Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MSIMG32.dll not found


  • Please log in to reply

#1
bhzendner

bhzendner

    Member

  • Member
  • PipPipPip
  • 226 posts
Malwarebytes found two and removed them, but nothing will run because I get this error.
Small Business Server 2003 with service pack 2.

OTL logfile created on: 8/27/2013 12:33:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.40% Memory free
5.34 Gb Paging File | 3.89 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 500.47 Gb Total Space | 457.52 Gb Free Space | 91.42% Space Free | Partition Type: NTFS
Drive D: | 1360.55 Gb Total Space | 1277.46 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: SERVER1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/27 12:33:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2013/08/19 21:07:10 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/08/16 14:55:50 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/06/08 09:03:26 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 09:03:14 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/04/27 18:23:26 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/08/10 06:09:07 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2007/02/17 07:03:58 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sbscrexe.exe
PRC - [2007/02/17 07:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007/02/17 07:03:43 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007/02/17 07:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/02/17 07:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/17 07:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2005/05/11 21:45:40 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2004/04/14 15:13:16 | 005,128,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe
PRC - [2004/04/02 01:25:59 | 008,902,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe
PRC - [2004/04/02 01:25:54 | 003,195,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe
PRC - [2004/04/02 00:57:10 | 003,591,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\emsmta.exe
PRC - [2004/04/02 00:54:34 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\srsmain.exe
PRC - [2003/06/03 00:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\events.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 21:07:07 | 000,415,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.14\ppgooglenaclpluginchrome.dll
MOD - [2013/08/19 21:07:06 | 013,602,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.14\PepperFlash\pepflashplayer.dll
MOD - [2013/08/19 21:07:03 | 004,055,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.14\pdf.dll
MOD - [2013/08/19 21:06:03 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.14\ffmpegsumo.dll
MOD - [2008/04/19 16:35:02 | 000,081,920 | ---- | M] () -- C:\Program Files\ClamWin\bin\ExpShell.dll
MOD - [2007/02/17 07:02:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/17 07:02:46 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/02/08 16:23:10 | 000,979,005 | ---- | M] () -- C:\Program Files\ClamWin\bin\python23.dll
MOD - [2004/11/20 02:27:54 | 000,106,496 | ---- | M] () -- C:\Program Files\ClamWin\lib\shell.pyd
MOD - [2004/11/20 02:27:54 | 000,086,016 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32gui.pyd
MOD - [2004/11/20 02:27:54 | 000,077,824 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32file.pyd
MOD - [2004/11/20 02:27:54 | 000,069,632 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32api.pyd
MOD - [2004/11/20 02:27:54 | 000,065,536 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32security.pyd
MOD - [2004/11/20 02:27:54 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32process.pyd
MOD - [2004/11/20 02:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32pipe.pyd
MOD - [2004/11/20 02:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32event.pyd
MOD - [2004/10/11 19:22:18 | 000,315,392 | ---- | M] () -- C:\Program Files\ClamWin\lib\pythoncom23.dll
MOD - [2004/10/11 19:21:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ClamWin\lib\pywintypes23.dll
MOD - [2004/05/25 20:20:30 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\_winreg.pyd
MOD - [2004/05/25 20:19:32 | 000,045,117 | ---- | M] () -- C:\Program Files\ClamWin\lib\datetime.pyd
MOD - [2004/05/25 20:18:42 | 000,495,616 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ssl.pyd
MOD - [2004/05/25 20:18:28 | 000,057,401 | ---- | M] () -- C:\Program Files\ClamWin\lib\_sre.pyd
MOD - [2004/05/25 20:18:20 | 000,049,212 | ---- | M] () -- C:\Program Files\ClamWin\lib\_socket.pyd
MOD - [2004/05/25 20:17:14 | 000,622,651 | ---- | M] () -- C:\Program Files\ClamWin\lib\_bsddb.pyd
MOD - [2004/01/15 13:45:22 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ctypes.pyd
MOD - [2003/10/01 12:40:00 | 002,240,512 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxc.pyd
MOD - [2003/10/01 10:43:02 | 003,239,936 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxmsw24h.dll
MOD - [2003/08/10 08:14:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\mxDateTime.pyd


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2013/08/16 14:55:50 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/06/08 09:03:26 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 09:03:14 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/10 06:09:07 | 000,158,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2007/02/17 07:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 07:03:58 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 07:03:58 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sbscrexe.exe -- (SBCore)
SRV - [2007/02/17 07:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 07:03:43 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 07:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 07:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2007/02/17 07:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc)
SRV - [2007/02/17 07:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc)
SRV - [2007/02/17 07:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc)
SRV - [2007/02/17 07:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc)
SRV - [2007/02/17 07:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/17 07:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/17 07:02:54 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2005/05/11 21:45:40 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2005/05/11 21:45:40 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2005/05/11 21:45:40 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2005/04/29 17:53:18 | 000,033,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector)
SRV - [2004/04/14 15:13:16 | 005,128,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS)
SRV - [2004/04/02 01:25:59 | 008,902,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA)
SRV - [2004/04/02 01:25:54 | 003,195,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2004/04/02 00:57:10 | 003,591,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA)
SRV - [2004/04/02 00:54:34 | 000,339,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS)
SRV - [2003/06/03 00:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/27 12:31:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/08/22 16:18:45 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/08/21 08:32:12 | 000,030,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/06/08 09:03:15 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/24 09:03:45 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/23 09:40:34 | 000,300,416 | ---- | M] (XGI Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xg20grp.sys -- (XGIGraphics_XG2X)
DRV - [2009/07/23 09:40:34 | 000,300,416 | ---- | M] (XGI Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xg20grp.sys -- (XGIGraphics)
DRV - [2007/12/17 17:23:56 | 000,010,240 | ---- | M] (Quantum Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qdatwin.sys -- (qdatwin)
DRV - [2007/02/16 23:29:40 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/16 23:06:42 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/16 23:02:56 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007/02/16 22:51:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2006/09/19 04:38:26 | 000,207,152 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Si3124r5.sys -- (Si3124r5)
DRV - [2006/07/12 05:42:42 | 000,017,328 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2005/03/24 18:25:38 | 000,049,664 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2005/03/24 18:06:56 | 000,113,664 | ---- | M] (Emulex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\lp6nds35.sys -- (lp6nds35)
DRV - [2005/03/24 18:05:10 | 000,027,648 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ipsraidn.sys -- (ipsraidn)
DRV - [2005/03/24 18:00:52 | 000,024,064 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2005/03/24 17:58:22 | 000,018,432 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqcissm.sys -- (cpqcissm)
DRV - [2005/03/24 10:55:32 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2005/01/17 17:02:18 | 000,127,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/02 00:08:21 | 000,195,968 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\exifs.sys -- (EXIFS)
DRV - [2003/06/11 23:05:00 | 000,008,960 | ---- | M] (Seagate Removable Storage Solutions, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pvdatw2k.sys -- (pvdatw2k)
DRV - [2003/03/24 23:13:08 | 000,022,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dellcerc.sys -- (dellcerc)
DRV - [2003/03/24 23:13:06 | 000,069,632 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqfcalm.sys -- (cpqfcalm)
DRV - [2003/03/24 23:13:04 | 000,015,360 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarry2.sys -- (cpqarry2)
DRV - [2003/03/24 23:05:22 | 000,221,696 | ---- | M] (Agilent Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\afcnt.sys -- (afcnt)
DRV - [2003/03/24 23:05:16 | 000,039,424 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpt3xx.sys -- (hpt3xx)
DRV - [2003/03/24 23:05:12 | 000,154,624 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2200.sys -- (ql2200)
DRV - [2003/03/24 23:05:12 | 000,130,560 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2100.sys -- (ql2100)
DRV - [2003/03/24 23:05:00 | 000,016,384 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet Service = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2005/05/11 21:45:40 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\RunOnce: [A0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233552906437 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ejd.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{526FCABE-EF64-4D0B-B389-B0B970E6F54F}: NameServer = 192.168.0.1,8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/20 07:18:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 12:31:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/08/27 12:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/08/26 09:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/08/22 16:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/08/22 16:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mbar
[2013/08/21 08:41:39 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/08/21 08:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/08/21 08:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2013/08/21 08:05:56 | 000,141,337 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2013/08/21 08:05:51 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2013/08/21 08:04:58 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2013/08/21 08:04:32 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2013/08/21 08:03:45 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2013/08/21 08:03:10 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2013/08/21 08:03:06 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2013/08/21 08:03:02 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2013/08/21 08:02:59 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2013/08/21 08:02:55 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2013/08/21 08:02:52 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2013/08/21 08:02:34 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2013/08/21 08:02:28 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2013/08/21 08:02:24 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2013/08/21 08:02:23 | 000,127,488 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2013/08/21 08:02:11 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2013/08/21 08:02:07 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2013/08/21 08:01:29 | 000,233,472 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2013/08/21 08:01:25 | 000,064,512 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2013/08/21 08:01:22 | 000,283,616 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2013/08/21 08:01:19 | 000,019,456 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2013/08/21 08:00:46 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2013/08/21 08:00:43 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2013/08/21 08:00:39 | 000,036,892 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2013/08/21 08:00:21 | 000,091,646 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2013/08/21 08:00:18 | 000,094,879 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2013/08/21 08:00:11 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2013/08/21 07:59:33 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2013/08/21 07:59:29 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2013/08/21 07:59:05 | 000,020,480 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2013/08/21 07:59:00 | 000,026,240 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2013/08/21 07:58:59 | 000,028,160 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2013/08/21 07:58:47 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2013/08/21 07:58:44 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2013/08/21 07:58:41 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2013/08/21 07:58:38 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2013/08/21 07:58:35 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2013/08/21 07:58:32 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2013/08/21 07:58:29 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2013/08/21 07:57:53 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2013/08/21 07:57:47 | 000,079,872 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2013/08/21 07:57:36 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2013/08/21 07:57:33 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2013/08/21 07:57:22 | 000,018,432 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2013/08/21 07:56:35 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2013/08/21 07:56:32 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2013/08/21 07:56:29 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2013/08/21 07:56:10 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2013/08/21 07:56:07 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2013/08/21 07:56:03 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2013/08/21 07:55:34 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2013/08/21 07:55:29 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2013/08/21 07:55:26 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2013/08/21 07:55:17 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2013/08/21 07:55:15 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2013/08/21 07:55:12 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2013/08/21 07:55:09 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2013/08/21 07:55:06 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2013/08/21 07:55:04 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2013/08/21 07:54:54 | 000,074,752 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2013/08/21 07:54:54 | 000,013,824 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2013/08/21 07:54:50 | 000,023,040 | ---- | C] (Macronix International Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2013/08/21 07:54:50 | 000,022,016 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2013/08/21 07:54:47 | 000,024,064 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2013/08/21 07:53:44 | 000,171,935 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2013/08/21 07:53:27 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2013/08/21 07:53:26 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2013/08/21 07:53:23 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2013/08/21 07:53:12 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2013/08/21 07:53:09 | 000,018,944 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2013/08/21 07:52:15 | 000,617,600 | ---- | C] (Intersil Americas Inc.) -- C:\WINDOWS\System32\dllcache\islp2nds.sys
[2013/08/21 07:52:10 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2013/08/21 07:50:18 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2013/08/21 07:50:15 | 000,020,480 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2013/08/21 07:49:38 | 000,033,597 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2013/08/21 07:49:27 | 000,053,760 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\faxinit.exe
[2013/08/21 07:49:25 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2013/08/21 07:48:24 | 000,032,606 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2013/08/21 07:48:15 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2013/08/21 07:48:13 | 000,369,085 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\diwansrv.sys
[2013/08/21 07:48:12 | 000,282,140 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2013/08/21 07:48:10 | 000,040,990 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2013/08/21 07:48:09 | 000,034,334 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2013/08/21 07:48:08 | 000,006,686 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2013/08/21 07:48:06 | 000,094,140 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2013/08/21 07:47:44 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2013/08/21 07:47:43 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2013/08/21 07:47:41 | 000,021,632 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2013/08/21 07:47:25 | 000,096,256 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2013/08/21 07:47:25 | 000,047,616 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2013/08/21 07:47:23 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2013/08/21 07:47:22 | 000,250,880 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2013/08/21 07:47:22 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2013/08/21 07:47:11 | 000,021,376 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2013/08/21 07:46:53 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2013/08/21 07:46:52 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2013/08/21 07:46:51 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2013/08/21 07:46:50 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2013/08/21 07:46:48 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2013/08/21 07:46:47 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2013/08/21 07:46:46 | 000,035,132 | ---- | C] (CARDBUSs) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2013/08/21 07:46:44 | 000,034,304 | ---- | C] (Eicon Networks Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2013/08/21 07:46:43 | 000,186,736 | ---- | C] (Eicon Networks) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2013/08/21 07:46:31 | 000,254,464 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\btdlld.dll
[2013/08/21 07:46:30 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/08/21 07:46:30 | 000,010,880 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/08/21 07:46:29 | 000,060,032 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/08/21 07:46:28 | 000,012,288 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/08/21 07:46:27 | 000,039,424 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/08/21 07:46:27 | 000,006,656 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/08/21 07:46:26 | 000,003,712 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/08/21 07:46:24 | 000,046,080 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/08/21 07:46:23 | 000,049,664 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/08/21 07:46:23 | 000,040,960 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/08/21 07:46:21 | 000,022,528 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/08/21 07:46:21 | 000,004,608 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/08/21 07:46:20 | 000,012,416 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/08/21 07:46:20 | 000,003,456 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/08/21 07:46:19 | 000,022,016 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/08/21 07:46:17 | 000,013,824 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/08/21 07:46:16 | 000,023,040 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/08/21 07:46:13 | 000,188,416 | ---- | C] (Brooktrout Technology Inc.) -- C:\WINDOWS\System32\dllcache\bfaxsnp.dll
[2013/08/21 07:46:13 | 000,073,728 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\bfaxtsp.tsp
[2013/08/21 07:46:12 | 000,077,824 | ---- | C] (Brooktrout Technology Inc.) -- C:\WINDOWS\System32\dllcache\bfaxdev.dll
[2013/08/21 07:46:12 | 000,061,440 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\bfaxfsp.dll
[2013/08/21 07:46:11 | 000,054,400 | ---- | C] (Brooktrout Technology) -- C:\WINDOWS\System32\dllcache\bfax.sys
[2013/08/21 07:46:08 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/08/21 07:46:08 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/08/21 07:46:07 | 000,092,800 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/08/21 07:46:05 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/08/21 07:46:05 | 000,037,888 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/08/21 07:46:04 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/08/21 07:45:23 | 000,048,896 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/08/21 07:45:10 | 000,673,728 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/08/21 07:45:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/08/21 07:45:08 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/27 13:23:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A8B8C95A-7D25-430C-B75A-3CFDB815E80F}.job
[2013/08/27 13:01:07 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2013/08/27 12:52:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/27 12:32:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/27 12:31:08 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/08/27 12:00:01 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{cfb8e587-22c2-11db-9b83-806e6f6e6963}.job
[2013/08/27 12:00:01 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{cfb8e588-22c2-11db-9b83-806e6f6e6963}.job
[2013/08/27 05:10:53 | 000,004,843 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2013/08/27 03:02:00 | 000,000,758 | ---- | M] () -- C:\WINDOWS\tasks\T.job
[2013/08/27 00:00:08 | 000,000,600 | ---- | M] () -- C:\WINDOWS\tasks\Back Up Small Business Server.job
[2013/08/26 21:52:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/26 09:21:36 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/26 09:13:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/26 09:11:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/08/22 16:18:45 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/22 01:16:06 | 004,733,947 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2013/08/22 00:10:22 | 000,149,673 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2013/08/21 08:37:20 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/08/21 08:36:41 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/21 08:36:41 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2013/08/21 08:32:12 | 000,030,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/08/21 08:30:17 | 001,024,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/21 08:30:16 | 000,279,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/21 08:24:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/21 07:40:55 | 000,001,409 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to INETCPL.CPL.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/27 12:32:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/26 09:21:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/22 16:18:45 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/21 08:36:41 | 000,002,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/21 08:36:41 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2013/08/21 08:02:33 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2013/08/21 08:02:32 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2013/08/21 08:02:32 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2013/08/21 07:57:23 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2013/08/21 07:57:23 | 000,135,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2013/08/21 07:57:10 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2013/08/21 07:57:09 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2013/08/21 07:57:09 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2013/08/21 07:57:09 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2013/08/21 07:57:08 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2013/08/21 07:57:08 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2013/08/21 07:57:08 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2013/08/21 07:57:08 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2013/08/21 07:57:07 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2013/08/21 07:57:06 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2013/08/21 07:57:06 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2013/08/21 07:54:17 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2013/08/21 07:51:48 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2013/08/21 07:51:32 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2013/08/21 07:50:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2013/08/21 07:47:10 | 000,001,849 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IIS_clusftp.vbs
[2013/08/21 07:47:04 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2013/08/21 07:47:03 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2013/08/21 07:47:03 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2013/08/21 07:47:02 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2013/08/21 07:47:02 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2013/08/21 07:47:01 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2013/08/21 07:47:01 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2013/08/21 07:47:01 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2013/08/21 07:47:00 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2013/08/21 07:46:59 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2013/08/21 07:45:58 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/08/21 07:45:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/08/21 07:45:57 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/08/21 07:45:56 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/08/21 07:45:55 | 000,017,536 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/08/21 07:45:55 | 000,017,536 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/08/21 07:45:54 | 000,050,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/08/21 07:45:54 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/08/21 07:45:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/08/21 07:45:42 | 000,046,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/08/21 07:40:55 | 000,001,409 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to INETCPL.CPL.lnk
[2013/08/21 06:21:33 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/01/10 16:03:22 | 004,733,947 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2013/01/10 16:03:10 | 000,149,673 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2013/01/10 12:26:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/24 00:17:32 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/03 22:51:40 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Administrator\elliott Contacts-GetProp.xml
[2006/08/03 22:51:39 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\Administrator\elliott Contacts-SetProp.xml
[2005/05/20 08:27:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/05/20 07:44:32 | 000,004,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005/05/20 07:15:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 11:57:24 | 001,520,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:02:57 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2007/02/17 07:03:19 | 000,278,016 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/07/23 16:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\F-Secure
[2012/05/06 16:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JAM Software
[2013/01/10 19:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2009/02/01 22:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2013/01/10 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/08/27 12:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/05/06 16:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,988 posts
Hello Bhzendner, Welcome to Malware Removal section of the forum.

My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

I need some time to revise your logs... In the meantime can you please post the Extras.txt log OTL created on the C:\Documents and Settings\Administrator\My Documents\Downloads?
Please move the OTL.exe from the Downloads folder to the Desktop it's better run the tool from there...
Also I would like you to run Malwarebytes click the Logs tab select the most recent one from the list and click the Open button. Notepad will open with the log please copy & paste it contents to your next post.

One question can you tell me exactly which programs complain about MSIMG32.dll is missing?

Thanks.
  • 0

#3
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
I am very lucky, two for the price of one.

OTL Extras logfile created on: 8/27/2013 12:33:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.40% Memory free
5.34 Gb Paging File | 3.89 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 500.47 Gb Total Space | 457.52 Gb Free Space | 91.42% Space Free | Partition Type: NTFS
Drive D: | 1360.55 Gb Total Space | 1277.46 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: SERVER1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.LPQJN55HYQ6FN3R7ZTBLSCOGSI] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Management Programs
"{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Windows Small Business Server ActiveSync
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{108BE742-0564-4734-AE54-74F81263FB04}" = Windows Small Business Server Licensing
"{2BFDA78F-39F7-4537-9995-71424CFA88BB}" = LogMeIn
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Windows Small Business Server Backup
"{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App
"{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring
"{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)
"{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
"{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup
"{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin
"{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
"{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Windows Small Business Server Fax
"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{A2B40ABC-025A-4389-8148-86CED357B259}" = Microsoft Connector for POP3 Mailboxes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
"{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Windows Small Business Server Documents
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Windows Small Business Server Connectivity
"{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Windows Small Business Server Client Experience
"{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Windows Small Business Server Remote Portal
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D846DDEE-EDF2-445F-96A4-175544202D32}" = Windows Small Business Server Fax Cfg
"{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common
"5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
"CCleaner" = CCleaner
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.8
"CleanUp!" = CleanUp!
"Defraggler" = Defraggler
"HitmanPro37" = HitmanPro 3.7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
"TreeSize Free_is1" = TreeSize Free V2.7
"WIC" = Windows Imaging Component
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2013 10:00:00 AM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e588-22c2-11db-9b83-806e6f6e6963}\'.

Error - 8/26/2013 10:00:00 AM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e587-22c2-11db-9b83-806e6f6e6963}\'.

Error - 8/26/2013 12:10:00 PM | Computer Name = SERVER1 | Source = Application Error | ID = 1000
Description = Faulting application HitmanPro.exe, version 3.7.7.203, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/26/2013 3:00:01 PM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e588-22c2-11db-9b83-806e6f6e6963}\'.

Error - 8/26/2013 3:00:01 PM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e587-22c2-11db-9b83-806e6f6e6963}\'.

Error - 8/27/2013 3:00:08 AM | Computer Name = SERVER1 | Source = SmallBusinessServer | ID = 1054210
Description = One or more components of Small Business Server Backup failed. For
more information, click Backup in Server Management, and view the log files.

Error - 8/27/2013 10:00:00 AM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e587-22c2-11db-9b83-806e6f6e6963}\'.

Error - 8/27/2013 10:00:01 AM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e588-22c2-11db-9b83-806e6f6e6963}\'.

Error - 8/27/2013 3:00:00 PM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e587-22c2-11db-9b83-806e6f6e6963}\'.

Error - 8/27/2013 3:00:00 PM | Computer Name = SERVER1 | Source = VSS | ID = 7001
Description = VssAdmin: Unable to create a shadow copy: Either the specified volume
was not found or it is not a local volume. Command-line: 'C:\WINDOWS\system32\vssadmin.exe
Create Shadow /AutoRetry=5 /For=\\?\Volume{cfb8e588-22c2-11db-9b83-806e6f6e6963}\'.

[ DNS Server Events ]
Error - 10/1/2012 11:39:35 AM | Computer Name = SERVER1 | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 10/1/2012 11:39:35 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 10/1/2012 11:39:35 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.ejd.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 10/1/2012 11:39:35 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 16.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 10/1/2012 11:39:35 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone ejd.local. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it. Check
that
the Active Directory is functioning properly and repeat enumeration of the zone.
The
extended error debug information (which may be empty) is "". The event data contains
the error.

Error - 8/21/2013 9:10:47 AM | Computer Name = SERVER1 | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 8/21/2013 9:10:47 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 8/21/2013 9:10:47 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.ejd.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 8/21/2013 9:10:47 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 16.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 8/21/2013 9:10:47 AM | Computer Name = SERVER1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone ejd.local. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it. Check
that
the Active Directory is functioning properly and repeat enumeration of the zone.
The
extended error debug information (which may be empty) is "". The event data contains
the error.

[ File Replication Service Events ]
Error - 5/3/2012 4:36:49 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/3/2012 4:36:49 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 4:36:50 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 4:36:50 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 9:03:27 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 9:03:27 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 9:24:37 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 9:24:37 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 10:16:41 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2012 10:16:41 PM | Computer Name = SERVER1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

[ System Events ]
Error - 8/20/2013 3:06:18 PM | Computer Name = SERVER1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/21/2013 9:18:01 AM | Computer Name = SERVER1 | Source = WLBS | ID = 458787
Description = NLB Cluster 0.0.0.0 : Cluster mode cannot be enabled due to parameter
errors. All traffic will be passed through to TCP/IP. Restart cluster operations
after fixing the problem by running 'wlbs reload' followed by 'wlbs start'.

Error - 8/21/2013 9:22:24 AM | Computer Name = SERVER1 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/21/2013 11:25:14 AM | Computer Name = SERVER1 | Source = WLBS | ID = 458787
Description = NLB Cluster 0.0.0.0 : Cluster mode cannot be enabled due to parameter
errors. All traffic will be passed through to TCP/IP. Restart cluster operations
after fixing the problem by running 'wlbs reload' followed by 'wlbs start'.

Error - 8/21/2013 11:26:22 AM | Computer Name = SERVER1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
crcdisk Si3124r5

Error - 8/25/2013 10:10:35 PM | Computer Name = SERVER1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NtFrs service.

Error - 8/25/2013 10:18:00 PM | Computer Name = SERVER1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NtFrs service.

Error - 8/25/2013 10:18:00 PM | Computer Name = SERVER1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NtFrs service.

Error - 8/25/2013 10:34:02 PM | Computer Name = SERVER1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NtFrs service.

Error - 8/25/2013 10:34:02 PM | Computer Name = SERVER1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NtFrs service.


< End of report >

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.10.10

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: SERVER1 [administrator]

1/10/2013 11:09:37 AM
mbam-log-2013-01-10 (11-09-37).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394493
Time elapsed: 3 hour(s), 1 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


When I try and Open Internet Explorer or when I try and open SuperAntiSpyware.
  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,988 posts
Hi,

Do you have another log on Malwarebytes that show what was detected before?
  • 0

#5
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
Here you go...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.21.04

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: SERVER1 [administrator]

8/21/2013 6:24:41 AM
mbam-log-2013-08-21 (06-24-41).txt

Scan type: Full scan (C:\|D:\|T:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416787
Time elapsed: 52 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\i386\MSADOMD.DL_ (Trojan.FavLock) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\msadomd.dll (Trojan.FavLock) -> Quarantined and deleted successfully.

(end)
  • 0

#6
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,988 posts
Hi Bhzendner,

I have checked your logs and I have some tasks for you...


Step 1 - Restore files

The files detected by Malwarebytes as Trojan's aren't infected its a False Positive you can confirm here.
Lets restore the files...

  • close all the other running programs, specially the Web browser
  • execute Malwarebytes Posted Image again
  • lets make sure the program is updated, click on tab Update next click the Check for Updates button
  • click on the tab Quarantine, select the files detected as Trojan.FavLock and click the Restore Button
  • you can close Malwarebytes


Step 2 - OTL Scan

Lets check for good copies of the file MSIMG32.dll...
  • Double click the OTL icon from your Desktop. Make sure all other windows are closed and let it run uninterrupted.
  • Click the Posted Image button. Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    /md5start
    MSIMG32.*
    /md5stop
    
  • Then click the Run Scan button at the top. The scan wont take long.
  • When the scan completes, it will open notepad with OTL.Txt. The file is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic


Step 3 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
Posted Image
  • Make sure the options Remove found threats and Scan Archives are Not ticked.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications

Step 4 - Security Check

Download Security Check by Screen317 from here or here.
  • Save it to the Desktop.
  • Right click on the icon Posted Image and choose Run as Administrator. Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I would like to see in your next reply:
  • Did the quarantined files restored ok?
  • The OTL log
  • The ESET log
  • The checkup.txt log

  • 0

#7
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
Restore good.


OTL logfile created on: 8/28/2013 2:03:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.82% Memory free
5.34 Gb Paging File | 4.12 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 500.47 Gb Total Space | 457.51 Gb Free Space | 91.42% Space Free | Partition Type: NTFS
Drive D: | 1360.55 Gb Total Space | 1277.46 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: SERVER1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: MSIMG32.DL_ >
[2005/05/11 21:45:40 | 000,001,658 | ---- | M] () MD5=678207C71DD545DA0C9EF4BF5268BBE8 -- C:\WINDOWS\i386\MSIMG32.DL_

< MD5 for: MSIMG32.DLL >
[2005/05/11 21:45:40 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=48E734A088CBA995DCED4557E2DD3111 -- C:\WINDOWS\system32\dllcache\msimg32.dll

< End of report >

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=294148b5f8c6794eabdb3ff881f45fd2
# engine=14938
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-28 10:28:44
# local_time=2013-08-28 03:28:44 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.2.3790 NT Service Pack 2
# compatibility_mode=2817 16777215 100 100 0 9695670 0 0
# scanned=183098
# found=1
# cleaned=0
# scan_time=4151
sh=851F55135FD4A5A3A631058F3CEAF43F4C12242B ft=1 fh=7865fbaf7b732973 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Administrator\My Documents\clamwin-0.97.8-setup.exe"

Results of screen317's Security Check version 0.99.73
Service Pack 2 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#8
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,988 posts
Hello Bhzendner,

Thanks for the logs. Now lets take care of the missing file, OTL found a good copy that we can use...
The ESET scan didn't like the clamwin setup file you have on the My Documents folder, make sure you download the install programs from the Official sites www.clamwin.com in this case, I just tested and the file clamwin-0.97.8-setup.exe from this site is clean!


Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Double click the OTL icon from your Desktop. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
    
    :Files
    C:\WINDOWS\system32\dllcache\msimg32.dll|C:\WINDOWS\system32\msimg32.dll /replace
    C:\Documents and Settings\Administrator\My Documents\clamwin-0.97.8-setup.exe
    
    :Commands
    [Reboot]
    
  • click the Run Fix button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Defrag

The Security Check report shows that you need to Defrag your C: drive if you don't have an SSD disk!.
You have Defraggler installed it's a good Disk Defrag but I personally recommend MyDefrag it's free and really defrag system locked files like the PageFile, registry files, etc... that other programs do not touch.


Things I would like to see in your next reply:
  • The OTL Fix log
  • After the reboot, is everything running OK now?

  • 0

#9
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
========== OTL ==========
========== FILES ==========
File C:\WINDOWS\system32\msimg32.dll not found.
C:\Documents and Settings\Administrator\My Documents\clamwin-0.97.8-setup.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 08292013_073746

When I tryed to download and run your defrag probram it downloaded, when run it gave me Unable to Locate Component - This application has failed to start because misimg32.dll was not found. Re-installing the application may fix this problem.

When I tryed to run IE I got Error Loading C:\Windows\System32\inetcpl.cpl. The specified module could not be found.

Yeks!!!!
  • 0

#10
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,988 posts
Hi,

Sorry I did a mistake on the OTL Fix script to restore the dll... :blush:

Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Double click the OTL icon from your Desktop. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
    
    :Files
    C:\WINDOWS\system32\msimg32.dll|C:\WINDOWS\system32\dllcache\msimg32.dll /replace
    
    :Commands
    [Reboot]
    
  • click the Run Fix button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.

  • 0

Advertisements


#11
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
It run and asked for a reboot, when I rebooted it came back up to a Dell screen, not icons, not task bar, just background.
I can run the task manager by pressing CTRL+ALT+DEL.
  • 0

#12
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,988 posts

It run and asked for a reboot, when I rebooted it came back up to a Dell screen, not icons, not task bar, just background.
I can run the task manager by pressing CTRL+ALT+DEL.


Hi,

From the Task Manager can you start Explorer?
Open the menu File > New Task (Run...) type explorer.exe and click OK

I would like you to test the disk for errors.

Open the Command Line
  • Click Start > Run > type cmd and press Enter
  • On the black window type the following, and press Enter:
    chkdsk /R /X C:
    
    When it ask if you want to do a scan on next restart answer Yes
  • Restart the computer

The scan will take some time... when it finish execute:
  • download ListChkdskResult
  • execute the file and accept all the windows prompts to authorize the program to run
  • Notepad will open with a report showing the chkdsk result
  • copy & paste the log to your reply

Let me know if after Check Disk the system loads normally or not.
  • 0

#13
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
explorer.exe says it is running but I still have a blank screen?

chkdsk says it will have to run on next boot.
  • 0

#14
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,988 posts

explorer.exe says it is running but I still have a blank screen?

chkdsk says it will have to run on next boot.


Ok, Please reboot and let chkdsk run the scan.
Then try to boot normally.
  • 0

#15
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
Looks normal when booting now, thanks.

ListChkdskResult by SleepyDude v0.1.6 Beta | 17-06-2013

------< Log generate on 8/30/2013 7:44:09 AM >------
Category: 0
Computer Name: SERVER1
Event Code: 1001
Record Number: 814100
Source Name: Winlogon
Time Written: 20120504180415.000000-420
Event Type: Information
User:
Message: Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x59ba for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x59ba for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0xbf6e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 49006.
The file reference 0x158a000000000327 of index entry avh_avmisc of index $I30
with parent 0x68de is not the same as 0x158b000000000327.
Deleting index entry avh_avmisc in index $I30 of file 26846.
The file reference 0x2bac0000000000a6 of index entry avh_avpe of index $I30
with parent 0x68de is not the same as 0x2bad0000000000a6.
Deleting index entry avh_avpe in index $I30 of file 26846.
The file reference 0x158a000000000327 of index entry AVH_AV~1 of index $I30
with parent 0x68de is not the same as 0x158b000000000327.
Deleting index entry AVH_AV~1 in index $I30 of file 26846.
The file reference 0x1591000000000384 of index entry avh_BLENG of index $I30
with parent 0x68de is not the same as 0x1592000000000384.
Deleting index entry avh_BLENG in index $I30 of file 26846.
The file reference 0x1591000000000384 of index entry AVH_BL~1 of index $I30
with parent 0x68de is not the same as 0x1592000000000384.
Deleting index entry AVH_BL~1 in index $I30 of file 26846.
The file reference 0xb7470000000000a9 of index entry avh_libradb of index $I30
with parent 0x68de is not the same as 0xb7480000000000a9.
Deleting index entry avh_libradb in index $I30 of file 26846.
The file reference 0xb7470000000000a9 of index entry AVH_LI~1 of index $I30
with parent 0x68de is not the same as 0xb7480000000000a9.
Deleting index entry AVH_LI~1 in index $I30 of file 26846.
The file reference 0x52e10000000002a0 of index entry avh_oriondb of index $I30
with parent 0x68de is not the same as 0x52e20000000002a0.
Deleting index entry avh_oriondb in index $I30 of file 26846.
The file reference 0x52e10000000002a0 of index entry AVH_OR~1 of index $I30
with parent 0x68de is not the same as 0x52e20000000002a0.
Deleting index entry AVH_OR~1 in index $I30 of file 26846.
The file reference 0xcd4c00000000032d of index entry avh_SWCDB of index $I30
with parent 0x68de is not the same as 0xcd4d00000000032d.
Deleting index entry avh_SWCDB in index $I30 of file 26846.
The file reference 0xcd4c00000000032d of index entry AVH_SW~1 of index $I30
with parent 0x68de is not the same as 0xcd4d00000000032d.
Deleting index entry AVH_SW~1 in index $I30 of file 26846.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Recovering orphaned file avh_avpe (166) into directory file 26846.
Recovering orphaned file AVH_LI~1 (169) into directory file 26846.
Recovering orphaned file avh_libradb (169) into directory file 26846.
Recovering orphaned file AVH_OR~1 (672) into directory file 26846.
Recovering orphaned file avh_oriondb (672) into directory file 26846.
Recovering orphaned file AVH_AV~1 (807) into directory file 26846.
Recovering orphaned file avh_avmisc (807) into directory file 26846.
Recovering orphaned file AVH_SW~1 (813) into directory file 26846.
Recovering orphaned file avh_SWCDB (813) into directory file 26846.
Recovering orphaned file AVH_BL~1 (900) into directory file 26846.
Recovering orphaned file avh_BLENG (900) into directory file 26846.
Cleaning up 427 unused index entries from index $SII of file 0x9.
Cleaning up 427 unused index entries from index $SDH of file 0x9.
Cleaning up 427 unused security descriptors.
Inserting data attribute into file 49006.
CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0x2c576e2a0 in file 0x1e3c
should be filled with zeros.
Repairing Usn Journal file record segment.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

20972857 KB total disk space.
20333980 KB in 45776 files.
13208 KB in 3225 indexes.
0 KB in bad sectors.
621793 KB in use by the system.
43536 KB occupied by the log file.
3876 KB available on disk.

4096 bytes in each allocation unit.
5243214 total allocation units on disk.
969 allocation units available on disk.

Internal Info:
60 cb 00 00 76 bf 00 00 53 e5 00 00 00 00 00 00 `...v...S.......
b1 00 00 00 02 00 00 00 3d 03 00 00 00 00 00 00 ........=.......
e6 15 7b 01 00 00 00 00 d8 53 41 1f 00 00 00 00 ..{......SA.....
90 b6 e3 0c 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 84 49 87 91 00 00 00 00 .........I......
99 9e 36 00 00 00 00 00 38 36 07 00 d0 b2 00 00 ..6.....86......
00 00 00 00 00 70 16 d9 04 00 00 00 99 0c 00 00 .....p..........

Windows has finished checking your disk.
Please wait while your computer restarts.


-----------------------------------------------------------------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP