
     
    Error - 1/9/2015 5:49:21 PM | Computer Name = MEGASQUIRT | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.
     
    Error - 1/9/2015 5:49:22 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
       %%2
     
    Error - 1/9/2015 6:03:10 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly.  It has done
     this 1 time(s).
     
    Error - 1/9/2015 6:03:10 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
    Description = The UMVPFSrv service terminated unexpectedly.  It has done this 1
    time(s).
     
    Error - 1/9/2015 6:03:10 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
    Description = The Smart Card service terminated unexpectedly.  It has done this
    1 time(s).
     
    Error - 1/9/2015 6:03:10 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7034
    Description = The Application Layer Gateway Service service terminated unexpectedly.
      It has done this 1 time(s).
     
    Error - 1/9/2015 6:03:11 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7031
    Description = The Windows Search service terminated unexpectedly.  It has done this
     1 time(s).  The following corrective action will be taken in 30000 milliseconds:
     Restart the service.
     
    Error - 1/9/2015 6:04:23 PM | Computer Name = MEGASQUIRT | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.
     
    Error - 1/9/2015 6:04:24 PM | Computer Name = MEGASQUIRT | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
       %%2
     
     
    < End of report >
     


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
     
    Reboot. 
     
    Start, Run, sfc /scannow, OK
     
    SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.
     
    Start, Run, sigverif, OK
     
    Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Double-click VEW.exe
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
     

    • 0

    Advertisements


    #11
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    FRST results:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
    Ran by MegaSquirtNspark at 2015-01-20 16:09:44 Run:1
    Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    Loaded Profiles: MegaSquirtNspark (Available profiles: MegaSquirtNspark & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Run: [Google Update] => C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-01] (Google Inc.)
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    C:\Documents and Settings\All Users\dcmsvcsetup.exe
    C:\Documents and Settings\All Users\invokesi.exe
    C:\Documents and Settings\MegaSquirtNspark\tsMS.reg
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.135\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.5\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.23.9\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.145\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.123\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.153\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.24.15\p (the data entry has 17 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.22.3\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.165\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.115\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.22.5\ps (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.111\ (the data entry has 18 more characters).
    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.24.7\ps (the data entry has 16 more characters).
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job => C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job => C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    *****************

    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    C:\Documents and Settings\All Users\dcmsvcsetup.exe => Moved successfully.
    C:\Documents and Settings\All Users\invokesi.exe => Moved successfully.
    C:\Documents and Settings\MegaSquirtNspark\tsMS.reg => Moved successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
    "HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003Core.job => Moved successfully.
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-746137067-1060284298-1003UA.job => Moved successfully.
    C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
    C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.

    ==== End of Fixlog 16:09:45 ====


    • 0

    #12
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
    Ran by MegaSquirtNspark at 2015-01-20 16:21:44
    Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5173 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.20-051110a1-028793C-Dell - )
    Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
    CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
    Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11160.2 - Cisco Consumer Products LLC)
    C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CompuApps SwissKnife V3 (HKLM\...\CompuApps SwissKnife V3) (Version:  - )
    Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.14 - BVRP Software, Inc)
    DIYAutoTune's Tuning Software Package - MT225P3 061208 (HKLM\...\DIYAutoTune's Tuning Software Package - MT225P3_is1) (Version:  - DIYAutoTune.com)
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Gtk+ Runtime Environment 2.12.9-2 (HKLM\...\Gtk+ Runtime Environment) (Version: 2.12.9-2 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    LogWorks (HKLM\...\LogWorks) (Version: 2.04 - Innovate! Technologies)
    LogWorks3 (HKLM\...\LogWorks3) (Version: 3.01 - Innovate! Technologies)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MegaLogViewer (HKLM\...\{8628749E-CAD6-4FC6-B723-564C1EEBC6D7}) (Version: 2.89 - EFI Analytics)
    MegaTunix v. 0.9.17-win2K_XP (HKLM\...\MegaTunix_is1) (Version:  - )
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version:  - )
    MiniTool Partition Wizard Home Edition 7.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
    MSTweak3000 (HKLM\...\ST6UNST #1) (Version:  - )
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    O2Micro Smartcard Driver (HKLM\...\InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}) (Version: 2.26.0000 - O2Micro Electronics, Inc.)
    O2Micro Smartcard Driver (Version: 2.26.0000 - O2Micro Electronics, Inc.) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Spotify (HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TunerStudio MS 0.999.7 (HKLM\...\{16994070-EF3D-486D-9C26-5D5A76481726}_is1) (Version:  - EFI Analytics)
    Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Warner Bros. Digital Copy Manager (HKLM\...\{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}) (Version: 1.1 - Warner Bros. Entertainment Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\delegate_execute.exe (Google Inc.)

    ==================== Restore Points  =========================

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 07:00 - 2015-01-08 20:38 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\Data\SpotifyWebHelper.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-515967899-746137067-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-515967899-746137067-1060284298-1004 - Limited - Disabled)
    Guest (S-1-5-21-515967899-746137067-1060284298-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-515967899-746137067-1060284298-1000 - Limited - Disabled)
    MegaSquirtNspark (S-1-5-21-515967899-746137067-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MegaSquirtNspark
    SUPPORT_388945a0 (S-1-5-21-515967899-746137067-1060284298-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: Broadcom 570x Gigabit Integrated Controller
    Description: Broadcom 570x Gigabit Integrated Controller
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Broadcom
    Service: b57w2k
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (01/20/2015 04:17:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The System Restore Service service terminated with the following error:
    %%2

    Error: (01/20/2015 04:17:12 PM) (Source: SRService) (EventID: 104) (User: )
    Description: The System Restore initialization process failed.

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor:  Intel® Pentium® M processor 1600MHz
    Percentage of memory in use: 37%
    Total physical RAM: 1023.23 MB
    Available physical RAM: 642.16 MB
    Total Pagefile: 1696.84 MB
    Available Pagefile: 1407.37 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:37.26 GB) (Free:8.83 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive z: () (Network) (Total:931.48 GB) (Free:852.5 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 674E674E)
    Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #13
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
    Ran by MegaSquirtNspark (administrator) on MEGASQUIRT on 20-01-2015 16:20:05
    Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    Loaded Profiles: MegaSquirtNspark (Available profiles: MegaSquirtNspark & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Winlogon: [Shell]
    BootExecute:

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\S-1-5-21-515967899-746137067-1060284298-1003 -> DefaultScope {D4286749-BDD9-4EDC-B2B6-2BBF78649F56} URL = https://www.google.c...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-515967899-746137067-1060284298-1003 -> {D4286749-BDD9-4EDC-B2B6-2BBF78649F56} URL = https://www.google.c...?q={searchTerms}
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.69.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-515967899-746137067-1060284298-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-515967899-746137067-1060284298-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (YouTube) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-01]
    CHR Extension: (Google Cast) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-10-10]
    CHR Extension: (Google Search) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-01]
    CHR Extension: (YouTube Center) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gabnjlibfmlilpljjkkbkebfaopgpjmk [2013-09-15]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
    CHR Extension: (Gmail) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-01]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
    R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{A28EFDEE-DE8B-43C1-A375-BDDA76B82E1C}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 CompFilter; C:\WINDOWS\System32\DRIVERS\lvbusflt.sys [22176 2011-08-19] (Logitech Inc.)
    S3 CSCO21; C:\WINDOWS\System32\DRIVERS\csco21.sys [1320960 2007-09-26] (Cisco Systems, Inc.)
    R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
    S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
    R3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-30] (Broadcom Corporation)
    S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [34064 2007-11-06] (CACE Technologies)
    R3 OZSCR; C:\WINDOWS\System32\DRIVERS\ozscr.sys [92550 2005-04-21] (O2Micro)
    S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-01-11] ()
    S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-01-11] ()
    R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
    R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-09 17:23 - 2015-01-20 16:20 - 00000000 ____D () C:\FRST
    2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-09 16:59 - 2015-01-09 17:03 - 00000000 ____D () C:\AdwCleaner
    2015-01-09 16:45 - 2015-01-09 16:45 - 00000000 ____D () C:\_OTL
    2015-01-09 16:41 - 2015-01-20 16:20 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
    2015-01-08 20:38 - 2015-01-08 20:38 - 00000000 ____D () C:\_OTM

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 16:20 - 2008-02-02 11:47 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp
    2015-01-20 16:18 - 2008-02-02 11:36 - 01350832 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-20 16:17 - 2008-02-02 11:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-20 16:17 - 2008-02-02 06:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-01-20 16:17 - 2008-02-02 06:27 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-01-20 16:17 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-20 16:15 - 2008-02-02 11:47 - 00000178 ___SH () C:\Documents and Settings\MegaSquirtNspark\ntuser.ini
    2015-01-20 16:15 - 2008-02-02 11:43 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-20 16:09 - 2008-02-02 11:47 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark
    2015-01-20 15:58 - 2010-08-10 21:04 - 00000444 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
    2015-01-19 07:34 - 2013-01-15 19:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-18 09:49 - 2012-04-01 09:29 - 00002365 _____ () C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
    2015-01-15 19:21 - 2013-10-09 23:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-01-15 19:12 - 2008-08-16 11:10 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-01-15 18:34 - 2012-04-06 22:04 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-01-15 18:34 - 2011-05-19 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-01-12 08:47 - 2008-02-02 11:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
    2015-01-09 16:45 - 2011-09-18 11:46 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Western Digital
    2015-01-09 16:45 - 2008-02-11 17:23 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help
    2015-01-08 20:03 - 2010-08-06 17:10 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2015-01-08 19:52 - 2014-06-23 19:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-08 19:47 - 2013-05-28 20:08 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Sun
    2015-01-08 19:06 - 2008-02-02 06:23 - 00908455 _____ () C:\WINDOWS\setupapi.log
    2015-01-08 16:49 - 2008-02-02 11:35 - 00000000 ____D () C:\WINDOWS\system32\Restore
    2015-01-02 16:59 - 2009-10-03 12:35 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Deployment

    ==================== Files in the root of some directories =======
    2010-02-25 06:15 - 2011-07-15 16:38 - 0029184 _____ () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-05-21 20:16 - 2010-05-21 20:16 - 0000036 _____ () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\housecall.guid.cache

    Some content of TEMP:
    ====================
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\dxtmsft.dll
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\dxtrans.dll
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\ieframe.dll
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================


    • 0

    #14
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    sigverif

     

    nothing new all from 2009


    • 0

    #15
    I-W

    I-W

      Member

    • Topic Starter
    • Member
    • PipPip
    • 56 posts

    i dont think this VEW.exe ran properly.

     

    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 20/01/2015 4:42:34 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 20/01/2015 4:27:11 PM
    Type: error Category: 0
    Event: 7023 Source: Service Control Manager
    The System Restore Service service terminated with the following error:  The system cannot find the file specified. 

    Log: 'System' Date/Time: 20/01/2015 4:27:09 PM
    Type: error Category: 0
    Event: 104 Source: SRService
    The System Restore initialization process failed.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: I-W

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP