hello again again thank you for your help!
ok some things i noticed:
if i right-click on desktop for propertys it tries to download a program for ati control center but is fact a virus???
i ran anti virus lastnight kapspersky took 7 hours it found 5 objects!
ran disk clean up-- cleaned registry - 2500 deleted
ran defrag
avast or windows firewall or any protection wont run
windows says firewall service wont start
access deined in many of these
sorry i know my hard drive is shot, have plans to get new one but i dont work in the winter semi retired=no money right now = wife pays the bills with very little leftover, wont have anything till jan. 8th. will do dust clean up and replace fans as they are making noise all the time, we knew it going bad, have plans for new computer this summer was hoping to keep this runing till then.
again i hope we can solve this virus problem soon , will buy antivirus program soon, for now i have to rely on the frebees.
again thank you!!
here is the OTL logs:
OTL logfile created on: 12/20/2013 11:24:52 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\DUANE\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.52 Mb Total Physical Memory | 144.83 Mb Available Physical Memory | 28.76% Memory free
1.94 Gb Paging File | 1.55 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 50.11 Gb Free Space | 73.30% Space Free | Partition Type: NTFS
Drive E: | 641.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: WHITE-10-1-12 | User Name: DUANE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/12/19 18:08:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DUANE\My Documents\Downloads\OTL.exe
PRC - [2013/12/19 16:15:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (No Company Name) ========== MOD - [2013/12/19 16:15:24 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/10 14:23:18 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 14:23:04 | 017,403,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c5e68e15ca94f18f85d08eb540813e7e\System.ServiceModel.ni.dll
MOD - [2013/10/10 14:22:20 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1eafc09c8916071b7e6dfd64a5df45ab\System.IdentityModel.ni.dll
MOD - [2013/08/15 19:36:22 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/15 19:35:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 19:31:36 | 000,366,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f483017c91473489833e9f7190a4010e\SMSvcHost.ni.exe
MOD - [2013/08/15 19:31:32 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5610aec044605e6848086b4454ee2e15\SMDiagnostics.ni.dll
MOD - [2013/08/15 19:29:35 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 18:50:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_61006214\mscorlib.dll
MOD - [2013/08/15 18:47:19 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_41422eb6\system.drawing.dll
MOD - [2013/08/15 18:43:20 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_57b552e6\system.xml.dll
MOD - [2013/08/15 18:41:33 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ec412699\system.windows.forms.dll
MOD - [2013/08/15 18:39:39 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e62f4041\system.dll
MOD - [2013/08/15 18:38:55 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/08/15 18:38:51 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/08/15 18:38:47 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/08/15 18:38:40 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/08/15 18:06:19 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 17:56:00 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/08/15 17:55:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/10/01 19:07:45 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012/10/01 19:07:45 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2012/10/01 19:07:44 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
========== Services (SafeList) ========== SRV - [2013/12/19 16:15:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/11 01:38:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/12/19 16:15:28 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/19 16:15:28 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/19 16:15:28 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/19 16:15:28 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/19 16:15:28 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/19 16:15:28 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/12/19 16:15:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2013/03/17 15:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DUANE\Application Data\Mozilla\Firefox\Profiles\0\extensions
[2013/03/17 15:41:17 | 000,213,444 | ---- | M] () (No name found) -- C:\Documents and Settings\DUANE\Application Data\Mozilla\Firefox\Profiles\0\extensions\
[email protected] ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url =
http://search.condui...=CT3306061&UM=2CHR - default_search_provider: suggest_url =
http://suggest.searc...3721425726&UM=2,
CHR - homepage:
http://www.google.comCHR - Extension: Google Wallet = C:\Documents and Settings\DUANE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\DUANE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2013/12/19 00:35:01 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SCAPI: Flags = 1051650
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate...b?1349132503187 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCEA5834-4843-4346-AA87-E27E9D870192}: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DUANE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/01 15:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/03/25 18:03:42 | 000,024,576 | R--- | M] () - E:\AutoRunMorrowind.exe -- [ CDFS ]
O32 - AutoRun File - [2002/04/03 18:12:04 | 000,000,150 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/12/19 23:13:34 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/12/19 18:24:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/12/19 18:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/12/19 18:09:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/19 16:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\AVAST Software
[2013/12/19 16:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/12/19 16:15:43 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/19 16:15:42 | 000,775,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/19 16:15:41 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/19 16:15:40 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/19 16:15:39 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/19 16:15:34 | 000,270,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/19 16:15:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/19 16:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/19 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2013/12/19 13:26:41 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\pvvothin.sys
[2013/12/19 13:25:50 | 000,410,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\tkrncidf.sys
[2013/12/19 12:37:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/19 08:52:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 07:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/19 07:21:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/19 07:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/19 00:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/18 22:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VIPRE
[2013/12/18 22:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/12/18 22:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Local Settings\Application Data\VIPRE
[2013/12/18 22:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\VIPRE
[2013/12/18 20:15:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/18 16:55:34 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2013/12/18 03:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/12/18 00:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2013/12/18 00:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2013/12/17 21:50:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/12/17 20:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Desktop\MARILYN'S NOTES
[2013/12/17 20:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Desktop\MARILYN'S PICTURES
[2013/12/17 15:37:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/12/17 15:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/17 14:10:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/17 14:07:47 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/17 13:58:49 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/12/17 13:58:48 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/12/17 13:58:48 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/12/17 13:58:47 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/12/17 13:58:46 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2013/12/17 13:58:45 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2013/12/17 13:58:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2013/12/17 13:58:35 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2013/12/17 13:58:35 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2013/12/17 13:58:33 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2013/12/17 13:58:32 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2013/12/17 13:58:31 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2013/12/17 13:58:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2013/12/17 13:58:30 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2013/12/17 13:58:30 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2013/12/17 13:58:29 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2013/12/17 13:58:26 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2013/12/17 13:58:26 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2013/12/17 13:58:24 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/12/17 13:58:24 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2013/12/17 13:58:23 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2013/12/17 13:58:23 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2013/12/17 13:58:08 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2013/12/17 13:58:07 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2013/12/17 13:58:06 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2013/12/17 13:58:05 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/12/17 13:58:05 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2013/12/17 13:58:04 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2013/12/17 13:58:04 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2013/12/17 13:58:03 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2013/12/17 13:58:02 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2013/12/17 13:58:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2013/12/17 13:57:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2013/12/17 13:53:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2013/12/17 13:53:05 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/12/17 13:53:04 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/12/17 13:53:04 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/12/17 13:53:03 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/12/17 13:53:03 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/12/17 13:53:02 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2013/12/17 13:53:02 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2013/12/17 13:53:01 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/12/17 13:52:59 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2013/12/17 13:52:59 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2013/12/17 13:52:58 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2013/12/17 13:52:57 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/12/17 13:52:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2013/12/17 13:52:56 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2013/12/17 13:52:56 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2013/12/17 13:52:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2013/12/17 13:52:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2013/12/17 13:52:53 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/12/17 13:52:53 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/12/17 13:52:52 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/12/17 13:52:52 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2013/12/17 13:52:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/12/17 13:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/12/17 13:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/12/16 13:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\ElevatedDiagnostics
[2013/12/16 13:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/12/16 13:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/12/16 11:22:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/12/16 11:11:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2013/12/15 21:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2013/12/15 19:40:03 | 000,000,000 | ---D | C] -- C:\yenicag
[2013/12/15 08:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\ImgBurn
[2013/12/15 00:49:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/12/15 00:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2013/12/15 00:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/12/14 22:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SysTools BKF Recovery
[2013/12/14 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools BKF Recovery
[2013/12/14 14:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\1 NTFS
[2013/12/13 01:25:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/12/12 10:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\Help
[2013/12/12 10:21:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/12/12 09:56:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/12/12 05:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Local Settings\Application Data\Help
[2013/12/12 02:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Desktop\MORE PROGRAMS
[2013/12/11 18:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/12/11 17:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\Malwarebytes
[2013/12/11 17:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/26 04:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUANE\Application Data\Tibia
[2013/11/26 04:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tibia
[2013/11/26 04:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia
[2013/11/25 22:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\sd_old
[2013/11/25 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/11/25 15:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/11/25 15:36:21 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2013/11/25 15:36:21 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2013/11/25 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/11/24 17:11:13 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/24 16:19:21 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2013/11/24 16:19:21 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2013/11/24 16:19:18 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys
[2013/11/24 16:19:18 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2013/11/24 16:19:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2013/11/24 16:19:12 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2013/11/24 16:19:10 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2013/11/24 16:19:10 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/11/24 16:19:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\OemDir
[2013/11/24 16:19:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2013/11/23 23:43:22 | 000,000,000 | ---D | C] -- C:\ARENA
[2013/11/22 18:35:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2013/11/22 18:35:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2013/11/22 18:35:39 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2013/11/22 18:35:38 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2013/11/22 18:35:33 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2013/11/22 18:35:28 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2013/11/22 18:35:22 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2013/11/22 18:35:11 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/12/20 10:58:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/20 10:57:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/20 10:57:58 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/20 10:57:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/20 10:57:41 | 528,052,224 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/20 10:47:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/20 10:37:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/20 01:18:49 | 000,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2013/12/19 23:13:35 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/12/19 23:13:16 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 21:05:52 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2013/12/19 16:29:01 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/19 16:15:28 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/19 16:15:28 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/19 16:15:28 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/19 16:15:28 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/19 16:15:28 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/19 16:15:28 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/19 16:15:28 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/19 16:15:26 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/19 16:15:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/19 13:26:41 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\pvvothin.sys
[2013/12/19 13:25:50 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\tkrncidf.sys
[2013/12/19 07:22:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/19 00:40:44 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/19 00:35:01 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/12/19 00:34:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/12/19 00:34:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/12/19 00:24:41 | 000,519,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/19 00:24:41 | 000,089,142 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/18 22:04:42 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/18 16:55:34 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2013/12/18 05:22:46 | 000,005,384 | ---- | M] () -- C:\Documents and Settings\DUANE\Desktop\MarilynYEARbook1965.jpg
[2013/12/17 15:37:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/12/17 10:29:37 | 000,162,010 | ---- | M] () -- C:\Documents and Settings\DUANE\My Documents\DIAG_MATS_NETWORK_global.DiagCab
[2013/12/17 00:14:49 | 233,677,824 | ---- | M] () -- C:\Documents and Settings\DUANE\My Documents\Backup.bkf
[2013/12/16 15:58:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/16 12:26:14 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config
[2013/12/16 02:10:49 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/15 21:41:23 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/12/15 19:05:32 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apphelp.dll
[2013/12/15 01:08:22 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\mbam.context.scan
[2013/12/15 00:48:52 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/12/15 00:48:52 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/12/14 23:05:27 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/14 23:05:27 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\DUANE\Desktop\Windows Media Player.lnk
[2013/12/14 22:28:23 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\DUANE\Application Data\winscp.rnd
[2013/12/14 18:53:38 | 000,250,048 | ---- | M] () -- C:\WINDOWS\System32\ntldr
[2013/12/14 18:52:30 | 000,047,564 | ---- | M] () -- C:\WINDOWS\System32\NTDETECT.COM
[2013/12/13 14:27:06 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2013/12/13 14:27:06 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rcp.exe
[2013/12/13 09:32:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/12 16:28:43 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\filemgmt.dll
[2013/12/12 16:28:43 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filemgmt.dll
[2013/12/12 16:10:02 | 000,092,715 | ---- | M] () -- C:\WINDOWS\System32\services.msc
[2013/12/12 05:31:12 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2013/12/11 01:37:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 01:37:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/10 16:07:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/12/05 03:47:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/11/26 04:19:29 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/11/24 16:19:23 | 000,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2013/11/24 16:19:23 | 000,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2013/11/24 16:19:20 | 000,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys
[2013/11/24 16:19:20 | 000,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2013/11/24 16:19:17 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2013/11/24 16:19:15 | 000,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2013/11/24 16:19:12 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2013/11/24 16:19:12 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/11/24 16:19:05 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/12/19 21:05:52 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2013/12/19 20:41:40 | 528,052,224 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/19 16:29:01 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/19 16:28:25 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/19 16:15:43 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/19 16:15:40 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/19 14:48:26 | 000,078,048 | ---- | C] () -- C:\Documents and Settings\DUANE\Desktop\comexp.msc
[2013/12/19 07:22:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 05:22:28 | 000,005,384 | ---- | C] () -- C:\Documents and Settings\DUANE\Desktop\MarilynYEARbook1965.jpg
[2013/12/17 15:37:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/12/17 15:37:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/12/17 13:58:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/12/17 13:58:40 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/12/17 13:58:39 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/12/17 13:58:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/12/17 13:58:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/12/17 13:58:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/12/17 13:58:36 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/12/17 13:58:36 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/12/17 13:58:34 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/12/17 13:58:29 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/12/17 10:29:37 | 000,162,010 | ---- | C] () -- C:\Documents and Settings\DUANE\My Documents\DIAG_MATS_NETWORK_global.DiagCab
[2013/12/16 22:03:54 | 233,677,824 | ---- | C] () -- C:\Documents and Settings\DUANE\My Documents\Backup.bkf
[2013/12/16 12:26:14 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2013/12/15 00:48:52 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/12/15 00:48:52 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/12/14 23:05:27 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/14 23:05:27 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\DUANE\Desktop\Windows Media Player.lnk
[2013/12/14 18:53:42 | 000,250,048 | ---- | C] () -- C:\WINDOWS\System32\ntldr
[2013/12/14 18:53:14 | 000,047,564 | ---- | C] () -- C:\WINDOWS\System32\NTDETECT.COM
[2013/12/13 14:33:22 | 000,075,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/12/13 14:28:14 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\mbam.context.scan
[2013/12/13 09:18:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\DUANE\Application Data\winscp.rnd
[2013/12/12 11:15:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/26 07:22:16 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/26 04:19:29 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2013/11/17 01:27:13 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2013/07/21 13:19:36 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2012/10/05 09:30:12 | 207,830,277 | ---- | C] () -- C:\Program Files\DarkAges735single.exe
[2012/10/02 11:53:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\DUANE\Local Settings\Application Data\fusioncache.dat
[2012/10/02 10:45:33 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2012/10/02 10:45:24 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/10/02 10:45:22 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/10/02 10:45:17 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/10/01 16:42:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/10/01 15:10:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/01 15:03:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/01 07:52:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/01 07:51:27 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== ZeroAccess Check ========== [2012/10/01 18:30:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 13:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== < MD5 for: ATAPI.SYS >[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\All Users\Documents\1 NTFS\LostFiles1\sp3.cab:atapi.sys
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\All Users\Documents\1 NTFS\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\WudfSvc.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rcp.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\apphelp.dll:SummaryInformation
< End of report >
next:
OTL Extras logfile created on: 12/20/2013 11:24:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\DUANE\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
503.52 Mb Total Physical Memory | 144.83 Mb Available Physical Memory | 28.76% Memory free
1.94 Gb Paging File | 1.55 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 50.11 Gb Free Space | 73.30% Space Free | Partition Type: NTFS
Drive E: | 641.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: WHITE-10-1-12 | User Name: DUANE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [doshere] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E98E2A33-05D1-476B-B81B-40F4BD957056}" = Windows Home Server Home Computer Restore CD (Dual Boot)
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avast" = avast! Free Antivirus
"FileASSASSIN" = FileASSASSIN
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Linkrealms_is1" = Linkrealms version 1.0.3.95
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SysTools BKF Recovery_is1" = SysTools BKF Recovery v5.4
"Tibia_is1" = Tibia
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Peregrine's Song" = Peregrine's Song
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. [ Application Events ]
Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. Error - 12/20/2013 1:24:41 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:24:54 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:55 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:57:58 PM | Computer Name = WHITE-10-1-12 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. Error - 12/20/2013 1:58:03 PM | Computer Name = WHITE-10-1-12 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_WHITE-10-1-12 is disabled.
Some IIS functions can fail for this reason. For additional information specific
to this message please visit the Microsoft Online Support site located at:
http://www.microsoft...ntredirect.asp. [ System Events ]
Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.
Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.
Error - 12/20/2013 1:33:35 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7031
Description = The Net.Tcp Port Sharing Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 300000
milliseconds: Restart the service.
Error - 12/20/2013 1:43:17 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5
Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%5
Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Alerter service failed to start due to the following error: %%1079
Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%5
Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%5
Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5
Error - 12/20/2013 1:58:07 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%5
[ System Events ]
Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.
Error - 12/20/2013 1:26:16 PM | Computer Name = WHITE-10-1-12 | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.
Error - 12/20/2013 1:33:35 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7031
Description = The Net.Tcp Port Sharing Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 300000
milliseconds: Restart the service.
Error - 12/20/2013 1:43:17 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5
Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%5
Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Alerter service failed to start due to the following error: %%1079
Error - 12/20/2013 1:58:05 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%5
Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%5
Error - 12/20/2013 1:58:06 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5
Error - 12/20/2013 1:58:07 PM | Computer Name = WHITE-10-1-12 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%5
< End of report >