Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google running in back ground hidden need help please

I-W

  • Please log in to reply

#16
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Application VEW results

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 20/01/2015 4:47:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

I think we need one more try with the fixlist.  Same as before.

 

VEW seems to have worked OK.  We don't really want to see any errors.  

 

There is some Policy about not running system restore.  This fixlist should remove it and then perhaps System Restore will work again but let's use OTL to search for the missing files just in case:

 

 

Copy the text in the code box by highlighting and Ctrl + c 
 
 
/md5start
FILELIST.XML
RSTRUI.EXE
SR.SYS
SRCLIENT.DLL
SRDIAG.EXE
SRFRAME.MMF
SRRSTR.DLL
SRSVC.DLL
SRVSVC.DLL
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.

 

 

 


  • 0

#18
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

OTL Results;

 

OTL logfile created on: 1/21/2015 6:12:30 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.23 Mb Total Physical Memory | 640.77 Mb Available Physical Memory | 62.62% Memory free
1.66 Gb Paging File | 1.38 Gb Available in Paging File | 83.50% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.81 Gb Free Space | 23.64% Space Free | Partition Type: NTFS
Drive Z: | 931.48 Gb Total Space | 852.50 Gb Free Space | 91.52% Space Free | Partition Type: NTFS
 
Computer Name: MEGASQUIRT | User Name: MegaSquirtNspark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/09 16:42:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB\OTL.exe
PRC - [2014/10/24 15:41:24 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 11:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2015/01/15 18:34:16 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/24 15:41:24 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/01/11 11:52:52 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2013/01/11 11:52:50 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/19 04:26:34 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/03/30 01:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/15 21:53:00 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007/11/06 14:22:06 | 000,034,064 | R--- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/26 02:52:50 | 001,320,960 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csco21.sys -- (CSCO21)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/10 22:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/21 21:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {D4286749-BDD9-4EDC-B2B6-2BBF78649F56}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D4286749-BDD9-4EDC-B2B6-2BBF78649F56}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gabnjlibfmlilpljjkkbkebfaopgpjmk\1.0.1_0\
CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2015/01/08 20:38:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F658D60D-A9E9-4233-BADB-94AF9FF491C8}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.69.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 11:38:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/20 16:32:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2015/01/20 16:32:24 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2015/01/20 16:32:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2015/01/20 16:32:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2015/01/20 16:32:23 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2015/01/20 16:32:23 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2015/01/20 16:32:22 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2015/01/20 16:32:22 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2015/01/20 16:32:21 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2015/01/20 16:32:17 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2015/01/20 16:32:16 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2015/01/20 16:32:16 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2015/01/20 16:32:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2015/01/20 16:32:15 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2015/01/20 16:32:14 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2015/01/20 16:32:14 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2015/01/20 16:32:13 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2015/01/20 16:32:13 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2015/01/20 16:32:12 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2015/01/20 16:32:12 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2015/01/20 16:32:00 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2015/01/20 16:31:56 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2015/01/20 16:31:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2015/01/20 16:31:55 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2015/01/20 16:31:55 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2015/01/20 16:31:54 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2015/01/20 16:31:54 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2015/01/20 16:31:52 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2015/01/20 16:31:52 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2015/01/20 16:31:51 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2015/01/20 16:31:51 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2015/01/20 16:31:50 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2015/01/20 16:31:50 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2015/01/20 16:31:49 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2015/01/20 16:31:48 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2015/01/20 16:31:48 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2015/01/20 16:31:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2015/01/20 16:31:37 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2015/01/20 16:31:36 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2015/01/20 16:31:35 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2015/01/20 16:31:34 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2015/01/20 16:31:34 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2015/01/20 16:31:33 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2015/01/20 16:31:33 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2015/01/20 16:31:32 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2015/01/20 16:31:32 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2015/01/20 16:31:29 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2015/01/20 16:31:29 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2015/01/20 16:31:21 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2015/01/20 16:31:21 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2015/01/20 16:31:20 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2015/01/20 16:31:20 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2015/01/20 16:31:15 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2015/01/20 16:31:14 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2015/01/20 16:31:14 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2015/01/20 16:31:13 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2015/01/20 16:31:13 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2015/01/20 16:31:12 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2015/01/20 16:31:12 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2015/01/20 16:31:11 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2015/01/20 16:31:11 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2015/01/20 16:31:10 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2015/01/20 16:31:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2015/01/20 16:30:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2015/01/20 16:30:58 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2015/01/20 16:30:54 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2015/01/20 16:30:54 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2015/01/20 16:30:53 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2015/01/20 16:30:53 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2015/01/20 16:30:52 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2015/01/20 16:30:52 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2015/01/20 16:30:51 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2015/01/20 16:30:50 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2015/01/20 16:30:50 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2015/01/20 16:30:49 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2015/01/20 16:30:49 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2015/01/20 16:30:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2015/01/20 16:30:48 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2015/01/20 16:30:48 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2015/01/20 16:30:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2015/01/20 16:30:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2015/01/20 16:30:46 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2015/01/20 16:30:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2015/01/20 16:30:45 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2015/01/20 16:30:45 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2015/01/20 16:30:44 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2015/01/20 16:30:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2015/01/20 16:30:17 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2015/01/09 17:23:26 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/09 17:15:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2015/01/09 16:59:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/09 16:45:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/01/09 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
[2015/01/08 20:38:05 | 000,000,000 | ---D | C] -- C:\_OTM
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/21 17:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/21 16:38:59 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
[2015/01/21 16:27:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/01/21 16:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/18 09:49:39 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/18 09:49:39 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
[2015/01/15 18:34:13 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/01/15 18:34:13 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015/01/08 20:38:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2015/01/08 20:03:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2015/01/08 19:52:16 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
 
========== Files Created - No Company Name ==========
 
[2015/01/20 16:31:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2015/01/20 16:31:40 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2015/01/20 16:31:39 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2015/01/20 16:31:39 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2015/01/20 16:31:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2015/01/20 16:31:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2015/01/20 16:31:37 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2015/01/20 16:31:37 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2015/01/20 16:31:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2015/01/20 16:31:31 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/10/09 20:13:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/21 03:48:31 | 001,249,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-746137067-1060284298-1003-0.dat
[2013/06/21 03:48:28 | 000,130,630 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/10 14:07:01 | 002,822,336 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2013/02/10 14:06:58 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2013/02/10 14:06:56 | 000,010,200 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2013/02/10 13:04:13 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2013/02/10 13:04:13 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2013/02/10 13:04:13 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2013/02/10 13:04:12 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2013/02/10 13:04:02 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2010/08/22 07:48:53 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\tsUser.properties
[2010/08/13 18:20:23 | 000,003,071 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\mlvUser.properties
[2010/05/21 20:16:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\housecall.guid.cache
[2010/02/25 06:15:14 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 22:24:57 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\MegaSquirtNspark\.recently-used.xbel
 
========== ZeroAccess Check ==========
 
[2009/05/10 16:08:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< MD5 for: FILELIST.XML  >
[2006/12/28 14:01:31 | 000,019,569 | ---- | M] () MD5=8737F6F4C8EC1E2A9EA5516F1B3AE1AD -- C:\WINDOWS\ServicePackFiles\i386\filelist.xml
[2006/12/28 14:01:31 | 000,019,569 | RHS- | M] () MD5=8737F6F4C8EC1E2A9EA5516F1B3AE1AD -- C:\WINDOWS\system32\Restore\filelist.xml
[2004/07/17 11:40:22 | 000,019,528 | ---- | M] () MD5=DC801056C6EB1FE72DFDAA96FBABAF13 -- C:\WINDOWS\$NtServicePackUninstall$\filelist.xml
 
< MD5 for: RSTRUI.EXE  >
[2004/08/04 00:56:56 | 000,380,416 | ---- | M] (Microsoft Corporation) MD5=4375CD59161C0A033DF68D9510D1F8CF -- C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
[2008/04/13 19:12:33 | 000,380,416 | ---- | M] (Microsoft Corporation) MD5=BD6C1488F63D64DEA8EE514802FC2CDD -- C:\WINDOWS\ServicePackFiles\i386\rstrui.exe
[2008/04/13 19:12:33 | 000,380,416 | ---- | M] (Microsoft Corporation) MD5=BD6C1488F63D64DEA8EE514802FC2CDD -- C:\WINDOWS\system32\Restore\rstrui.exe
 
< MD5 for: SR.SYS  >
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2004/08/03 23:06:26 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys
 
< MD5 for: SRCLIENT.DLL  >
[2004/08/04 00:56:46 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=60106B27FCCE3E71EC8C8C757CC243E4 -- C:\WINDOWS\$NtServicePackUninstall$\srclient.dll
[2008/04/13 19:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=77A54BDFBAD4604E6131AE68E3CF76D6 -- C:\WINDOWS\ServicePackFiles\i386\srclient.dll
[2008/04/13 19:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=77A54BDFBAD4604E6131AE68E3CF76D6 -- C:\WINDOWS\system32\srclient.dll
 
< MD5 for: SRDIAG.EXE  >
[2001/08/23 07:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=61309EBC9DB4669399591E1D7040D0DB -- C:\WINDOWS\system32\dllcache\srdiag.exe
[2001/08/23 07:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=61309EBC9DB4669399591E1D7040D0DB -- C:\WINDOWS\system32\Restore\srdiag.exe
 
< MD5 for: SRFRAME.MMF  >
[2001/08/23 07:00:00 | 000,000,984 | ---- | M] () MD5=E9D9E61584DFD1FA2857BC242A68E4AC -- C:\WINDOWS\system32\dllcache\srframe.mmf
[2001/08/23 07:00:00 | 000,000,984 | ---- | M] () MD5=E9D9E61584DFD1FA2857BC242A68E4AC -- C:\WINDOWS\system32\Restore\srframe.mmf
 
< MD5 for: SRRSTR.DLL  >
[2004/08/04 00:56:46 | 000,239,104 | ---- | M] (Microsoft Corporation) MD5=8B506BD2DBC779D1D2D4D36CD1CAB119 -- C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll
[2008/04/13 19:12:07 | 000,239,104 | ---- | M] (Microsoft Corporation) MD5=92E2A2574186BCBB7027A6048E1B8B1B -- C:\WINDOWS\ServicePackFiles\i386\srrstr.dll
[2008/04/13 19:12:07 | 000,239,104 | ---- | M] (Microsoft Corporation) MD5=92E2A2574186BCBB7027A6048E1B8B1B -- C:\WINDOWS\system32\srrstr.dll
 
< MD5 for: SRSVC.DLL  >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
 
< MD5 for: SRVSVC.DLL  >
[2004/12/07 14:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=0CB3AF149A0BAC0836022CA307C7A0F8 -- C:\WINDOWS\$NtServicePackUninstall$\srvsvc.dll
[2010/08/27 01:05:07 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=3695B8D03745B2F8022B161238347A9D -- C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
[2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=3A7C3CBE5D96B8AE96CE81F0B22FB527 -- C:\WINDOWS\system32\dllcache\srvsvc.dll
[2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=3A7C3CBE5D96B8AE96CE81F0B22FB527 -- C:\WINDOWS\system32\srvsvc.dll
[2004/12/07 14:29:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=4E9EA6CC8DB8DCEF7FB37F2C9B4CC556 -- C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
[2004/08/04 00:56:46 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=93D32468D34E000CB3407947D1D6E22A -- C:\WINDOWS\$NtUninstallKB888302$\srvsvc.dll
[2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F385F4B02C535BFFE1D70CAB80838123 -- C:\WINDOWS\$NtUninstallKB2345886$\srvsvc.dll
[2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F385F4B02C535BFFE1D70CAB80838123 -- C:\WINDOWS\ServicePackFiles\i386\srvsvc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


  • 0

#19
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Sorry i lost my mind.

 

What am i supposed to do with the FIXLIST file

 

what tool to copy paste it in to?


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Download the  fixlist.txt in http://www.geekstogo...-2#entry2472906   to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

#21
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by MegaSquirtNspark at 2015-01-23 17:43:11 Run:2
Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
Loaded Profiles: MegaSquirtNspark (Available profiles: MegaSquirtNspark & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Winlogon: [Shell]
BootExecute:
CustomCLSID: HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\delegate_execute.exe (Google Inc.)
*****************

"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKU\S-1-5-21-515967899-746137067-1060284298-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}" => Key deleted successfully.

==== End of Fixlog 17:43:11 ====


  • 0

#22
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by MegaSquirtNspark at 2015-01-23 17:49:43
Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5173 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.20-051110a1-028793C-Dell - )
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11160.2 - Cisco Consumer Products LLC)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CompuApps SwissKnife V3 (HKLM\...\CompuApps SwissKnife V3) (Version:  - )
Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.14 - BVRP Software, Inc)
DIYAutoTune's Tuning Software Package - MT225P3 061208 (HKLM\...\DIYAutoTune's Tuning Software Package - MT225P3_is1) (Version:  - DIYAutoTune.com)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Gtk+ Runtime Environment 2.12.9-2 (HKLM\...\Gtk+ Runtime Environment) (Version: 2.12.9-2 - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LogWorks (HKLM\...\LogWorks) (Version: 2.04 - Innovate! Technologies)
LogWorks3 (HKLM\...\LogWorks3) (Version: 3.01 - Innovate! Technologies)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MegaLogViewer (HKLM\...\{8628749E-CAD6-4FC6-B723-564C1EEBC6D7}) (Version: 2.89 - EFI Analytics)
MegaTunix v. 0.9.17-win2K_XP (HKLM\...\MegaTunix_is1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version:  - )
MiniTool Partition Wizard Home Edition 7.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSTweak3000 (HKLM\...\ST6UNST #1) (Version:  - )
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
O2Micro Smartcard Driver (HKLM\...\InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}) (Version: 2.26.0000 - O2Micro Electronics, Inc.)
O2Micro Smartcard Driver (Version: 2.26.0000 - O2Micro Electronics, Inc.) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-515967899-746137067-1060284298-1003\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TunerStudio MS 0.999.7 (HKLM\...\{16994070-EF3D-486D-9C26-5D5A76481726}_is1) (Version:  - EFI Analytics)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warner Bros. Digital Copy Manager (HKLM\...\{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}) (Version: 1.1 - Warner Bros. Entertainment Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 07:00 - 2015-01-08 20:38 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\MegaSquirtNspark\Application Data\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-515967899-746137067-1060284298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515967899-746137067-1060284298-1004 - Limited - Disabled)
Guest (S-1-5-21-515967899-746137067-1060284298-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-515967899-746137067-1060284298-1000 - Limited - Disabled)
MegaSquirtNspark (S-1-5-21-515967899-746137067-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MegaSquirtNspark
SUPPORT_388945a0 (S-1-5-21-515967899-746137067-1060284298-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Broadcom 570x Gigabit Integrated Controller
Description: Broadcom 570x Gigabit Integrated Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/23/2015 05:27:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (01/23/2015 05:27:34 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.

Error: (01/21/2015 04:14:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (01/21/2015 04:14:47 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.

Error: (01/20/2015 04:27:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (01/20/2015 04:27:09 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1600MHz
Percentage of memory in use: 31%
Total physical RAM: 1023.23 MB
Available physical RAM: 703.66 MB
Total Pagefile: 1696.84 MB
Available Pagefile: 1481.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:8.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive z: () (Network) (Total:931.48 GB) (Free:852.5 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 674E674E)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#23
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by MegaSquirtNspark (administrator) on MEGASQUIRT on 23-01-2015 17:47:59
Running from C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
Loaded Profiles: MegaSquirtNspark (Available profiles: MegaSquirtNspark & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-515967899-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-515967899-746137067-1060284298-1003 -> DefaultScope {D4286749-BDD9-4EDC-B2B6-2BBF78649F56} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-515967899-746137067-1060284298-1003 -> {D4286749-BDD9-4EDC-B2B6-2BBF78649F56} URL = https://www.google.c...?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.69.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515967899-746137067-1060284298-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-746137067-1060284298-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-01]
CHR Extension: (Google Cast) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-10-10]
CHR Extension: (Google Search) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-01]
CHR Extension: (YouTube Center) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gabnjlibfmlilpljjkkbkebfaopgpjmk [2013-09-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-01]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{A28EFDEE-DE8B-43C1-A375-BDDA76B82E1C}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CompFilter; C:\WINDOWS\System32\DRIVERS\lvbusflt.sys [22176 2011-08-19] (Logitech Inc.)
S3 CSCO21; C:\WINDOWS\System32\DRIVERS\csco21.sys [1320960 2007-09-26] (Cisco Systems, Inc.)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-30] (Broadcom Corporation)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [34064 2007-11-06] (CACE Technologies)
R3 OZSCR; C:\WINDOWS\System32\DRIVERS\ozscr.sys [92550 2005-04-21] (O2Micro)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-01-11] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-01-11] ()
R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 16:42 - 2015-01-20 16:47 - 00000358 _____ () C:\VEW.txt
2015-01-20 16:38 - 2015-01-20 16:38 - 00798748 _____ () C:\WINDOWS\SIGVERIF.TXT
2015-01-20 16:32 - 2001-08-17 22:36 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\binlsvc.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\brmfcwia.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00041472 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfusb.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00032256 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfrsmg.exe
2015-01-20 16:32 - 2001-08-17 22:36 - 00029696 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmflpt.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00019456 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brbidiif.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00015360 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfbidi.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00012800 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brevif.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00009728 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brserif.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00009728 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brcoinst.dll
2015-01-20 16:32 - 2001-08-17 22:36 - 00005120 ____C (Brother Industries,Ltd.) C:\WINDOWS\system32\dllcache\brscnrsm.dll
2015-01-20 16:32 - 2001-08-17 13:51 - 00013824 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bulltlp3.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00060416 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brserwdm.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00039552 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparwdm.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00012160 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltlo.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00011008 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbmdm.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00010368 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbscn.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00003968 ____C (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltup.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00003168 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparimg.sys
2015-01-20 16:32 - 2001-08-17 13:12 - 00002944 ____C (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brfilt.sys
2015-01-20 16:32 - 2001-08-17 12:11 - 00031529 ____C (BreezeCOM) C:\WINDOWS\system32\dllcache\brzwlan.sys
2015-01-20 16:31 - 2008-04-13 19:12 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2015-01-20 16:31 - 2008-04-13 13:46 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys
2015-01-20 16:31 - 2008-04-13 13:46 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys
2015-01-20 16:31 - 2008-04-13 13:46 - 00011776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2015-01-20 16:31 - 2004-08-03 21:31 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys
2015-01-20 16:31 - 2001-08-17 22:37 - 00024576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax
2015-01-20 16:31 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll
2015-01-20 16:31 - 2001-08-17 22:36 - 00087552 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll
2015-01-20 16:31 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe
2015-01-20 16:31 - 2001-08-17 14:56 - 00342336 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.dll
2015-01-20 16:31 - 2001-08-17 14:56 - 00268160 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll
2015-01-20 16:31 - 2001-08-17 14:56 - 00137216 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll
2015-01-20 16:31 - 2001-08-17 14:56 - 00104832 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll
2015-01-20 16:31 - 2001-08-17 14:55 - 00382592 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll
2015-01-20 16:31 - 2001-08-17 14:55 - 00096128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll
2015-01-20 16:31 - 2001-08-17 14:07 - 00056960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78xx.sys
2015-01-20 16:31 - 2001-08-17 14:07 - 00055168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78u2.sys
2015-01-20 16:31 - 2001-08-17 14:01 - 00036096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys
2015-01-20 16:31 - 2001-08-17 13:57 - 00077568 ____C (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys
2015-01-20 16:31 - 2001-08-17 13:52 - 00026496 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc.sys
2015-01-20 16:31 - 2001-08-17 13:52 - 00022400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asc3350p.sys
2015-01-20 16:31 - 2001-08-17 13:52 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aha154x.sys
2015-01-20 16:31 - 2001-08-17 13:52 - 00012032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\amsint.sys
2015-01-20 16:31 - 2001-08-17 13:51 - 00014848 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc3550.sys
2015-01-20 16:31 - 2001-08-17 13:51 - 00005248 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\aliide.sys
2015-01-20 16:31 - 2001-08-17 13:49 - 00026624 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys
2015-01-20 16:31 - 2001-08-17 13:47 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys
2015-01-20 16:31 - 2001-08-17 13:28 - 00871388 ____C (BCM) C:\WINDOWS\system32\dllcache\bcmdm.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00075136 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00049920 ____C () C:\WINDOWS\system32\dllcache\atirtcap.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00046464 ____C () C:\WINDOWS\system32\dllcache\atibt829.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00026880 ____C () C:\WINDOWS\system32\dllcache\atirtsnd.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00026624 ____C () C:\WINDOWS\system32\dllcache\ativxbar.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00023552 ____C () C:\WINDOWS\system32\dllcache\atixbar.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00019456 ____C () C:\WINDOWS\system32\dllcache\ativttxx.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00017152 ____C () C:\WINDOWS\system32\dllcache\atitvsnd.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00017152 ____C () C:\WINDOWS\system32\dllcache\atitunep.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00010240 ____C () C:\WINDOWS\system32\dllcache\atipcxxx.sys
2015-01-20 16:31 - 2001-08-17 12:49 - 00009472 ____C () C:\WINDOWS\system32\dllcache\ativmdcd.sys
2015-01-20 16:31 - 2001-08-17 12:48 - 00289664 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys
2015-01-20 16:31 - 2001-08-17 12:48 - 00281600 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys
2015-01-20 16:31 - 2001-08-17 12:48 - 00070528 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys
2015-01-20 16:31 - 2001-08-17 12:48 - 00036128 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.sys
2015-01-20 16:31 - 2001-08-17 12:19 - 00036992 ____C (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys
2015-01-20 16:31 - 2001-08-17 12:13 - 00089952 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\b1cbase.sys
2015-01-20 16:31 - 2001-08-17 12:13 - 00037568 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys
2015-01-20 16:31 - 2001-08-17 12:12 - 00097354 ____C (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys
2015-01-20 16:31 - 2001-08-17 12:11 - 00066557 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42u.sys
2015-01-20 16:31 - 2001-08-17 12:11 - 00054271 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42xx5.sys
2015-01-20 16:31 - 2001-08-17 12:11 - 00027678 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys
2015-01-20 16:31 - 2001-08-17 12:11 - 00026568 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm4e5.sys
2015-01-20 16:31 - 2001-08-17 12:11 - 00016969 ____C (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys
2015-01-20 16:30 - 2008-04-13 13:46 - 00053376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys
2015-01-20 16:30 - 2008-04-13 13:46 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys
2015-01-20 16:30 - 2008-04-13 13:40 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys
2015-01-20 16:30 - 2004-08-03 21:32 - 00231552 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys
2015-01-20 16:30 - 2004-08-03 21:32 - 00084480 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys
2015-01-20 16:30 - 2004-08-03 21:32 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys
2015-01-20 16:30 - 2001-08-17 22:36 - 00462848 ____C (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll
2015-01-20 16:30 - 2001-08-17 22:36 - 00098304 ____C (Aureal Semiconductor) C:\WINDOWS\system32\dllcache\a3d.dll
2015-01-20 16:30 - 2001-08-17 22:36 - 00061440 ____C (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll
2015-01-20 16:30 - 2001-08-17 14:56 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll
2015-01-20 16:30 - 2001-08-17 14:55 - 00689216 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll
2015-01-20 16:30 - 2001-08-17 14:55 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll
2015-01-20 16:30 - 2001-08-17 14:07 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adpu160m.sys
2015-01-20 16:30 - 2001-08-17 14:06 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys
2015-01-20 16:30 - 2001-08-17 13:53 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys
2015-01-20 16:30 - 2001-08-17 13:52 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\abp480n5.sys
2015-01-20 16:30 - 2001-08-17 13:28 - 00762780 ____C (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys
2015-01-20 16:30 - 2001-08-17 12:48 - 00148352 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2015-01-20 16:30 - 2001-08-17 12:20 - 00297728 ____C (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys
2015-01-20 16:30 - 2001-08-17 12:20 - 00096256 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys
2015-01-20 16:30 - 2001-08-17 12:19 - 00747392 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys
2015-01-20 16:30 - 2001-08-17 12:19 - 00584448 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys
2015-01-20 16:30 - 2001-08-17 12:19 - 00553984 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys
2015-01-20 16:30 - 2001-08-17 12:11 - 00046112 ____C (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys
2015-01-20 16:30 - 2001-08-17 12:11 - 00020160 ____C (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys
2015-01-09 17:23 - 2015-01-23 17:48 - 00000000 ____D () C:\FRST
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-09 16:59 - 2015-01-09 17:03 - 00000000 ____D () C:\AdwCleaner
2015-01-09 16:45 - 2015-01-09 16:45 - 00000000 ____D () C:\_OTL
2015-01-09 16:41 - 2015-01-23 17:47 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Desktop\FTB
2015-01-08 20:38 - 2015-01-08 20:38 - 00000000 ____D () C:\_OTM

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 17:48 - 2008-02-02 11:47 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp
2015-01-23 17:34 - 2013-01-15 19:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-23 17:34 - 2012-04-06 22:04 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-23 17:34 - 2011-05-19 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-23 17:32 - 2010-08-10 21:04 - 00000444 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3A35FC7-FC71-4C5C-BD72-66A326627530}.job
2015-01-23 17:31 - 2008-02-02 11:36 - 01386829 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-23 17:28 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-23 17:27 - 2008-02-02 11:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-23 17:27 - 2008-02-02 06:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-23 17:27 - 2008-02-02 06:27 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-21 18:36 - 2008-02-02 11:47 - 00000178 ___SH () C:\Documents and Settings\MegaSquirtNspark\ntuser.ini
2015-01-21 18:36 - 2008-02-02 11:43 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-21 17:12 - 2014-03-05 17:09 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Application Data\vlc
2015-01-20 16:40 - 2008-02-02 06:23 - 00976316 _____ () C:\WINDOWS\setupapi.log
2015-01-20 16:09 - 2008-02-02 11:47 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark
2015-01-18 09:49 - 2012-04-01 09:29 - 00002365 _____ () C:\Documents and Settings\MegaSquirtNspark\Desktop\Google Chrome.lnk
2015-01-15 19:21 - 2013-10-09 23:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 19:12 - 2008-08-16 11:10 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-12 08:47 - 2008-02-02 11:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-09 16:45 - 2011-09-18 11:46 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Western Digital
2015-01-09 16:45 - 2008-02-11 17:23 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Help
2015-01-08 20:03 - 2010-08-06 17:10 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-08 19:52 - 2014-06-23 19:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 19:47 - 2013-05-28 20:08 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Sun
2015-01-08 16:49 - 2008-02-02 11:35 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-01-02 16:59 - 2009-10-03 12:35 - 00000000 ____D () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\Deployment

==================== Files in the root of some directories =======
2010-02-25 06:15 - 2011-07-15 16:38 - 0029184 _____ () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-21 20:16 - 2010-05-21 20:16 - 0000036 _____ () C:\Documents and Settings\MegaSquirtNspark\Local Settings\Application Data\housecall.guid.cache

Some content of TEMP:
====================
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\dxtmsft.dll
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\dxtrans.dll
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\ieframe.dll
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\MegaSquirtNspark\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Copy the next line:
 
sc start srservice
 
Start, All Programs, Accessories, Command Prompt.  
 
Right click and Paste or Edit then paste and the copied line should appear.  Hit Enter.  Do you get an error?  What does it say?

  • 0

#25
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

SERVICE_NAME: srservice
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE       : 2  (0x2)
        SERVICE_EXIT_CODE   : 0  (0x0)
        CHECKPOINT                 : 0x0
        WAIT_HINT                     : 0x0
        PID                                  : 0
        FLAGS                            :


Edited by I-W, 23 January 2015 - 08:26 PM.

  • 0

Advertisements


#26
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

2nd time

 

SERVICE_NAME: srservice
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 1192
        FLAGS              :


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

It shouldn't take so long to start.  Try it again and if it still isn't running let's look at the registry:

 

copy the next 4 lines

 

net start srservice > \junk.txt 2<&1

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srservice /s >> \junk.txt

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRSERVICE ?s >> \junk.txt

notepad \junk.txt

 

Start, All Programs, Accessories, Command Prompt.  
 
Right click and Paste or Edit then paste and the copied lines should appear.  Hit Enter. Notepad should open.  Copy and paste the text.

  • 0

#28
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

SERVICE_NAME: srservice
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 1200
        FLAGS              :


  • 0

#29
I-W

I-W

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

The System Restore Service service is starting.
The System Restore Service service could not be started.

A system error has occurred.

System error 2 has occurred.

The system cannot find the file specified.

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srservice
    Type REG_DWORD 0x20
    Start REG_DWORD 0x2
    ErrorControl REG_DWORD 0x1
    ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
    DisplayName REG_SZ System Restore Service
    DependOnService REG_MULTI_SZ RpcSs\0\0
    DependOnGroup REG_MULTI_SZ \0
    ObjectName REG_SZ LocalSystem
    Description REG_SZ Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srservice\Parameters
    ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\srsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srservice\Security
    Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srservice\Enum
    0 REG_SZ Root\LEGACY_SRSERVICE\0000
    Count REG_DWORD 0x1
    NextInstance REG_DWORD 0x1


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Please download GrantPerms.zip 
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:
 
 
C:\WINDOWS\system32\srsvc.dll
C:\WINDOWS\system32\drivers\sr.sys
 
 
Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.   Then 

copy the next 2 lines

 

net start srservice > \junk.txt 2<&1

notepad \junk.txt

 

Start, All Programs, Accessories, Command Prompt.  
 
Right click and Paste or Edit then paste and the copied lines should appear.  Hit Enter. Notepad should open.  Copy and paste the text.

  • 0






Similar Topics


Also tagged with one or more of these keywords: I-W

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP