Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FixMBR error message - Non-Standard or Invalid Master Boot Record

Started by vhende2000 , Apr 07 2014 07:03 PM
MBR

  • Please log in to reply

#1
vhende2000
Posted 07 April 2014 - 07:03 PM

vhende2000

    Member

  • Member
  • PipPip
  • 67 posts

C:\Windows: FixMBR with error message "This computer appears to have a Non-Standard or Invalid Master Boot Record"

 

 

I have a Gateway Desktop 5310S x86 PC with Windows XP Home Edition SP3 (build 2600) and IE8 with a NEX CD/DVD drive. 

 

I have (1) Seagate ST3120026AS 120GB (SATA) Harddrive with 79GB free, divided into (2) partitions:  [System] 116GB on Local Disk C:\ (NTFS on drive 0) with 78GB free, and [Recovery] 3.83GB on Local Disk D:\ (FAT32 on drive 0) with 1.55GB free.  I have the XP Recovery Console on the D:\ drive.

I have all the latest Microsoft, FlashPlayer, and IE8 Updates.

 

My security software mainly consists of MSE, free version of MalwareBytesAntiMalware (MBAM), and free version of SuperAntiSpyware (SAS), plus the occassional use of MBAR, (MalwaleBytesAntiRootkit beta), HitmanPro, GAMR 2.1, Avast aswMBR, Rkill, NPE, adwCleaner, BitDefender, Kaspersky Rescue Disk 10. and Hiren's BootCD 15.2. to name a few.  I do not use them all at once.  And only sparingly at that.

 

I can boot OK and can search the Internet with only a little trouble (mostly running slow).

 

About 8 months ago, after going nearly 7 years with my current setup and not having any troubles with XP at all, I started getting suddenly (overnight) a few nuisance problems like not being able to view Hulu movies online without the video and the audio being completely out of sync especially in the full screen mode.

 

I worked with Hulu support, Adobe support, Microsoft support and whomever support without geting an adequate fix.  Then I started noticing editor errors while trying to work with Microsoft's Community Forums.  The problem could not be duplicated by others in the forums, so that problem is still unresolved.  I see Netflix movies just fine.  And I have tried every possible older version of FlashPlayer and the latest version to cure the problem and nothing works.

 

Then other strange little quirky problems kept cropping up with searching and displaying online articles.  I even had problems accessing the Recovery Console upon boot up, but kept working on it until I can now reach the recovery Console for XP home on the harddrive.  I do not have an original XP setup disk, only (4) "Master" Recovery Disks, whatever that even means, created at time of first bootup out of the "cow" box.  Moo, Gateway!

 

I tried all the programs above, suspecting viruses of some sort, but could not identify any direct causes.  Nothing was found to explain the issues. 

Then someone suggested that it may be a virus in the MBR.

 

So I entered the Recovey Console, drive C:\Windows and tried running fixMBR and discovered the error message about Non-Standard or Invalid Master Boot Record.  It tells me Caution, I might really screwup the MBR so I proceeded no further until getting expert help.

 

I even have problems booting my Hiren's BootCD.  I get to the main screen, choose English and then it just crashes.

Similar to booting my BitDefender disk.  On it, I get to the main screen, choose an option and then files start loading.

Then everything just stops and it goes to a black background with a really vivid, colorful image of what appears to be a big mechanical shark, on fire and splashing water. 

Nice artwork and all that, but nothing further happens.  I have to exit out by literally pulling the AC plug out of the socket.  Anyone seen this before? 

Too bad I can't send you a picture.  You'd be impressed!

 

I really hope you folks have some tricks up your sleeves.

 

I have worked on computers since they originally came out (think IBM punch cards) and I have a BSEE degree and used to be a network administrator on a huge network (Veterans Affairs worldwide network system). 

So I can turn a few screwdrivers, even one-handed!    ;)

 

I cannot buy a new PC right now, and have to keep XP running at least for a while. 

I am retired and on limited income and a severe budget (it's called having a wife).

 

Thanks for any assistance you can give me. 

 

 

Grab your coffee cups, it's going to be a long shift!

 

Vernon

 

OTL.txt file attached

 

OTL logfile created on: 4/7/2014 5:15:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop\Anti-Malware Anti-Spyware & Anti-Virus\AntiMalware Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 56.00% Memory free
2.83 Gb Paging File | 2.34 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.21 Gb Total Space | 72.43 Gb Free Space | 66.94% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 1.45 Gb Free Space | 40.61% Space Free | Partition Type: FAT32

Computer Name: DALE-CB294F83A9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/07 17:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Anti-Malware Anti-Spyware & Anti-Virus\AntiMalware Programs\OTL.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 19:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/11/04 03:54:11 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE


========== Modules (No Company Name) ==========

MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/04/09 00:40:34 | 003,470,848 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/18 19:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/18 19:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
MOD - [2008/01/08 17:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll


========== Services (SafeList) ==========

SRV - [2014/03/12 22:53:08 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 16:50:04 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/15 08:31:31 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 12:40:34 | 000,398,704 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/11/04 03:54:11 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/05/05 01:53:00 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - [2014/01/02 16:13:25 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/06/04 17:26:05 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/04/30 01:18:22 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2012/01/18 16:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 16:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/06/01 22:37:28 | 000,463,872 | ---- | M] (Belkin Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGD.sys -- (BLKWGD)
DRV - [2004/08/12 20:45:52 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/21 18:51:34 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5)
DRV - [2003/12/30 07:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.                                               ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...nType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {963BE09C-BA62-4C1C-BD8C-AAEBC11D1534}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{963BE09C-BA62-4C1C-BD8C-AAEBC11D1534}: "URL" = http://www.google.co...1I7GGHP_enUS509
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...13,20031,0,8,0"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/04/07 12:46:34 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/25 21:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/12/07 12:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2014/02/09 23:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2014/02/14 04:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/06/08 00:18:06 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2014/01/27 00:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/02/14 04:13:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2014/02/14 04:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\luz4sz2f.default\extensions
[2014/02/14 04:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcnrif9.default\extensions
[2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/04/17 08:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/12/23 19:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/13 19:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/25 20:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/02/25 20:27:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/24 13:47:23 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([answers] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1350107789500 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349327248093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341169362656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EAC6EB-FFA1-4580-A258-B439D75AB047}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AB0CAF0-CE5C-4C63-B8DA-E7940C0C142F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | --S- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/07 17:05:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/06 23:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Rescue Disk Info
[2014/04/06 21:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2014/04/06 21:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/04/06 21:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014/04/06 19:06:13 | 000,000,000 | ---D | C] -- C:\cce_linux
[2014/04/04 18:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaspersky Rescue Disk 10 Info
[2014/04/03 23:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Boot_CD.exe DiskInternals Research
[2014/04/03 22:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\nLite
[2014/04/03 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2014/04/03 22:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
[2014/04/03 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Smart File Advisor
[2014/04/03 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2014/04/03 21:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\XPCD
[2014/04/02 23:33:36 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/02 21:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/04/01 23:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2014/04/01 22:40:34 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/31 23:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BitDefender Info
[2014/03/31 23:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\InfraRecorder
[2014/03/31 21:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Recovery Console Info
[2014/03/31 21:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\InstallShield Help
[2014/03/23 17:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Nancy's Stuff
[2014/03/22 22:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ImgBurn
[2014/03/21 23:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2014/03/21 22:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/03/21 22:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/03/21 22:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect
[2014/03/19 23:33:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/03/19 02:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\DiskInternals
[2014/03/19 02:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2014/03/16 22:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2005/10/31 19:31:16 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/07 17:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{42A951E1-2420-488F-90DF-B97E760D7A04}.job
[2014/04/07 17:14:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/07 17:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/07 17:03:19 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware and Spyware Cleaning Guide - Virus, Spyware, Malware Removal.url
[2014/04/07 16:27:37 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/04/07 16:18:27 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/07 16:17:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
[2014/04/07 16:17:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/07 16:17:31 | 1600,962,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/07 05:30:46 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VernonD - Microsoft Community.url
[2014/04/06 23:17:17 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
[2014/04/06 18:22:02 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
[2014/04/06 02:23:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/04 18:41:01 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How-To Geek.url
[2014/04/04 16:02:32 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
[2014/04/03 23:41:52 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
[2014/04/03 23:17:59 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
[2014/04/03 20:28:32 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\how to boot into miniXP - Google Search.url
[2014/04/01 22:40:34 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/01 22:38:59 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/01 22:00:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2014/03/25 19:45:22 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/25 13:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/22 20:53:40 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited  Support  How-To Guides.url
[2014/03/21 23:40:04 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2014/03/21 22:34:14 | 000,000,000 | ---- | M] () -- C:\END
[2014/03/19 23:50:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/19 03:19:00 | 1040,355,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2014/03/19 02:24:21 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
[2014/03/19 02:21:39 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
[2014/03/19 02:12:50 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
[2014/03/19 01:43:48 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
[2014/03/18 23:38:42 | 000,594,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/18 23:38:41 | 000,118,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/18 00:13:02 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/17 22:09:39 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[XP Pro] XP3 - regsvcs.exe crash on new install - Microsoft  DSLReports Forums.url
[2014/03/17 01:56:23 | 000,000,288 | ---- | M] () -- C:\boot.ini
[2014/03/16 23:19:51 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/16 19:03:15 | 000,000,421 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fastdetect command - Yahoo Search Results.url
[2014/03/16 17:53:34 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Boot.ini - How to Use and Edit Boot.ini in Windows XP.url
[2014/03/15 20:26:21 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows XP 1 Dminint, boot ini file, boot partition.url
[2014/03/14 10:50:14 | 000,000,547 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Consumers embrace new (and cheaper) ways to watch TV - Yahoo Homes.url
[2014/03/13 23:35:17 | 000,002,767 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gateway Windows XP Recovery  eHow.url
[2014/03/12 23:00:09 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xp_rec_con.iso
[2014/03/12 22:03:23 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How to take ownership of a file or a folder in Windows XP.url
[2014/03/11 00:13:56 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gateway Support - Windows XP is not starting due to missing or corrupt files..url
[2014/03/10 18:56:07 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gateway Support - Non-Destructive System Restore (Recommended) Using Gateway System Recovery Windows XP Hard Drive.url
[2014/03/10 16:29:55 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gateway Support - 1008368 Gateway 5310S Desktop Computer.url
[2014/03/09 22:10:51 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\consumer.installshield.com..url
[2014/03/09 22:00:42 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Error Windows Installer service could not be accessed occurs when you try to add or remove a program in Windows XP or Windows Server 2003.url
[2014/03/09 02:00:17 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/07 17:03:19 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware and Spyware Cleaning Guide - Virus, Spyware, Malware Removal.url
[2014/04/06 23:17:17 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
[2014/04/04 18:40:52 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How-To Geek.url
[2014/04/04 16:02:32 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
[2014/04/03 23:41:52 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
[2014/04/03 23:17:59 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
[2014/04/03 23:17:43 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
[2014/04/02 06:39:51 | 1600,962,560 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/01 22:00:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2014/03/25 21:27:21 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/03/25 20:18:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
[2014/03/21 23:40:04 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2014/03/21 22:34:14 | 000,000,000 | ---- | C] () -- C:\END
[2014/03/19 23:50:01 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2014/03/19 03:08:56 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited  Support  How-To Guides.url
[2014/03/19 03:06:52 | 1040,355,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2014/03/19 02:24:21 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
[2014/03/19 02:21:39 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
[2014/03/19 02:12:50 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
[2014/03/19 01:43:48 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
[2014/03/17 22:09:39 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[XP Pro] XP3 - regsvcs.exe crash on new install - Microsoft  DSLReports Forums.url
[2014/03/16 23:19:50 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/16 19:03:15 | 000,000,421 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fastdetect command - Yahoo Search Results.url
[2014/03/16 17:53:34 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Boot.ini - How to Use and Edit Boot.ini in Windows XP.url
[2014/03/15 20:26:21 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows XP 1 Dminint, boot ini file, boot partition.url
[2014/03/14 10:50:14 | 000,000,547 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Consumers embrace new (and cheaper) ways to watch TV - Yahoo Homes.url
[2014/03/14 00:46:30 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\how to boot into miniXP - Google Search.url
[2014/03/12 22:59:55 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xp_rec_con.iso
[2014/03/12 22:03:22 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How to take ownership of a file or a folder in Windows XP.url
[2014/03/11 00:13:56 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gateway Support - Windows XP is not starting due to missing or corrupt files..url
[2014/03/10 18:56:07 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gateway Support - Non-Destructive System Restore (Recommended) Using Gateway System Recovery Windows XP Hard Drive.url
[2014/03/10 16:29:55 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gateway Support - 1008368 Gateway 5310S Desktop Computer.url
[2014/03/10 13:44:39 | 000,002,767 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gateway Windows XP Recovery  eHow.url
[2014/03/09 22:00:42 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Error Windows Installer service could not be accessed occurs when you try to add or remove a program in Windows XP or Windows Server 2003.url
[2014/03/09 02:00:17 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[2013/07/30 14:55:51 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/06/27 20:50:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2013/06/21 16:49:42 | 000,103,832 | ---- | C] () -- C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
[2013/05/24 15:25:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KUDOVW32.INI
[2013/05/24 15:12:09 | 000,086,304 | ---- | C] () -- C:\WINDOWS\System32\rhvideo.dll
[2013/05/22 01:10:31 | 000,001,179 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/29 22:22:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2012/10/17 01:05:19 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/10/13 18:48:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/10/08 10:09:22 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/06/15 08:34:16 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/03 19:29:30 | 000,308,560 | ---- | C] () -- C:\WINDOWS\System32\vipre.dll
[2012/05/03 19:29:29 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/28 00:46:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/06 00:13:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/01/20 01:17:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[2005/05/04 01:26:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/25 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/06/15 08:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2012
[2012/05/03 19:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVC1Data
[2008/07/31 18:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2013/05/30 12:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/04 17:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/12/23 23:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2013/06/17 02:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/08/22 18:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2014/02/14 03:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/03/18 22:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/05/21 21:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/09/13 23:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2013/12/09 16:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/06/18 17:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMR322
[2014/01/25 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/05 18:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/01/26 16:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2012/10/28 22:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Comcast
[2013/11/26 15:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2012/10/26 14:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\driveridentifier
[2013/06/14 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2007/11/18 19:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FTW
[2013/12/23 23:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Graboid Inc
[2014/03/22 00:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2012/02/02 20:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Internet Chess Club
[2014/02/14 03:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2013/05/30 23:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpswatLogs
[2012/06/04 10:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2014/01/19 15:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Progeny
[2007/11/04 03:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2013/06/04 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecureSearch
[2013/05/30 21:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\supportdotcom
[2013/05/23 15:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2013/11/28 17:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uPlayer
[2014/02/14 13:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VSRevoGroup
[2013/07/30 14:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/05/13 14:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Attached Files

  • Attached File  OTL.Txt   93.06KB   353 downloads

Edited by Essexboy, 08 April 2014 - 09:11 AM.

  • 0

Advertisements

#2
RKinner
Posted 08 April 2014 - 01:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I started in 1966 with Algol 58 and yes punch cards. 

 

Expect Gateway uses a custom MBR.  Let's check:

 

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it.  It will produce a log MBRCheck(date).txt on your desktop.  Copy and paste it into a reply.
 

Then exit the program.

 

Let's see if we find anything odd:

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.




Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs.  Please copy and paste both of them.

 

XP's tend to be clogged with dust so let's see if Speccy came give us the temps:

 

Get the free version of Speccy:

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.

 

 

Let's see if a program is hogging the CPU:

 

 

Get Process Explorer

http://live.sysinternals.com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 

 

Finally let's check the hard drive and look for errors:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

 


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Run VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

 

Ron


  • 0

#3
vhende2000
Posted 11 April 2014 - 01:39 PM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Hi, Ron,

 

I'm gathering the printouts of all the requested files listed above but I have come across a problem.

while attempting to run JRT.exe, I am getting an error message:

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\jrt\get.bat

"This file does not have a program associated with it for performing this action.  Create an association in the Folder Options control panel."

 

I am not quite sure how to fix this.  I have gone to the Folders Options page but don't see anything obvious there that would apply to get.bat. 

 

I do believe that I may have run JRT in the past without an problems.

 

Also, as far as copying the results files to my next reply, do I simply append them to the bottom or do I copy all the files and paste them all in the body of the post.  That will make a very long post.  Just checking before I send it all.

 

So far everything else has run as expected.  I still have a few more to download and run and will send everything at one time.

 

Thanks,

 

Vernon


  • 0

#4
RKinner
Posted 11 April 2014 - 07:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Copy and paste are best for me.

 

The fact that it doesn't know how to run a .bat file is interesting.  I will know more when you get the OTL Extras log.


  • 0

#5
vhende2000
Posted 12 April 2014 - 07:29 AM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Hi, Ron,

 

Well, I tried to send you all the info tucked into one big post, but that did not work. I let it try to send all night long.  Did not complete, so I exited the attempt.

 

Guess I'll have to break it up and send several posts to get everything to you.

 

I will have to go to work now and will try to resend the replys one at a time.

 

See you later.

 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

OK, I am back.  I'll try to add more to this post first.

 

MBRCheck, version 1.2.3
© 2010, AD

Command-line:   
Windows Version:  Windows XP Home Edition
Windows Information:  Service Pack 3 (build 2600)
Logical Drives Mask:  0x0000001c

Kernel Drivers (total 168):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F79000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB9F68000 pci.sys
  0xBA0A8000 isapnp.sys
  0xBA5AC000 gfibto.sys
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA5AE000 aliide.sys
  0xBA5B0000 cmdide.sys
  0xBA5B2000 toside.sys
  0xBA5B4000 viaide.sys
  0xBA5B6000 intelide.sys
  0xBA0B8000 MountMgr.sys
  0xB9F49000 ftdisk.sys
  0xBA330000 PartMgr.sys
  0xBA0C8000 VolSnap.sys
  0xBA4BC000 cpqarray.sys
  0xB9F31000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xB9F19000 atapi.sys
  0xBA4C0000 aha154x.sys
  0xBA338000 sparrow.sys
  0xBA4C4000 symc810.sys
  0xBA0D8000 aic78xx.sys
  0xBA4C8000 dac960nt.sys
  0xBA0E8000 ql10wnt.sys
  0xBA4CC000 amsint.sys
  0xBA340000 asc.sys
  0xBA4D0000 asc3550.sys
  0xBA348000 mraid35x.sys
  0xBA350000 i2omp.sys
  0xBA4D4000 ini910u.sys
  0xBA0F8000 ql1240.sys
  0xBA108000 aic78u2.sys
  0xBA358000 symc8xx.sys
  0xBA360000 sym_hi.sys
  0xBA368000 sym_u3.sys
  0xBA370000 ABP480N5.SYS
  0xBA378000 asc3350p.sys
  0xBA5B8000 cd20xrnt.sys
  0xBA118000 ultra.sys
  0xB9F00000 adpu160m.sys
  0xBA380000 dpti2o.sys
  0xBA128000 ql1080.sys
  0xBA138000 ql1280.sys
  0xBA148000 ql12160.sys
  0xBA388000 perc2.sys
  0xBA5BA000 perc2hib.sys
  0xBA390000 hpn.sys
  0xBA4D8000 cbidf2k.sys
  0xB9ED4000 dac2w2k.sys
  0xBA158000 disk.sys
  0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9EB4000 fltmgr.sys
  0xB9EA2000 sr.sys
  0xB9E6E000 MpFilter.sys
  0xB9E57000 KSecDD.sys
  0xB9DCA000 Ntfs.sys
  0xB9D9D000 NDIS.sys
  0xBA178000 sisagp.sys
  0xBA188000 viaagp.sys
  0xBA198000 ohci1394.sys
  0xBA1A8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xB9D83000 Mup.sys
  0xBA1B8000 agp440.sys
  0xBA1C8000 alim1541.sys
  0xBA1D8000 amdagp.sys
  0xBA1E8000 agpCPQ.sys
  0xBA218000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xB9CAB000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0xBA298000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB88DA000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
  0xB88C6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB88A1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB887D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB880B000 \SystemRoot\system32\DRIVERS\BLKWGD.sys
  0xB87D5000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
  0xB87B2000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB86B3000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
  0xB85BB000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB8595000 \SystemRoot\system32\DRIVERS\e100b325.sys
  0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xBA488000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xBA2B8000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB9C0A000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB8581000 \SystemRoot\system32\DRIVERS\parport.sys
  0xB982B000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB981B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB980B000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xBA498000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xBA6E8000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB97FB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB9C02000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB856A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB97EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB97DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA4A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB8559000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB97CB000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xBA430000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB7D90000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB7AA2000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB7D88000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA656000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB5726000 \SystemRoot\system32\DRIVERS\update.sys
  0xBA5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB9D43000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xA4598000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xA121A000 \SystemRoot\system32\drivers\portcls.sys
  0xA1A1B000 \SystemRoot\system32\drivers\drmk.sys
  0xA1A0B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA65A000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB84E2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xA284C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA7AE000 \SystemRoot\System32\Drivers\Null.SYS
  0xA284A000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB7D98000 \SystemRoot\System32\drivers\vga.sys
  0xA2848000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xA2846000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB7DB0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB84DE000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xA11E7000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xA118E000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xA1156000 \SystemRoot\system32\DRIVERS\tcpip6.sys
  0xA112E000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB84D6000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xA110C000 \SystemRoot\System32\drivers\afd.sys
  0xA10EA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xB7DA8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xA19AB000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA10C4000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xA199B000 \SystemRoot\system32\drivers\ip6fw.sys
  0xA198B000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xA17A8000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xA10A0000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xB654A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xA1788000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xA26F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB9C9F000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA1088000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xA274D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xBA568000 \SystemRoot\System32\drivers\Dxapi.sys
  0xA26E6000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA6F5000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF024000 \SystemRoot\System32\igxpgd32.dll
  0xBF012000 \SystemRoot\System32\igxprd32.dll
  0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
  0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
  0xBF436000 \SystemRoot\System32\ATMFD.DLL
  0xBA59C000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xA3E57000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA0EB7000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA0F94000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA0D62000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB8EB3000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA0E1F000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xA00F0000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
       0 System Idle Process
       4 System
     576 C:\WINDOWS\system32\smss.exe
     656 csrss.exe
     688 C:\WINDOWS\system32\winlogon.exe
     732 C:\WINDOWS\system32\services.exe
     744 C:\WINDOWS\system32\lsass.exe
     896 C:\WINDOWS\system32\svchost.exe
     976 C:\WINDOWS\system32\svchost.exe
    1068 C:\Program Files\Microsoft Security Client\MsMpEng.exe
    1108 C:\WINDOWS\system32\svchost.exe
    1340 svchost.exe
    1512 C:\WINDOWS\explorer.exe
    1704 C:\WINDOWS\system32\spoolsv.exe
    1752 C:\Program Files\Bonjour\mDNSResponder.exe
    1996 C:\Program Files\Java\jre7\bin\jqs.exe
     124 C:\WINDOWS\system32\HPZipm12.exe
     156 C:\Program Files\Google\Update\GoogleUpdate.exe
     176 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     240 C:\WINDOWS\system32\tcpsvcs.exe
     300 C:\WINDOWS\system32\snmp.exe
     476 snmptrap.exe
     496 C:\Program Files\providerComcast\bin\tgsrvc.exe
     592 C:\WINDOWS\system32\searchindexer.exe
    1948 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2248 C:\Program Files\Microsoft Security Client\msseces.exe
    2340 C:\WINDOWS\ALCWZRD.EXE
    2348 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2376 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2416 alg.exe
    2432 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    2440 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    2900 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    2944 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    1360 C:\WINDOWS\system32\svchost.exe
     792 C:\Program Files\Internet Explorer\iexplore.exe
    3036 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`e476a400  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive0 Model Number: ST3120026AS, Rev: 3.00   

      Size  Device Name          MBR Status
  --------------------------------------------
    111 GB  \\.\PhysicalDrive0   Windows 98 MBR code detected
            SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

 

 

----------------------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v3.023 - Report created 10/04/2014 at 22:28:49
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - DALE-CB294F83A9
# Running from : C:\Documents and Settings\Owner\Desktop\Anti-Malware Anti-Spyware & Anti-Virus\AntiAdWare Programs\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\luz4sz2f.default\prefs.js ]

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcnrif9.default\prefs.js ]

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]

*************************

AdwCleaner[R0].txt - [14914 octets] - [27/01/2014 00:02:04]
AdwCleaner[R1].txt - [1495 octets] - [28/01/2014 19:51:10]
AdwCleaner[R2].txt - [1453 octets] - [28/01/2014 20:24:01]
AdwCleaner[R3].txt - [1573 octets] - [09/02/2014 23:49:38]
AdwCleaner[R4].txt - [2154 octets] - [09/04/2014 01:05:33]
AdwCleaner[R5].txt - [1372 octets] - [10/04/2014 22:28:49]
AdwCleaner[S0].txt - [13870 octets] - [27/01/2014 00:07:22]
AdwCleaner[S1].txt - [1560 octets] - [28/01/2014 19:53:51]
AdwCleaner[S2].txt - [1514 octets] - [28/01/2014 20:26:24]
AdwCleaner[S3].txt - [1634 octets] - [09/02/2014 23:51:18]
AdwCleaner[S4].txt - [2235 octets] - [09/04/2014 01:13:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1733 octets] ##########

 

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2014
Ran by Owner (administrator) on DALE-CB294F83A9 on 11-04-2014 13:11:10
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\System32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\System32\snmptrap.exe
(SupportSoft, Inc.) C:\Program Files\providerComcast\bin\tgsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AlcWzrd] - C:\WINDOWS\ALCWZRD.EXE [2807808 2005-09-21] (RealTek Semicoductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Smart File Advisor] - C:\Program Files\Smart File Advisor\sfa.exe [283712 2013-11-26] (Filefacts.net)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-650157257-1361277131-1304445921-1003\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-20] (Google Inc.)
HKU\S-1-5-21-650157257-1361277131-1304445921-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-650157257-1361277131-1304445921-1003\...\Policies\Explorer: [NoWelcomeScreen] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1350107789500
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\luz4sz2f.default
FF Homepage: hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20140313,20031,0,8,0
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @ei.CouponAlert_2p.com/Plugin - C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\profiles\extensions\extensions [2012-07-31]
FF Extension: OneClickDownloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\profiles\extensions\[email protected] [2012-07-27]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\profiles\extensions\searchplugins [2012-10-19]
FF Extension: GoPhotoIt - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\profiles\extensions\[email protected] [2012-07-31]
FF Extension: HDvid Codec - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\profiles\extensions\[email protected] [2013-04-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S4 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-05-05] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-06-15] (Flexera Software, Inc.)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2007-11-04] (New Boundary Technologies, Inc.)
S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [398704 2008-05-02] (SupportSoft, Inc.)
R2 tgsrvc_providercomcast; C:\Program Files\providerComcast\bin\tgsrvc.exe [148768 2008-05-02] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2007-11-05] (Meetinghouse Data Communications)
R3 BLKWGD; C:\WINDOWS\System32\DRIVERS\BLKWGD.sys [463872 2005-06-01] (Belkin Corporation.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-06-04] (GFI Software)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-08-12] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
S1 incdrm; C:\WINDOWS\system32\Drivers\incdrm.sys [28080 2003-12-30] (Ahead Software AG)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SSKBFD; C:\WINDOWS\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-01-02] ()
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 wlanndi5; C:\WINDOWS\system32\wlanndi5.SYS [16384 2004-04-21] (Printing Communications Assoc., Inc. (PCAUSA))
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 lanmanserver; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
U4 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-11 13:11 - 2014-04-11 13:11 - 00014831 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-11 13:10 - 2014-04-11 13:11 - 00000000 ____D () C:\FRST
2014-04-11 13:05 - 2014-04-11 13:05 - 01145856 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-09 11:04 - 2014-04-09 11:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 10:55 - 2014-04-09 10:55 - 00002725 _____ () C:\WINDOWS\updspapi.log
2014-04-09 10:53 - 2014-04-09 10:55 - 00022582 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 08:43 - 2014-04-09 08:43 - 00000649 _____ () C:\Documents and Settings\Owner\Desktop\Windows XP support has ended - Microsoft Windows.url
2014-04-09 08:40 - 2014-04-09 11:04 - 00013517 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 00:27 - 2014-04-09 00:27 - 00080384 _____ () C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
2014-04-07 23:07 - 2014-04-09 11:04 - 00008642 _____ () C:\WINDOWS\tsoc.log
2014-04-07 23:07 - 2014-04-09 11:04 - 00004096 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-07 23:07 - 2014-04-09 11:04 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-07 23:07 - 2014-04-09 11:04 - 00001109 _____ () C:\WINDOWS\ocmsn.log
2014-04-07 23:07 - 2014-04-09 11:04 - 00001048 _____ () C:\WINDOWS\msgsocm.log
2014-04-07 23:07 - 2014-04-09 10:55 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-07 23:06 - 2014-04-09 11:04 - 00019156 _____ () C:\WINDOWS\FaxSetup.log
2014-04-07 23:06 - 2014-04-09 11:04 - 00011593 _____ () C:\WINDOWS\ocgen.log
2014-04-07 23:06 - 2014-04-09 11:04 - 00006453 _____ () C:\WINDOWS\comsetup.log
2014-04-07 23:06 - 2014-04-09 11:04 - 00002913 _____ () C:\WINDOWS\iis6.log
2014-04-07 21:08 - 2014-04-11 00:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Geeks to Go Forums
2014-04-07 17:05 - 2014-04-07 17:05 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2014-04-07 12:46 - 2014-04-07 12:46 - 00000609 _____ () C:\WINDOWS\KB2862772-IE8Uninst.log
2014-04-06 23:28 - 2014-04-06 23:52 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Comodo Rescue Disk Info
2014-04-06 23:17 - 2014-04-06 23:17 - 00002279 _____ () C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
2014-04-06 21:53 - 2014-04-06 21:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-04-06 21:53 - 2014-04-06 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-04-06 21:53 - 2014-04-06 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-04-06 19:06 - 2014-04-06 19:16 - 00000000 ____D () C:\cce_linux
2014-04-04 18:40 - 2014-04-04 18:41 - 00000181 _____ () C:\Documents and Settings\Owner\Desktop\How-To Geek.url
2014-04-04 18:27 - 2014-04-04 18:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Kaspersky Rescue Disk 10 Info
2014-04-04 17:48 - 2014-04-04 17:48 - 00001694 _____ () C:\Documents and Settings\Owner\My Documents\Windows Community Posts.txt
2014-04-04 16:02 - 2014-04-04 16:02 - 00000217 _____ () C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
2014-04-03 23:48 - 2014-04-03 23:48 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-03 23:48 - 2014-04-03 23:48 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-03 23:41 - 2014-04-03 23:41 - 00000280 _____ () C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
2014-04-03 23:20 - 2014-04-03 23:21 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Boot_CD.exe DiskInternals Research
2014-04-03 23:17 - 2014-04-06 18:22 - 00001654 _____ () C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
2014-04-03 23:17 - 2014-04-03 23:17 - 00000778 _____ () C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
2014-04-03 22:51 - 2014-04-03 22:52 - 00000000 ____D () C:\Program Files\nLite
2014-04-03 22:51 - 2014-04-03 22:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\nLite
2014-04-03 22:00 - 2014-04-03 22:41 - 00000000 ____D () C:\Program Files\Smart File Advisor
2014-04-03 22:00 - 2014-04-03 22:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
2014-04-03 22:00 - 2014-04-03 22:00 - 00000000 ____D () C:\Program Files\Smart Projects
2014-04-03 21:22 - 2014-04-03 23:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\XPCD
2014-04-03 20:18 - 2014-04-09 11:04 - 00026926 _____ () C:\WINDOWS\setupapi.log
2014-04-02 00:09 - 2014-04-02 00:09 - 00001543 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_D_04022014_000908.txt
2014-04-02 00:08 - 2014-04-02 00:08 - 00001504 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_04022014_000800.txt
2014-04-01 23:54 - 2014-04-02 00:09 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-04-01 22:40 - 2014-04-01 22:40 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 22:00 - 2014-04-01 22:00 - 00002007 _____ () C:\Documents and Settings\Owner\Desktop\aswMBR.txt
2014-04-01 22:00 - 2014-04-01 22:00 - 00000512 _____ () C:\Documents and Settings\Owner\Desktop\MBR.dat
2014-04-01 21:05 - 2014-04-01 21:07 - 00003996 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-31 23:04 - 2014-03-31 23:51 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\BitDefender Info
2014-03-31 23:01 - 2014-04-06 23:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\InfraRecorder
2014-03-31 22:41 - 2014-04-11 04:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-31 22:41 - 2014-04-11 04:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-31 22:41 - 2014-03-31 22:41 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-03-31 21:30 - 2014-03-31 21:32 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Recovery Console Info
2014-03-31 21:24 - 2014-03-31 21:30 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\InstallShield Help
2014-03-25 21:27 - 2014-04-11 12:14 - 00000366 ____H () C:\WINDOWS\Tasks\MpIdleTask.job
2014-03-25 20:18 - 2014-04-11 04:22 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
2014-03-23 17:13 - 2014-04-11 12:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Nancy's Stuff
2014-03-22 22:11 - 2014-03-22 22:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\ImgBurn
2014-03-21 23:40 - 2014-03-21 23:40 - 00001528 _____ () C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2014-03-21 23:08 - 2014-03-22 00:13 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\ImgBurn
2014-03-21 22:59 - 2014-03-21 23:01 - 00000000 ____D () C:\Program Files\ImgBurn
2014-03-19 23:50 - 2014-03-19 23:50 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 23:33 - 2014-03-19 23:36 - 00000000 __HDC () C:\WINDOWS\ie8
2014-03-19 03:08 - 2014-03-22 20:53 - 00000298 _____ () C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited  Support  How-To Guides.url
2014-03-19 03:06 - 2014-03-19 03:19 - 1040355328 _____ () C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
2014-03-19 02:24 - 2014-03-19 02:24 - 00000482 _____ () C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
2014-03-19 02:21 - 2014-03-19 02:21 - 00001656 _____ () C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
2014-03-19 02:12 - 2014-03-19 02:12 - 00000509 _____ () C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
2014-03-19 02:05 - 2014-03-19 02:05 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\DiskInternals
2014-03-19 02:03 - 2014-03-19 02:03 - 00000000 ____D () C:\Program Files\DiskInternals
2014-03-19 01:43 - 2014-03-19 01:43 - 00001617 _____ () C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
2014-03-17 22:09 - 2014-03-17 22:09 - 00000572 _____ () C:\Documents and Settings\Owner\Desktop\[XP Pro] XP3 - regsvcs.exe crash on new install - Microsoft  DSLReports Forums.url
2014-03-16 23:19 - 2014-04-08 15:00 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-16 22:41 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-16 22:41 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-16 19:03 - 2014-03-16 19:03 - 00000421 _____ () C:\Documents and Settings\Owner\Desktop\fastdetect command - Yahoo Search Results.url
2014-03-16 17:53 - 2014-03-16 17:53 - 00000753 _____ () C:\Documents and Settings\Owner\Desktop\Boot.ini - How to Use and Edit Boot.ini in Windows XP.url
2014-03-15 20:26 - 2014-03-15 20:26 - 00000489 _____ () C:\Documents and Settings\Owner\Desktop\Windows XP 1 Dminint, boot ini file, boot partition.url
2014-03-14 10:50 - 2014-03-14 10:50 - 00000547 _____ () C:\Documents and Settings\Owner\Desktop\Consumers embrace new (and cheaper) ways to watch TV - Yahoo Homes.url
2014-03-14 00:46 - 2014-04-03 20:28 - 00000555 _____ () C:\Documents and Settings\Owner\Desktop\how to boot into miniXP - Google Search.url
2014-03-12 22:59 - 2014-03-12 23:00 - 07716864 _____ () C:\Documents and Settings\Owner\Desktop\xp_rec_con.iso
2014-03-12 22:03 - 2014-03-12 22:03 - 00000261 _____ () C:\Documents and Settings\Owner\Desktop\How to take ownership of a file or a folder in Windows XP.url

==================== One Month Modified Files and Folders =======

2014-04-11 13:11 - 2014-04-11 13:11 - 00014831 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-11 13:11 - 2014-04-11 13:10 - 00000000 ____D () C:\FRST
2014-04-11 13:10 - 2007-02-28 19:20 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{42A951E1-2420-488F-90DF-B97E760D7A04}.job
2014-04-11 13:05 - 2014-04-11 13:05 - 01145856 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-11 12:50 - 2004-08-26 13:08 - 00032630 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-11 12:36 - 2014-03-23 17:13 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Nancy's Stuff
2014-04-11 12:14 - 2014-03-25 21:27 - 00000366 ____H () C:\WINDOWS\Tasks\MpIdleTask.job
2014-04-11 12:14 - 2014-02-20 01:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-11 04:24 - 2014-03-31 22:41 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-11 04:24 - 2014-03-31 22:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-11 04:23 - 2004-08-26 13:02 - 01455659 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-11 04:23 - 2004-08-26 11:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-11 04:22 - 2014-03-25 20:18 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
2014-04-11 04:22 - 2004-08-26 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-11 01:07 - 2004-08-26 13:09 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-11 00:53 - 2014-04-07 21:08 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Geeks to Go Forums
2014-04-10 22:39 - 2014-01-27 00:00 - 00000000 ____D () C:\AdwCleaner
2014-04-09 19:16 - 2012-07-02 20:17 - 00000861 _____ () C:\Documents and Settings\Owner\Desktop\iHeartRadio  Radio Stations.url
2014-04-09 11:04 - 2014-04-09 11:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 11:04 - 2014-04-09 08:40 - 00013517 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 11:04 - 2014-04-07 23:07 - 00008642 _____ () C:\WINDOWS\tsoc.log
2014-04-09 11:04 - 2014-04-07 23:07 - 00004096 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 11:04 - 2014-04-07 23:07 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 11:04 - 2014-04-07 23:07 - 00001109 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 11:04 - 2014-04-07 23:07 - 00001048 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 11:04 - 2014-04-07 23:06 - 00019156 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 11:04 - 2014-04-07 23:06 - 00011593 _____ () C:\WINDOWS\ocgen.log
2014-04-09 11:04 - 2014-04-07 23:06 - 00006453 _____ () C:\WINDOWS\comsetup.log
2014-04-09 11:04 - 2014-04-07 23:06 - 00002913 _____ () C:\WINDOWS\iis6.log
2014-04-09 11:04 - 2014-04-03 20:18 - 00026926 _____ () C:\WINDOWS\setupapi.log
2014-04-09 11:03 - 2013-07-15 01:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 10:57 - 2012-10-11 21:48 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 10:55 - 2014-04-09 10:55 - 00002725 _____ () C:\WINDOWS\updspapi.log
2014-04-09 10:55 - 2014-04-09 10:53 - 00022582 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 10:55 - 2014-04-07 23:07 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-09 10:54 - 2012-02-03 19:39 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-09 08:43 - 2014-04-09 08:43 - 00000649 _____ () C:\Documents and Settings\Owner\Desktop\Windows XP support has ended - Microsoft Windows.url
2014-04-09 00:27 - 2014-04-09 00:27 - 00080384 _____ () C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
2014-04-08 23:18 - 2013-05-21 04:25 - 00000332 _____ () C:\Documents and Settings\Owner\Desktop\VernonD - Microsoft Community.url
2014-04-08 15:00 - 2014-03-16 23:19 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-08 13:43 - 2013-06-05 23:43 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-07 17:05 - 2014-04-07 17:05 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
2014-04-07 12:46 - 2014-04-07 12:46 - 00000609 _____ () C:\WINDOWS\KB2862772-IE8Uninst.log
2014-04-07 11:59 - 2012-05-30 21:48 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\PC Tweaks and Fixes
2014-04-06 23:52 - 2014-04-06 23:28 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Comodo Rescue Disk Info
2014-04-06 23:36 - 2014-03-31 23:01 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\InfraRecorder
2014-04-06 23:17 - 2014-04-06 23:17 - 00002279 _____ () C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
2014-04-06 21:53 - 2014-04-06 21:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-04-06 21:53 - 2014-04-06 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-04-06 21:53 - 2014-04-06 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-04-06 19:16 - 2014-04-06 19:06 - 00000000 ____D () C:\cce_linux
2014-04-06 18:51 - 2004-08-26 13:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-06 18:22 - 2014-04-03 23:17 - 00001654 _____ () C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
2014-04-06 02:23 - 2013-06-13 22:12 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-04 18:44 - 2014-04-04 18:27 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Kaspersky Rescue Disk 10 Info
2014-04-04 18:41 - 2014-04-04 18:40 - 00000181 _____ () C:\Documents and Settings\Owner\Desktop\How-To Geek.url
2014-04-04 17:48 - 2014-04-04 17:48 - 00001694 _____ () C:\Documents and Settings\Owner\My Documents\Windows Community Posts.txt
2014-04-04 16:02 - 2014-04-04 16:02 - 00000217 _____ () C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
2014-04-03 23:48 - 2014-04-03 23:48 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-03 23:48 - 2014-04-03 23:48 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-03 23:41 - 2014-04-03 23:41 - 00000280 _____ () C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
2014-04-03 23:21 - 2014-04-03 23:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Boot_CD.exe DiskInternals Research
2014-04-03 23:17 - 2014-04-03 23:17 - 00000778 _____ () C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
2014-04-03 23:00 - 2014-04-03 21:22 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\XPCD
2014-04-03 22:52 - 2014-04-03 22:51 - 00000000 ____D () C:\Program Files\nLite
2014-04-03 22:51 - 2014-04-03 22:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\nLite
2014-04-03 22:41 - 2014-04-03 22:00 - 00000000 ____D () C:\Program Files\Smart File Advisor
2014-04-03 22:41 - 2014-04-03 22:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
2014-04-03 22:00 - 2014-04-03 22:00 - 00000000 ____D () C:\Program Files\Smart Projects
2014-04-03 20:28 - 2014-03-14 00:46 - 00000555 _____ () C:\Documents and Settings\Owner\Desktop\how to boot into miniXP - Google Search.url
2014-04-02 00:09 - 2014-04-02 00:09 - 00001543 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_D_04022014_000908.txt
2014-04-02 00:09 - 2014-04-01 23:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-04-02 00:08 - 2014-04-02 00:08 - 00001504 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_04022014_000800.txt
2014-04-01 23:38 - 2013-07-05 19:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-01 22:40 - 2014-04-01 22:40 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 22:38 - 2013-07-05 00:26 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-01 22:00 - 2014-04-01 22:00 - 00002007 _____ () C:\Documents and Settings\Owner\Desktop\aswMBR.txt
2014-04-01 22:00 - 2014-04-01 22:00 - 00000512 _____ () C:\Documents and Settings\Owner\Desktop\MBR.dat
2014-04-01 21:07 - 2014-04-01 21:05 - 00003996 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-31 23:51 - 2014-03-31 23:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\BitDefender Info
2014-03-31 22:41 - 2014-03-31 22:41 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-03-31 21:53 - 2014-01-19 04:16 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-03-31 21:32 - 2014-03-31 21:30 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Recovery Console Info
2014-03-31 21:30 - 2014-03-31 21:24 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\InstallShield Help
2014-03-25 19:45 - 2013-06-14 20:02 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-25 19:45 - 2012-02-16 12:53 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-03-25 19:44 - 2013-06-14 20:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-24 07:13 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\Help
2014-03-23 17:55 - 2014-02-26 00:06 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-22 22:12 - 2014-03-22 22:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\ImgBurn
2014-03-22 20:53 - 2014-03-19 03:08 - 00000298 _____ () C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited  Support  How-To Guides.url
2014-03-22 00:13 - 2014-03-21 23:08 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\ImgBurn
2014-03-21 23:40 - 2014-03-21 23:40 - 00001528 _____ () C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2014-03-21 23:01 - 2014-03-21 22:59 - 00000000 ____D () C:\Program Files\ImgBurn
2014-03-19 23:50 - 2014-03-19 23:50 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 23:48 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\Media
2014-03-19 23:36 - 2014-03-19 23:33 - 00000000 __HDC () C:\WINDOWS\ie8
2014-03-19 10:49 - 2007-11-04 03:37 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-19 03:19 - 2014-03-19 03:06 - 1040355328 _____ () C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
2014-03-19 02:24 - 2014-03-19 02:24 - 00000482 _____ () C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
2014-03-19 02:21 - 2014-03-19 02:21 - 00001656 _____ () C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
2014-03-19 02:12 - 2014-03-19 02:12 - 00000509 _____ () C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
2014-03-19 02:05 - 2014-03-19 02:05 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\DiskInternals
2014-03-19 02:03 - 2014-03-19 02:03 - 00000000 ____D () C:\Program Files\DiskInternals
2014-03-19 01:43 - 2014-03-19 01:43 - 00001617 _____ () C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
2014-03-18 23:38 - 2004-08-26 05:54 - 00705384 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-18 01:27 - 2007-11-05 02:51 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-03-18 00:14 - 2012-06-25 14:41 - 00096304 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2014-03-18 00:13 - 2004-08-26 05:54 - 00325912 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 22:09 - 2014-03-17 22:09 - 00000572 _____ () C:\Documents and Settings\Owner\Desktop\[XP Pro] XP3 - regsvcs.exe crash on new install - Microsoft  DSLReports Forums.url
2014-03-17 22:00 - 2013-12-15 23:34 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Watch Online Watch Series
2014-03-17 01:56 - 2004-08-26 11:12 - 00000288 _____ () C:\boot.ini
2014-03-16 22:25 - 2004-08-26 11:12 - 00001169 _____ () C:\WINDOWS\win.ini
2014-03-16 22:25 - 2004-08-26 11:12 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-16 22:19 - 2013-06-04 00:06 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-16 19:03 - 2014-03-16 19:03 - 00000421 _____ () C:\Documents and Settings\Owner\Desktop\fastdetect command - Yahoo Search Results.url
2014-03-16 17:53 - 2014-03-16 17:53 - 00000753 _____ () C:\Documents and Settings\Owner\Desktop\Boot.ini - How to Use and Edit Boot.ini in Windows XP.url
2014-03-15 20:26 - 2014-03-15 20:26 - 00000489 _____ () C:\Documents and Settings\Owner\Desktop\Windows XP 1 Dminint, boot ini file, boot partition.url
2014-03-14 10:50 - 2014-03-14 10:50 - 00000547 _____ () C:\Documents and Settings\Owner\Desktop\Consumers embrace new (and cheaper) ways to watch TV - Yahoo Homes.url
2014-03-13 23:35 - 2014-03-10 13:44 - 00002767 _____ () C:\Documents and Settings\Owner\Desktop\Gateway Windows XP Recovery  eHow.url
2014-03-13 08:53 - 2013-05-11 23:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:54 - 2013-05-11 23:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-12 23:00 - 2014-03-12 22:59 - 07716864 _____ () C:\Documents and Settings\Owner\Desktop\xp_rec_con.iso
2014-03-12 22:53 - 2014-02-20 01:14 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 22:53 - 2014-02-20 01:14 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-12 22:03 - 2014-03-12 22:03 - 00000261 _____ () C:\Documents and Settings\Owner\Desktop\How to take ownership of a file or a folder in Windows XP.url
2014-03-12 05:48 - 2004-08-26 11:11 - 00993280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll
2014-03-12 05:48 - 2004-08-26 11:11 - 00993280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2014
Ran by Owner at 2014-04-11 13:12:11
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BCL easyConverter SDK 1.0.0 Module (Version: 1.0.0.7 - BCL Technologies) Hidden
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.18 - Belarc Inc.)
Belkin Wireless Utility (HKLM\...\InstallShield_{5314FAC0-F8A5-4432-8980-251D055B2C5B}) (Version: 4.1.2.56 - Belkin)
Belkin Wireless Utility (Version: 4.1.2.56 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Comcast User Setup (HKLM\...\{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}) (Version: 43 - SupportSoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Digital Locker Assistant (HKLM\...\{D01653EF-9F9F-41D6-B879-654A6BF5892C}) (Version: 1.80.0004 - Microsoft)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Easy Solve (HKLM\...\Comcast) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Family Tree Maker 2008 (HKLM\...\InstallShield_{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}) (Version: 17.0.7 - The Generations Network)
Family Tree Maker 2008 (Version: 17.0.7 - The Generations Network) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
Graboid Video 4.8 (HKLM\...\Graboid Video) (Version: 4.8 - Graboid Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InCD EasyWrite Reader (HKLM\...\MRW!UninstallKey) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IsoBuster 3.3 (HKLM\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kudo® Catalog Reader 3.1 (HKLM\...\Kudo® Catalog Reader) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version:  - )
Microsoft WSE 3.0 (HKLM\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Mplayer 0.6.9 (HKLM\...\Mplayer) (Version: 0.6.9 - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Smart File Advisor 1.2.0 (HKLM\...\Smart File Advisor_is1) (Version: 1.2.0 - Filefacts.net)
SMPlayer 0.6.9 (HKLM\...\SMPlayer) (Version: 0.6.9 - RVM)
Speccy (HKLM\...\Speccy) (Version: 1.21 - Piriform)
Spybot - Search & Destroy 1.4 (HKLM\...\Spybot - Search & Destroy_is1) (Version: 1.4 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
uPlayer (HKLM\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Widgets (HKLM\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

==================== Restore Points  =========================

25-02-2014 19:16:57 Revo Uninstaller's restore point - Windows Internet Explorer 8
25-02-2014 20:24:40 Software Distribution Service 3.0
26-02-2014 04:20:33 Software Distribution Service 3.0
27-02-2014 11:23:22 Software Distribution Service 3.0
28-02-2014 02:08:46 Installed Windows XP KB942288-v3.
28-02-2014 02:29:16 Installed Windows XP KB942288-v3.
28-02-2014 14:14:25 Software Distribution Service 3.0
01-03-2014 14:57:48 Software Distribution Service 3.0
02-03-2014 15:47:09 System Checkpoint
03-03-2014 00:16:39 Software Distribution Service 3.0
04-03-2014 03:52:26 System Checkpoint
04-03-2014 10:48:58 Software Distribution Service 3.0
05-03-2014 13:12:26 Software Distribution Service 3.0
06-03-2014 13:52:37 Software Distribution Service 3.0
07-03-2014 18:34:03 Configured Family Tree Maker 2008
07-03-2014 18:40:18 Configured Family Tree Maker 2008
07-03-2014 22:57:28 Software Distribution Service 3.0
09-03-2014 02:01:54 System Checkpoint
09-03-2014 08:29:52 Software Distribution Service 3.0
09-03-2014 22:58:41 Software Distribution Service 3.0
11-03-2014 01:04:16 Software Distribution Service 3.0
12-03-2014 10:54:39 Software Distribution Service 3.0
13-03-2014 08:52:33 Software Distribution Service 3.0
13-03-2014 14:08:07 Software Distribution Service 3.0
14-03-2014 14:18:10 System Checkpoint
15-03-2014 02:56:17 Software Distribution Service 3.0
16-03-2014 03:15:43 Software Distribution Service 3.0
16-03-2014 23:29:52 Software Distribution Service 3.0
17-03-2014 01:14:02 Installed Microsoft .NET Framework 1.1
17-03-2014 02:18:07 Installed Microsoft Fix it 50123
17-03-2014 03:43:04 Software Distribution Service 3.0
17-03-2014 05:12:11 Installed Microsoft .NET Framework 1.1
18-03-2014 03:43:48 Installed Microsoft Fix it 50123
18-03-2014 04:06:55 Installed Microsoft .NET Framework 1.1
18-03-2014 05:26:06 Software Distribution Service 3.0
18-03-2014 05:34:35 Software Distribution Service 3.0
18-03-2014 05:42:48 Software Distribution Service 3.0
18-03-2014 20:21:10 Software Distribution Service 3.0
19-03-2014 03:23:33 Software Distribution Service 3.0
20-03-2014 03:42:02 Revo Uninstaller's restore point - Windows Internet Explorer 8
20-03-2014 04:35:16 Installed Windows Internet Explorer 8.
20-03-2014 04:38:05 Software Distribution Service 3.0
20-03-2014 04:56:39 Software Distribution Service 3.0
20-03-2014 05:00:39 Software Distribution Service 3.0
20-03-2014 05:19:57 Software Distribution Service 3.0
21-03-2014 10:19:37 Software Distribution Service 3.0
22-03-2014 11:18:52 Software Distribution Service 3.0
23-03-2014 11:27:15 Software Distribution Service 3.0
23-03-2014 23:07:24 Software Distribution Service 3.0
25-03-2014 02:32:59 Software Distribution Service 3.0
26-03-2014 00:42:27 Software Distribution Service 3.0
26-03-2014 03:35:45 Software Distribution Service 3.0
27-03-2014 03:48:57 Software Distribution Service 3.0
28-03-2014 11:49:06 Software Distribution Service 3.0
29-03-2014 13:07:02 Software Distribution Service 3.0
30-03-2014 13:37:57 Software Distribution Service 3.0
30-03-2014 23:12:10 Software Distribution Service 3.0
31-03-2014 23:45:23 System Checkpoint
01-04-2014 03:27:46 Software Distribution Service 3.0
01-04-2014 03:53:15 Software Distribution Service 3.0
02-04-2014 11:53:28 Software Distribution Service 3.0
03-04-2014 11:58:44 System Checkpoint
04-04-2014 16:39:56 Software Distribution Service 3.0
05-04-2014 22:15:35 Software Distribution Service 3.0
06-04-2014 22:46:00 Removed Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
06-04-2014 22:53:39 Software Distribution Service 3.0
07-04-2014 03:27:19 Software Distribution Service 3.0
08-04-2014 03:37:18 Software Distribution Service 3.0
09-04-2014 06:45:14 Software Distribution Service 3.0
09-04-2014 15:53:35 Software Distribution Service 3.0
10-04-2014 15:17:49 Software Distribution Service 3.0
11-04-2014 15:26:19 System Checkpoint

==================== Hosts content: ==========================

2004-08-26 11:11 - 2013-09-24 13:47 - 00000741 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\MpIdleTask.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{42A951E1-2420-488F-90DF-B97E760D7A04}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-01-08 17:50 - 2008-01-08 17:50 - 00349147 _____ () C:\Program Files\Yahoo!\Widgets\sqlite3.dll
2008-03-18 19:21 - 2008-03-18 19:21 - 00512000 _____ () C:\Program Files\Yahoo!\Widgets\js32.dll
2008-03-18 19:21 - 2008-03-18 19:21 - 00094208 _____ () C:\Program Files\Yahoo!\Widgets\jsd.dll
2004-08-26 11:12 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\QUARTZ.dll
2004-08-26 11:11 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-26 11:12 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-07-30 14:55 - 2012-04-09 00:40 - 03470848 _____ () C:\Program Files\ffdshow\ffdshow.ax

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ssrang_supportdotcom => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: B Register C: =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: SoundMan =>

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2014 10:22:39 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.5.216.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/31/2014 10:22:55 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/25/2014 11:42:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.5.216.0, P3 timeout, P4 1.1.10401.0, P5 removable, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/25/2014 11:35:29 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/18/2014 06:32:57 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/18/2014 00:17:02 AM) (Source: Application Error) (User: )
Description: Fault bucket 544327813.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/18/2014 00:16:58 AM) (Source: Application Error) (User: )
Description: Faulting application RegSvcs.exe, version 1.1.4322.573, faulting module unknown, version 0.0.0.0, fault address 0x00147d68.
Error in creating result PEAP-TLV in response to received PEAP-TLV (RegSvcs.exe!ld!)

Error: (03/18/2014 00:16:55 AM) (Source: Application Error) (User: )
Description: Fault bucket 544327813.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/18/2014 00:13:55 AM) (Source: Application Error) (User: )
Description: Faulting application RegSvcs.exe, version 1.1.4322.573, faulting module unknown, version 0.0.0.0, fault address 0x00147d68.
Error in creating result PEAP-TLV in response to received PEAP-TLV (RegSvcs.exe!ld!)

Error: (03/18/2014 00:03:20 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll . Error code = 0x80070005

System errors:
=============
Error: (04/11/2014 04:32:49 AM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/11/2014 04:23:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (04/11/2014 04:22:51 AM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/11/2014 04:22:28 AM) (Source: Service Control Manager) (User: )
Description: The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (04/11/2014 04:22:28 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (04/10/2014 10:53:37 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/10/2014 10:44:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (04/10/2014 10:43:42 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/10/2014 10:43:29 PM) (Source: Service Control Manager) (User: )
Description: The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (04/10/2014 10:43:29 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Microsoft Office Sessions:
=========================
Error: (04/10/2014 10:22:39 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.5.216.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (03/31/2014 10:22:55 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (03/25/2014 11:42:49 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.5.216.0timeout1.1.10401.0removable1 _ 20485 _ not bootNILNILNIL

Error: (03/25/2014 11:35:29 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (03/18/2014 06:32:57 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/18/2014 00:17:02 AM) (Source: Application Error)(User: )
Description: 544327813

Error: (03/18/2014 00:16:58 AM) (Source: Application Error)(User: )
Description: RegSvcs.exe1.1.4322.573unknown0.0.0.000147d68

Error: (03/18/2014 00:16:55 AM) (Source: Application Error)(User: )
Description: 544327813

Error: (03/18/2014 00:13:55 AM) (Source: Application Error)(User: )
Description: RegSvcs.exe1.1.4322.573unknown0.0.0.000147d68

Error: (03/18/2014 00:03:20 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll . Error code = 0x80070005
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 1526.73 MB
Available physical RAM: 953.49 MB
Total Pagefile: 2902.62 MB
Available Pagefile: 2404.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:108.21 GB) (Free:73.46 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:3.56 GB) (Free:1.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=108 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

OK. that's all for now.  The rest is coming.

 

Vernon


Edited by vhende2000, 13 April 2014 - 11:07 AM.

  • 0

#6
vhende2000
Posted 13 April 2014 - 11:26 AM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Hi, Ron,
 
I'm going to try sending some more stuff that you requested.
Last night I had major problems dealing with the editor here, similar to problems I have been having with the editor in Microsoft Community forums.
 
I try to enter text in a reply window and my cursor just freezes in place and will not allow me to go further.  If I look at Task Manager I see that the file iexplore.exe is pegged at 98% of CPU useage and Taskmgr.exe has the other 2%.
If I am at the end of my reply and wish to save, nothing happens.  I let it try to load, but no luck.  I then have to quit out of GTG entirely and then retry.  Same problem arises.  I am wasting a lot of time dealing with this.
Any suggestions on how I can fix this?

 

I am sending the OTL.exe file and the Extras.txt file.

---------------------------------------------------------------------------------------------------------------------------------------------------------------
 
OTL logfile created on: 4/11/2014 3:14:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.49 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 56.39% Memory free
2.83 Gb Paging File | 2.33 Gb Available in Paging File | 82.18% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.21 Gb Total Space | 73.41 Gb Free Space | 67.84% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 1.45 Gb Free Space | 40.61% Space Free | Partition Type: FAT32
 
Computer Name: DALE-CB294F83A9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/11 12:39:54 | 000,542,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.169.2273.0.exe
PRC - [2014/04/07 17:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/03/11 10:13:24 | 000,303,688 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MpSigStub.exe
PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 19:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/11/04 03:54:11 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008/03/18 19:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/18 19:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
MOD - [2008/01/08 17:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/12 22:53:08 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 16:50:04 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/15 08:31:31 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 12:40:34 | 000,398,704 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/11/04 03:54:11 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/05/05 01:53:00 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - [2014/01/02 16:13:25 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/06/04 17:26:05 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/04/30 01:18:22 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2012/01/18 16:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 16:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/06/01 22:37:28 | 000,463,872 | ---- | M] (Belkin Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGD.sys -- (BLKWGD)
DRV - [2004/08/12 20:45:52 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/21 18:51:34 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5)
DRV - [2003/12/30 07:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.                                               ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {963BE09C-BA62-4C1C-BD8C-AAEBC11D1534}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{963BE09C-BA62-4C1C-BD8C-AAEBC11D1534}: "URL" = http://www.google.co...1I7GGHP_enUS509
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...313,20031,0,8,0"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/04/11 13:12:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/07/25 21:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/12/07 12:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2014/04/10 22:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2014/02/14 04:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/06/08 00:18:06 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2014/01/27 00:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/02/14 04:13:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2014/02/14 04:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\luz4sz2f.default\extensions
[2014/02/14 04:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcnrif9.default\extensions
[2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/04/17 08:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/12/23 19:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/13 19:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/25 20:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/02/25 20:27:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/09/24 13:47:23 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([answers] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1350107789500 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349327248093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341169362656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EAC6EB-FFA1-4580-A258-B439D75AB047}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AB0CAF0-CE5C-4C63-B8DA-E7940C0C142F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | --S- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon -  File not found
NetSvcs: LanmanWorkstation -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "LMIRescue_d9420c3d-4c7c-4c64-abe0-fa08ce6d6c3b"
MsConfig - StartUpReg: B Register C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: hitmanpro37 - Reg Error: Value error.
SafeBootMin: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin: mbamchameleon - Driver
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: hitmanpro37 - Reg Error: Value error.
SafeBootNet: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet: LanmanWorkstation - Service
SafeBootNet: mbamchameleon - Driver
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - Service
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: ssrang_supportdotcom - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} -
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} -
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61373731-9766-D138-8043-521424AC4D66} - Browser Customizations
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {895A9CDB-8C74-F6A7-F16D-1DCA93382A29} - Vector Graphics Rendering (VML)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FAFDD36-0AFB-5492-703E-E9B1F450CC03} - DirectX
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A5A1966B-A502-E253-1E3F-660AAF4DEBDA} - NetShow
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C780E266-59EE-675C-501E-68AB289CA271} - Viewpoint Media Player
ActiveX: {C855CA4B-567F-9E65-806E-6129E1B41A68} - Viewpoint Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {E95B8416-8EA7-2416-FAEB-8129222034E0} - Vector Graphics Rendering (VML)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/11 13:48:03 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2014/04/11 13:10:39 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/11 13:05:37 | 001,145,856 | ---- | C] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014/04/07 21:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks to Go Forums
[2014/04/07 17:05:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/06 23:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Rescue Disk Info
[2014/04/06 21:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2014/04/06 21:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/04/06 21:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014/04/06 19:06:13 | 000,000,000 | ---D | C] -- C:\cce_linux
[2014/04/04 18:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaspersky Rescue Disk 10 Info
[2014/04/03 23:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Boot_CD.exe DiskInternals Research
[2014/04/03 22:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\nLite
[2014/04/03 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2014/04/03 22:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
[2014/04/03 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Smart File Advisor
[2014/04/03 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2014/04/03 21:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\XPCD
[2014/04/02 23:33:36 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/02 21:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/04/01 23:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2014/04/01 22:40:34 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/31 23:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BitDefender Info
[2014/03/31 23:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\InfraRecorder
[2014/03/31 21:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Recovery Console Info
[2014/03/31 21:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\InstallShield Help
[2014/03/23 17:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Nancy's Stuff
[2014/03/22 22:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ImgBurn
[2014/03/21 23:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2014/03/21 22:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/03/19 23:33:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/03/19 02:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\DiskInternals
[2014/03/19 02:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2014/03/16 22:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2014/03/16 22:41:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/16 22:41:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2005/10/31 19:31:16 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/11 15:20:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{42A951E1-2420-488F-90DF-B97E760D7A04}.job
[2014/04/11 15:14:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/11 15:11:07 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/04/11 15:01:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/11 15:01:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
[2014/04/11 15:01:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/11 15:01:02 | 1600,962,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/11 13:48:05 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2014/04/11 13:05:40 | 001,145,856 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014/04/09 19:16:10 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iHeartRadio  Radio Stations.url
[2014/04/09 10:55:54 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/09 08:43:29 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows XP support has ended - Microsoft Windows.url
[2014/04/09 00:27:38 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2014/04/08 23:18:00 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VernonD - Microsoft Community.url
[2014/04/08 15:00:00 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/08 13:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/07 17:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/06 23:17:17 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
[2014/04/06 18:22:02 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
[2014/04/06 02:23:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/04 18:41:01 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How-To Geek.url
[2014/04/04 16:02:32 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
[2014/04/03 23:41:52 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
[2014/04/03 23:17:59 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
[2014/04/03 20:28:32 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\how to boot into miniXP - Google Search.url
[2014/04/01 22:40:34 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/01 22:38:59 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/01 22:00:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2014/03/25 19:45:22 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/22 20:53:40 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited  Support  How-To Guides.url
[2014/03/21 23:40:04 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2014/03/19 23:50:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/19 03:19:00 | 1040,355,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2014/03/19 02:24:21 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
[2014/03/19 02:21:39 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
[2014/03/19 02:12:50 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
[2014/03/19 01:43:48 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
[2014/03/18 23:38:42 | 000,594,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/18 23:38:41 | 000,118,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/18 00:13:02 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/17 22:09:39 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\[XP Pro] XP3 - regsvcs.exe crash on new install - Microsoft  DSLReports Forums.url
[2014/03/17 01:56:23 | 000,000,288 | ---- | M] () -- C:\boot.ini
[2014/03/16 19:03:15 | 000,000,421 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fastdetect command - Yahoo Search Results.url
[2014/03/16 17:53:34 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Boot.ini - How to Use and Edit Boot.ini in Windows XP.url
[2014/03/15 20:26:21 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows XP 1 Dminint, boot ini file, boot partition.url
[2014/03/14 10:50:14 | 000,000,547 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Consumers embrace new (and cheaper) ways to watch TV - Yahoo Homes.url
[2014/03/13 23:35:17 | 000,002,767 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gateway Windows XP Recovery  eHow.url
[2014/03/12 23:00:09 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xp_rec_con.iso
[2014/03/12 22:53:03 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/12 22:53:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/12 22:03:23 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How to take ownership of a file or a folder in Windows XP.url
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/09 08:43:29 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows XP support has ended - Microsoft Windows.url
[2014/04/09 00:27:31 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2014/04/07 23:07:00 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/04/06 23:17:17 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
[2014/04/04 18:40:52 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How-To Geek.url
[2014/04/04 16:02:32 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
[2014/04/03 23:41:52 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
[2014/04/03 23:17:59 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
[2014/04/03 23:17:43 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
[2014/04/02 06:39:51 | 1600,962,560 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/01 22:00:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2014/03/25 21:27:21 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/03/25 20:18:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
[2014/03/21 23:40:04 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2014/03/19 23:50:01 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2014/03/19 03:08:56 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited  Support  How-To Guides.url
[2014/03/19 03:06:52 | 1040,355,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2014/03/19 02:24:21 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
[2014/03/19 02:21:39 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
[2014/03/19 02:12:50 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
[2014/03/19 01:43:48 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
[2014/03/17 22:09:39 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\[XP Pro] XP3 - regsvcs.exe crash on new install - Microsoft  DSLReports Forums.url
[2014/03/16 23:19:50 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/16 19:03:15 | 000,000,421 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fastdetect command - Yahoo Search Results.url
[2014/03/16 17:53:34 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Boot.ini - How to Use and Edit Boot.ini in Windows XP.url
[2014/03/15 20:26:21 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows XP 1 Dminint, boot ini file, boot partition.url
[2014/03/14 10:50:14 | 000,000,547 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Consumers embrace new (and cheaper) ways to watch TV - Yahoo Homes.url
[2014/03/14 00:46:30 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\how to boot into miniXP - Google Search.url
[2014/03/12 22:59:55 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xp_rec_con.iso
[2014/03/12 22:03:22 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How to take ownership of a file or a folder in Windows XP.url
[2013/07/30 14:55:51 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/06/27 20:50:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2013/06/21 16:49:42 | 000,103,832 | ---- | C] () -- C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
[2013/05/24 15:25:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KUDOVW32.INI
[2013/05/24 15:12:09 | 000,086,304 | ---- | C] () -- C:\WINDOWS\System32\rhvideo.dll
[2013/05/22 01:10:31 | 000,001,179 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/29 22:22:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2012/10/17 01:05:19 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/10/13 18:48:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/10/08 10:09:22 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/06/15 08:34:16 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/03 19:29:30 | 000,308,560 | ---- | C] () -- C:\WINDOWS\System32\vipre.dll
[2012/05/03 19:29:29 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/28 00:46:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/06 00:13:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/01/20 01:17:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
========== ZeroAccess Check ==========
 
[2005/05/04 01:26:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3120026AS
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 108.00GB
Starting Offset: 3832980480
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SYSTEMDRIVE%\*.exe >
 
< %ALLUSERSPROFILE%\Application Data\*.exe >
 
< %APPDATA%\*. >
[2008/01/26 16:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2013/05/24 21:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2007/11/04 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2007/11/16 08:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2013/05/12 23:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2012/10/28 22:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Comcast
[2008/01/15 22:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2013/11/26 15:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2013/11/14 17:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2012/10/26 14:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\driveridentifier
[2013/06/14 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2007/11/18 19:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FTW
[2007/11/10 12:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2013/12/23 23:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Graboid Inc
[2012/06/15 20:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2007/11/06 00:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2004/08/26 13:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2014/03/22 00:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2012/02/02 20:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Internet Chess Club
[2014/02/14 03:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2013/06/04 17:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LavasoftStatistics
[2013/05/24 21:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2013/06/22 01:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/09/13 23:32:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2007/11/04 05:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
[2012/02/09 13:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2008/05/15 20:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2012/07/27 21:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2013/05/30 23:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpswatLogs
[2012/06/04 10:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2014/01/19 15:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Progeny
[2007/11/04 03:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2013/06/04 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecureSearch
[2012/07/31 18:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2007/11/08 14:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2013/06/21 23:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2013/05/30 21:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\supportdotcom
[2008/10/02 22:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2013/11/28 17:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uPlayer
[2014/02/14 13:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VSRevoGroup
[2013/07/30 14:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/05/13 14:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2012/12/25 15:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2013/05/14 21:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
 
< MD5 for: ATAPI.SYS  >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\XPCD\GRTMPOEM_EN (E)\I386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/16 12:02:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/05/16 12:02:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\All Users\Application Data\SMR322\Archive\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\inetsrv\drivers\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
 
< MD5 for: CSRSS.EXE  >
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
 
< MD5 for: MSWSOCK.DLL  >
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
 
< MD5 for: NWPROVAU.DLL  >
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 07:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
 
< MD5 for: PNRPNSP.DLL  >
[2006/10/11 11:35:59 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=195022D88CC77117B090A27FF9978741 -- C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll
 
< MD5 for: RSVPSP.DLL  >
[2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\ServicePackFiles\i386\rsvpsp.dll
[2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\dllcache\rsvpsp.dll
[2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USER32.DLL  >
[2005/03/02 13:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 10:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2012/03/15 07:06:20 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2012/03/15 07:06:20 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2012/03/15 07:06:20 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WINRNR.DLL  >
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll
 
< C:\Windows\assembly\tmp\U\*.* /s >
 
< %systemroot%\*. /mp /s >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/12/05 14:41:51 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/12/05 14:41:51 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/12/05 14:41:51 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/12/05 14:41:51 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/12/05 14:41:51 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/12/05 14:41:51 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/13 19:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2004/08/04 14:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2004/08/04 14:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 06:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 07:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 06:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2004/08/04 14:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2004/08/04 14:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/13 19:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
[2004/08/04 14:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2004/08/04 14:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2004/08/04 14:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2004/08/04 14:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2004/08/04 14:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2004/08/04 14:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2004/08/04 14:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2004/08/04 14:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2004/08/04 14:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2004/08/04 14:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2004/08/04 14:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2004/08/04 14:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2004/08/04 14:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2004/08/04 14:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2004/08/04 14:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2004/08/04 14:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2004/08/04 14:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2004/08/04 14:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2004/08/04 14:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2004/08/04 14:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2004/08/04 14:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2004/08/04 14:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2004/08/04 14:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2004/08/04 14:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2004/08/04 14:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2004/08/04 14:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2004/08/04 14:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2004/08/04 14:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2004/08/04 14:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2004/08/04 14:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2004/08/04 14:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2004/08/04 14:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2004/08/04 14:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2004/08/04 14:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2004/08/04 14:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2004/08/04 14:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2004/08/04 14:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2004/08/04 14:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2004/08/04 14:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2004/08/04 14:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2004/08/04 14:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2004/08/04 14:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2004/08/04 14:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2004/08/04 14:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2004/08/04 14:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2004/08/04 14:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2004/08/04 14:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2004/08/04 14:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2004/08/04 14:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2004/08/04 14:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2004/08/04 14:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2004/08/04 14:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2004/08/04 14:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2004/08/04 14:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2004/08/04 14:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2004/08/04 14:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2004/08/04 14:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2004/08/04 14:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2004/08/04 14:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2004/08/04 14:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2004/08/04 14:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2004/08/04 14:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2004/08/04 14:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2004/08/04 14:00:00 | 000,002,687 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

OTL Extras logfile created on: 4/11/2014 3:14:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.49 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 56.39% Memory free
2.83 Gb Paging File | 2.33 Gb Available in Paging File | 82.18% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.21 Gb Total Space | 73.41 Gb Free Space | 67.84% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 1.45 Gb Free Space | 40.61% Space Free | Partition Type: FAT32
 
Computer Name: DALE-CB294F83A9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Internet Chess Club\BlitzIn 2.5\BlitzIn25.exe" = C:\Program Files\Internet Chess Club\BlitzIn 2.5\BlitzIn25.exe:*:Disabled:BlitzIn 2.5 -- (Internet Chess Club)
"C:\Program Files\ChessLive4\ChessLive.exe" = C:\Program Files\ChessLive4\ChessLive.exe:*:Disabled:Chess Live 4.2 -- ( )
"C:\Program Files\Internet Chess Club\Dasher_1.0.1\Dasher.exe" = C:\Program Files\Internet Chess Club\Dasher_1.0.1\Dasher.exe:*:Disabled:ICC Dasher -- (Internet Chess Club, Inc.)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{06810DC6-3501-40FE-BCB3-1A7BE6398A36}" = uPlayer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8C3083C-A1C1-4248-B0E2-14A7D9F2E9EF}" = BCL easyConverter SDK 1.0.0 Module
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip 9.20" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"Comcast" = Easy Solve
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileHippo.com" = FileHippo.com Update Checker
"GoToAssist" = GoToAssist Corporate
"Graboid Video" = Graboid Video 4.8
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro37" = HitmanPro 3.7
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"InstallShield_{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"IsoBuster_is1" = IsoBuster 3.3
"Kudo® Catalog Reader" = Kudo® Catalog Reader 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"nLite_is1" = nLite 1.4.9.3
"PROSet" = Intel® PRO Network Adapters and Drivers
"Revo Uninstaller" = Revo Uninstaller 1.95
"Security Task Manager" = Security Task Manager 1.8g
"Smart File Advisor_is1" = Smart File Advisor 1.2.0
"SMPlayer" = SMPlayer 0.6.9
"Speccy" = Speccy
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/18/2014 1:03:20 AM | Computer Name = DALE-CB294F83A9 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
 - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll
 . Error code = 0x80070005 
 
Error - 3/18/2014 1:13:55 AM | Computer Name = DALE-CB294F83A9 | Source = Application Error | ID = 1004
Description = Faulting application RegSvcs.exe, version 1.1.4322.573, faulting module
 unknown, version 0.0.0.0, fault address 0x00147d68.
 
Error - 3/18/2014 1:16:55 AM | Computer Name = DALE-CB294F83A9 | Source = Application Error | ID = 1001
Description = Fault bucket 544327813.
 
Error - 3/18/2014 1:16:58 AM | Computer Name = DALE-CB294F83A9 | Source = Application Error | ID = 1004
Description = Faulting application RegSvcs.exe, version 1.1.4322.573, faulting module
 unknown, version 0.0.0.0, fault address 0x00147d68.
 
Error - 3/18/2014 1:17:02 AM | Computer Name = DALE-CB294F83A9 | Source = Application Error | ID = 1001
Description = Fault bucket 544327813.
 
Error - 3/18/2014 7:32:57 PM | Computer Name = DALE-CB294F83A9 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 3/26/2014 12:35:29 AM | Computer Name = DALE-CB294F83A9 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
 P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 3/26/2014 12:42:49 AM | Computer Name = DALE-CB294F83A9 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.5.216.0, P3 timeout, P4 1.1.10401.0, P5 removable, P6 1 _ 2048, P7 5 _ not
 boot, P8 NIL, P9 NIL, P10 NIL.
 
Error - 3/31/2014 11:22:55 PM | Computer Name = DALE-CB294F83A9 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
 P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 4/10/2014 11:22:39 PM | Computer Name = DALE-CB294F83A9 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.5.216.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
[ System Events ]
Error - 4/11/2014 5:22:51 AM | Computer Name = DALE-CB294F83A9 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
Error - 4/11/2014 5:23:32 AM | Computer Name = DALE-CB294F83A9 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
 with DCOM within the required timeout.
 
Error - 4/11/2014 5:32:49 AM | Computer Name = DALE-CB294F83A9 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
Error - 4/11/2014 4:01:20 PM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%1747
 
Error - 4/11/2014 4:01:20 PM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
 Discovery Service service which failed to start because of the following error:
   %%1058
 
Error - 4/11/2014 4:01:22 PM | Computer Name = DALE-CB294F83A9 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
Error - 4/11/2014 4:11:19 PM | Computer Name = DALE-CB294F83A9 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
Error - 4/11/2014 4:11:34 PM | Computer Name = DALE-CB294F83A9 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
Error - 4/11/2014 4:18:13 PM | Computer Name = DALE-CB294F83A9 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
Error - 4/11/2014 4:18:13 PM | Computer Name = DALE-CB294F83A9 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
 
< End of report >
 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

OK for now.  Still got more to send,

 

Vernon


Edited by vhende2000, 13 April 2014 - 12:11 PM.

  • 0

#7
RKinner
Posted 13 April 2014 - 02:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
DRV - File not found [Kernel | Disabled | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
[2013/06/08 00:18:06 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
MsConfig - StartUpReg: B Register C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - Reg Error: Value error. File not found
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04132014-some number.log so look there if you don't see it.
 
You need to dump Microsoft Security Essentials.  It's been back-burnered by MS and is not used in Win 8.  Download the free Avast:
http://files.avast.c...virus_setup.exe then uninstall MSE and reboot.  Install the free Avast (They will try and talk you in to the paid version but the Basic version is free and good enough.  After the reboot they offer you Dropbox which is OK but I usually uncheck it.
 
Once you have it installed it's  a good idea to let it do a full boot-time scan.  This takes a long time so I usually let it run while I sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report.
 
Stick with Avast for a while and see how you like it.  Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
 
They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.
 
If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
 
The forum has a limit of about 20,000 characters per post.  It's not really good about telling you when you go over the limit.
 
 

  • 0

#8
vhende2000
Posted 13 April 2014 - 05:33 PM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OK, I'll run the OTL program with the extra code, but first I'm sending the rest of the files you had asked for as attachments first.

Here's Speccy.txt and smss.exe.txt attached.

Vernon

Attached Files


  • 0

#9
vhende2000
Posted 13 April 2014 - 05:39 PM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
And here's the other two files, VEW-System.txt and VEW-Application.txt

Vernon

Now for the OTL file.

Attached Files


  • 0

#10
vhende2000
Posted 13 April 2014 - 07:14 PM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

OK, here's the OTL log: OTL-04132014_185906.log.

========== OTL ==========
Error: No service named TrueSight was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight deleted successfully.
File C:\WINDOWS\system32\TrueSight.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\locale folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\B Register C:\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IgfxTray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SoundMan\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.DALE-CB294F83A9

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 10176 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.DALE-CB294F83A9

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04132014_185906
-----------------------------------------------------------------------------------------------------------------------------------

OK, I see that OTL has deleted a whole bunch of items, and moved a bunch somewhere else.

Could you give me a general rundown on what has been accomplished so far with all these different programs we have used?

These programs seem way too complicated to use by just general users like me.

------------------------------------------------------------------------------------------------------------------------------------

Thanks
Vernon


Edited by vhende2000, 15 April 2014 - 08:29 PM.

  • 0

Advertisements

#11
RKinner
Posted 14 April 2014 - 12:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

The first two remove common adware.

 

FRST and OTL both just look at a lot of registry entries and files

 

The OTL fix removed some deadwood and some adware.

 

Process Explorer shows me what is using the CPU.  In your case everything looks good.

 

Speccy I use mostly to check the temperatures and the condition of the hard drive.  Your system is running a bit warm for a desktop.  Normal is under 40.  Usually opening it up and cleaning the dust out will fix it.  I usually shut the PC down but leave it plugged up then remove the lid and use a small brush and a vacuum cleaner hose to open up the air vents and clean the heatsink.  Then turn it on and listen to the fan.  It should get up to speed quickly without a lot of noise.  If slow starting or noisy it should be replaced. 

 

Your hard drive is getting a bit old. Note the read and seek errors:

 

01 Read Error Rate    059 (045) Data 00038D8C8A
07 Seek Error Rate    078 (060) Data 0004683383
 C3 Hardware ECC Recovered    059 (045) Data 00038D8C8A

 

On a good drive the numbers after Data should be all zeroes.  Probably a good time to clone the drive and replace it or at least back up any data you don't want to lose.

 

 

I don't like that your IPSEC service is not running.  There is a fix but it requires editing the registry:
 

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\IPsec\Policy\Local.
  3. On the Edit menu, click Delete.
  4. Click Yes to confirm that you want to delete the subkey
  5. Quit Registry Editor
  6. Click Start, click Run, type regsvr32 polstore.dll, and then click OK.

Then reboot and check to see if the the IPSEC service is running.  (Run VEW for System again and look to see if this error is there with a timestamp of the last reboot: 

Log: 'System' Date/Time: 11/04/2014 9:06:51 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error:  The authentication service is unknown.  
 


  • 0

#12
vhende2000
Posted 15 April 2014 - 08:41 PM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Hi, Ron,

 

I installed Avast and ran full boot-time scan as directed.  I uninstalled MSE.  I also noticed that Windows Security Center is reporting Virus Protection ON.

 

 

----------------------------------------------------------------------------------------------------------------------------------

aswBoot.txt

 

04/14/2014 00:56
Scan of all local drives

File C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Smartbar\Application\SnapDo.exe.vir is infected by Win32:SmartBar-A [PUP], Moved to chest
File C:\Documents and Settings\Owner\My Documents\Graboid\Completed\6177822_-_T4_Movie_Special_The_Hobbit_An_Unexpected_Journey_(Processing_Did_Not_Finish)\t4.movie.special.the.hobbit.an.unexpected.journey.hdtv.x264-c4tv.srr|>t4.movie.special.the.hobbit.an.unexpected.journey.hdtv.x264-c4tv.mp4 Error 42126 {RAR archive is corrupted.}
File C:\Program Files\Internet Chess Club\BlitzIn 2.5\BlitzIn270_installer.exe is infected by Win32:Malware-gen, Moved to chest
File C:\hiberfil.sys is infected by Kot, Move to chest: Error 0xC000007F {An operation failed because the disk was full.}
File C:\System Volume Information\catalog.wci\00000002.ps2 is infected by Win32:Turla-G [Trj], Moved to chest
File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP476\A0093962.exe is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP444\A0092989.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP444\A0092990.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP444\A0092991.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File D:\PRELOAD\data9_01.inp|>bckgres.dll Error 42127 {CAB archive is corrupted.}
File D:\PRELOAD\data9_02.inp|>fxst30.dll Error 42127 {CAB archive is corrupted.}
File D:\i386\Apps\App31030\mshdqfe\win2k3\ara\kb835221.exe|>commonfiles\hdaudbus.sys Error 42127 {CAB archive is corrupted.}
Number of searched folders: 12638
Number of tested files: 587171
Number of infected files: 8

----------------------------------------
04/15/2014 07:00
Scan of all local drives

File C:\cce_linux\quarantine\{d0bfa73c-c250-4241-8d92-9bc078d7a313} is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Documents and Settings\Owner\My Documents\Graboid\Completed\6177822_-_T4_Movie_Special_The_Hobbit_An_Unexpected_Journey_(Processing_Did_Not_Finish)\t4.movie.special.the.hobbit.an.unexpected.journey.hdtv.x264-c4tv.srr|>t4.movie.special.the.hobbit.an.unexpected.journey.hdtv.x264-c4tv.mp4 Error 42126 {RAR archive is corrupted.}

Scanning aborted 

 

[I had it set to run on bootup again, but had something that I needed to do first, so I stopped the run]

---------------------------------------------------------------------------------------------------------------------------------------

 

 Vernon


Edited by vhende2000, 15 April 2014 - 09:21 PM.

  • 0

#13
RKinner
Posted 15 April 2014 - 09:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Avast thinks your Hibernate file is infected.  Turn hibernate off, make sure C:\hiberfil.sys has been deleted then turn it back on again.

 

http://www.howtogeek...do-i-delete-it/

 

The file D:\PRELOAD\data9_01.inp is corrupt.  You should delete it manually.


  • 0

#14
vhende2000
Posted 15 April 2014 - 10:50 PM

vhende2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Hi, Ron,

 

[Edited below]

I'm still trying to catch up on a few things.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\IPsec\Policy\Local.

I do not have this registry subkey.

Click Start, click Run, type regsvr32 polstore.dll, and then click OK.

I did this and rebooted.

Then I went to Run/services.msc, and I find that IPSEC Services is set to Automatic and is stopped.

If I try to Start this service, I get an error message stating:

"Could not start the IPSEC Services service on Local Computer.

Error 1747: The authentication service is unknown."


Do you still want me to run VEW for System again?

 

You said "The file D:\PRELOAD\data9_01.inp is corrupt.  You should delete it manually."

 

I deleted it.  What was it for anyway?  The D:/ drive is the 'Recovery' drive and is in the second, smaller, partition.

 

I found the C:\hiberfil.sys file with Hibernate off (ON), but can not delete it.  The error message says another program is using it.  

 

 

Vernon


Edited by vhende2000, 16 April 2014 - 10:05 PM.

  • 0

#15
RKinner
Posted 16 April 2014 - 08:43 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Reboot once after you turn hibernate off and see if it lets you delete the file then.

 

Run OTL again and check the All option in the Extra Registry group then Run Scan.  You should get two logs.  Post them both.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: MBR

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP