Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Best version of firefox to use for old pc [Solved]

Started by evolutionpill , Mar 24 2016 04:10 AM

  • This topic is locked This topic is locked

#16
evolutionpill
Posted 26 March 2016 - 08:46 AM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

HI

1. I have previously tried to download SP3 (from MS direct or through filehippo) on my system and it somehow wont open, always says enounted error
 but I will try with your attachment.

2. Regarding Itunes, i managed to download one for xp sp2 ( https://support.appl...S&locale=en_US)it worked well and i was
able to connect my ipad, however afer the last fixlist it no longer reads my ipad, it still opens but wont read my ipad, and when i plug in my ipad to my
PC it also no longer reads it from the windows file either.

3. I am a little confused by the  NWLink IPX/SPX and select Uninstall instructions. I tried to go to the wireless in control panel, there are a nuber of highlighted, eg clientservice for netware
 and intel wireless, etc and of course nwlink ipx/spx, i UNhighlighted all and only had nwlink ipx/spx highlighted but then the unistall button was not  functional. I tried the comande promt approach and it stated
that windows could not find this. Please advise



4. I see baidu pc faster still on my desk top and in progra files the full folder of baidu securityis still there.should I delete

5. Google? the thing is google and anything related to google, facebook, youtube, whats app, etc are all blocked in china..the great firewall.. a frustration being a foreigner here,
If Firefox continues to give me problems then i will try opera. Ive always just like firefox.


6. I noticed now in windows task manager igfxpers.exe and igfxsrvc.exe and wmiprvse.exe and misiexec.exe are these suppose to be there?

I will follow the rest of your suggestions and try installing SP3 would appreciate if you could advise on how to get my pc to read y ipad, now that i have a working itunes.

Thank you once again


  • 0

Advertisements

#17
RKinner
Posted 26 March 2016 - 08:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

See if you can uninstall clientservice for netware from your wireless.  I think that's the main install.

 

Delete anything from Baidu

 

If you can't use Google then I would try something other than Yahoo.  

 

6. All are normal.  First two are from intel.  Last one is Windows.

 

Let's get some more info on your PC:

 

 

 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)  Uninstall speccy after you create the log.
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As,(to your desktop) Save.  (Note the file name) Open the file on your desktop and copy and paste the text to a reply.

  • 0

#18
evolutionpill
Posted 27 March 2016 - 06:16 AM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

Hi

 

I am trying to download SP3, I thought I would first download and try install before following the rest of your instruction, I just have one question, the attachment you add, when exactly do I use this ("The problem with SP3 is that if it's an AMD CPU rather than an Intel you may need KB953356 first.  I was able to get it off the MS catalog site.  Going to try and attach it in zip form.")


  • 0

#19
evolutionpill
Posted 27 March 2016 - 09:46 AM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

Hi

 

1.I have tried to download SP3, it took a while (3 hrs) and once i run it it came up "SP# could not update a checked (debug) system with a free (retail) version of SP3 or vice versa" I also then clicked the extract you sent..KB953.... that ran and then I tried installing SP3 again with the same result as above.

 

2. I deleted the NWlink IPX/SPX

 

3. I removed abobe shockwave and flash player

 

4. In common files i noticed full folder of xing shared

      and  source tec/codes/real

     and mss soap/binaries/resource/1033   should i just delete these

 

5. I downloaded speccy but it wont run when i double click on it so could not supply log for that.

 

6. Below log for procexp

 

7. BTW i got my graphics back thanks to your advice .

 

8. Ipad still not connected with itunes, i do see in add/remove there are apple application support/ apple module device support and apple software update.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    98.00    0 K    16 K    0            
procexp.exe    2.00    16,996 K    23,300 K    3484    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
ZCfgSvc.exe        3,464 K    736 K    1816    ZeroCfgSvc MFC Application    Intel Corporation    (No signature was present in the subject) Intel Corporation
wscntfy.exe        604 K    272 K    3572    Windows Security Center Notification App    Microsoft Corporation    (Verified) Microsoft Windows Publisher
wmiprvse.exe        2,332 K    4,676 K    932    WMI    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WLKEEPER.exe        2,152 K    288 K    324    WLKEEPER    Intel® Corporation    (No signature was present in the subject) Intel® Corporation
winlogon.exe        7,656 K    1,328 K    1716    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
taskmgr.exe        1,744 K    2,080 K    2992    Windows TaskManager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
System        0 K    60 K    4            
svchost.exe        14,868 K    8,116 K    200    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,052 K    1,512 K    1936    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,876 K    1,416 K    2044    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,456 K    996 K    544    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,504 K    88 K    572    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,468 K    1,268 K    1084    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        3,124 K    356 K    748    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Publisher
smss.exe        164 K    40 K    1620    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
services.exe        2,088 K    1,404 K    1760    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
S24EvMon.exe        2,656 K    724 K    312    Event Monitor - Supports driver extensions to  NIC Driver for wireless adapters.    Intel Corporation     (No signature was present in the subject) Intel Corporation
PSUAService.exe        11,508 K    176 K    1044    PSUAService    Panda Security, S.L.    (Verified) Panda Security S.L
PSUAMain.exe        26,292 K    556 K    240    PSUAMain    Panda Security, S.L.    (Verified) Panda Security S.L
PSANHost.exe        99,964 K    12,024 K    1120    Application Host Service    Panda Security, S.L.    (Verified) Panda Security S.L
Panda_URL_Filtering.exe        5,380 K    1,152 K    3984    Anti-phishing Domain Advisor (Powered by Panda Security)    Visicom Media Inc.    (Verified) Visicom Media Inc.
lsass.exe        6,128 K    1,080 K    1772    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Publisher
iTunesHelper.exe        10,256 K    696 K    4080    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
iPodService.exe        2,928 K    716 K    2540    iPodService Module (32-bit)    Apple Inc.    (Verified) Apple Inc.
igfxsrvc.exe        1,560 K    48 K    3908    igfxsrvc Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe        748 K    276 K    596    persistence Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
iFrmewrk.exe        5,172 K    568 K    4004    Intel Framework MFC Application    Intel Corporation    (No signature was present in the subject) Intel Corporation
hkcmd.exe        1,036 K    296 K    620    hkcmd Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
firefox.exe        259,268 K    213,704 K    3256    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe        22,024 K    13,244 K    3736    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Publisher
EvtEng.exe        3,860 K    340 K    244    EvtEng Module    Intel Corporation    (No signature was present in the subject) Intel Corporation
csrss.exe        2,124 K    2,008 K    1692    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe        9,100 K    516 K    872    YSLoader.exe    Apple Inc.    (Verified) Apple Inc.
alg.exe        1,164 K    112 K    2192    Application Layer Gateway Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
AgentSvc.exe        7,860 K    212 K    944    Agent Service    Panda Security, S.L.    (Verified) Panda Security S.L
1XConfig.exe        4,084 K    652 K    3328    8021XConfig Module    Intel    (No signature was present in the subject) Intel
 


  • 0

#20
RKinner
Posted 27 March 2016 - 01:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

For your  SP3 problem, I found this:

 

1. Open regedit and go to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion

2. In right-side pane look for a String value "CurrentType". Change its value to Checked and if its already set to Checked, then set it toFree and click on OK.

3. Exit registry editor and try to install SP3 again. Now it should install without any problem.

 

That was from http://answers.micro...b04a880a?auth=1

 

Appears to work for most people.

 

The KB is to protect against a no boot problem that happens sometimes when you update an AMD system to SP3.  Now that it's installed there should be no problem but just in case you might want to install the  Recovery Console just in case something goes wrong..  The easiest way o install the  Recovery Console is to download and run Combofix.  It asks you when it first runs if you would like to install the recovery console and you just say yes.

ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Double click on ComboFix to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    

 

    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  

 

 
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
 
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.  (It may also be in C:\Combofix\combofix.txt)
 
 

4. In common files i noticed full folder of xing shared

      and  source tec/codes/real

     and mss soap/binaries/resource/1033   should i just delete these

 

 

 

Right click on some of the files and select properties.  Who makes them?  I think xing shared may be part of real player.  The second one two.  No idea on the 3rd.

 

Perhaps speccy needs SP3 to run. or perhaps you just got a bad download.

 

Process Explorer looks really good.  

 

Run VEW and let's see if there are any alarms that help with your itunes.

 

 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Second time you run VEW it will overwrite the log so copy it first to a Reply.)
 

  • 0

#21
evolutionpill
Posted 27 March 2016 - 10:37 PM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

"Huston we have a problem" .... I using my iPad to send this message. My pc cannot open, I may have screwed up somewhere. Below the exact steps I took.

1. I changed the regedit from free to connect...no problem.

2. I started to run sp3 but then cancelled thought I'd better first do combo fix.

3. Followed instruction to combo fix...pressed run..combo fix came up follow

3.1 ms recovery console not installed, without combo shall not attempt fixing. Click yes to let combo fix install...... I pressed yes
3.2 combo box appeared...you are not connected to Internet... Aborting (although I was connected to Internet)
3.3 then the combo blue window was on my screen (autoscan with the cursor flashing after saying this could take 10 minutes)Now I was not sure if this was part of normal process or if it was actually aborting, so I did NOT touch anything (including mouse) and just left it, after 40 min I decided to close the window. I looked in my explorer folder and saw under local disk c a folder with combo and in that was my C,d,e,f folders again.

3.4 I thought that I run the sp3 maybe that would fix the ms recovery console.

3.5 I installed sp3, all it installed with no problem, then asked to restart of, I restarted pic and all seem to run well, stated Windows finished checking disks, and then screen went blue....

Stop. 0x0000007e (0x8000003, 0x80acoedd, 0xf7997ac, 0xf79964a8) beginning dump physical memory.

I switch off and restarted, same problem, now unable to get into my pc.
  • 0

#22
RKinner
Posted 28 March 2016 - 06:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

I expect the Chinese firewall is the reason Combofix couldn't get to the network.  They were blocking its download server.

 

The error you get is similar to the reason we ran the KB but it's not the same:

 

https://support.micr...en-us/kb/953356

 

Per the article you should always get 0x0000007E (0xC0000005,.... and your second number is different.

 

 

 0x0000007E  is a bad driver so see if you can boot in Safe Mode

 

 

 
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

  • 0

#23
evolutionpill
Posted 28 March 2016 - 08:51 AM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Viola I can get into Windows in safe mode....I think I just took my first breath today...smile

I saw I did type wrong number... 0x0000007e (0x80000003, 0xf7b4a7ac, 0xf7b4a4a8

Please advise on what to do next...at least somehow, somewhere we have an almost working sp3
  • 0

#24
RKinner
Posted 28 March 2016 - 10:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

Go in to msconfig

 

http://netsquirrel.c...sconfig_xp.html

 

then

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.
 
See if it will boot into regular mode now.  If it will then go back in to msconfig and recheck 1/2 of the boxes Apply and reboot.  If it still works then all of the ones you checked are harmless.  Go back in and check 1/2 of the remaining, Apply reboot.
 
Obviously when it stops working the problem is in one of the ones you recently checked so then you go back in and uncheck 1/2 again until you find out which one is bad.
 
If it doesn't help then recheck everything and see if you can boot into Safe Mode with networking.  Run a FRST scan with Addition.txt checked and post both logs.

  • 0

#25
evolutionpill
Posted 28 March 2016 - 11:20 AM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
I tried the first part to uncheck all and reboot but it would not,mstarted it in safe mode,mchecked all box , rebooted in safe mode with networking and ran frst...meow ever as frst started to scan following box appeared

Fabar recovery scan tool.mfrst application error.
The exception unknown software exception (0x0000008) occurred in application at location 0x7c83438f
  • 0

Advertisements

#26
RKinner
Posted 28 March 2016 - 09:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

Can you run OTL?

 

Download OTL from
and Save it to your desktop.
 
Run OTL 
 
select the All option in the Extra Registry group then Run Scan.
 
You should get two logs.  Please copy and paste both of them.

  • 0

#27
evolutionpill
Posted 28 March 2016 - 11:02 PM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
HI

I do this tomorrow evening as I'll be away from the pc
  • 0

#28
evolutionpill
Posted 31 March 2016 - 02:43 AM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

finally managed to get told logs. First I could not download from ur link, page wouldn't open, so I found one on a website called softpedia otl 3.2.70.2 (hope right one), I ran the scan...I did not run any fixes, however after running the scan my pc is on a constant reboot, I open in safe mode, and once it opens the desktop within a minute it automatically reboots making it difficult to get the logs sent, had to copy to usb before it rebooted.

The logs

OTL logfile created on: 3/31/2016 3:57:08 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\sf\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.42 Mb Total Physical Memory | 312.39 Mb Available Physical Memory | 63.18% Memory free
1.13 Gb Paging File | 0.94 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.23 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 5.29 Gb Free Space | 18.04% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 2.95 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive F: | 33.66 Gb Total Space | 3.33 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: SS | User Name: sf | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/03/31 15:52:05 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sf\Desktop\OTL.exe
PRC - [2015/02/27 07:35:55 | 000,038,136 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
PRC - [2015/02/27 07:04:25 | 000,142,584 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
PRC - [2008/04/14 09:55:22 | 001,134,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/13 01:23:30 | 000,612,664 | ---- | M] () -- C:\Program Files\Panda Security\Panda Security Protection\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wondershare\TunesGoRetro\DriverInstall.exe -- (WsDrvInst)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2015/02/27 07:35:55 | 000,038,136 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe -- (PSUAService)
SRV - [2015/02/27 07:04:25 | 000,142,584 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe -- (NanoServiceMain)
SRV - [2014/10/09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe -- (PandaAgent)
SRV - [2008/02/05 13:05:14 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Unknown (0) | Unavailable | Unknown] -- -- (msahci)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2015/06/17 22:57:29 | 000,140,792 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2015/02/26 03:03:45 | 000,100,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINReg.sys -- (PSINReg)
DRV - [2015/02/26 03:03:44 | 000,124,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2015/02/26 03:03:44 | 000,114,704 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2015/02/26 03:03:43 | 000,172,432 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2015/02/26 03:03:43 | 000,103,312 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2015/02/10 05:02:21 | 000,094,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2015/02/10 05:02:20 | 000,239,888 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2015/02/10 05:02:20 | 000,108,432 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2015/02/10 05:02:19 | 000,281,232 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2015/02/10 05:02:19 | 000,205,456 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2015/02/10 05:02:18 | 000,120,592 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2015/02/10 05:02:17 | 000,099,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2015/02/10 05:02:17 | 000,052,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS)
DRV - [2015/02/10 05:02:16 | 000,202,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2015/02/10 05:02:16 | 000,126,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2015/02/10 05:02:16 | 000,109,584 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV - [2015/02/10 05:02:15 | 000,086,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2014/10/21 20:18:36 | 000,046,480 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NNSNAHS.sys -- (NNSNAHS)
DRV - [2014/03/07 10:18:06 | 000,032,968 | R--- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2013/10/28 16:04:08 | 000,046,160 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rockusb.sys -- (Rockusb)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2004/10/21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/05/21 14:18:56 | 000,067,072 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CN"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.region: "CN"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/10/01 21:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Extensions
[2016/03/26 16:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions
[2014/10/02 00:02:51 | 000,000,000 | ---D | M] ("Web Counselor") -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\{25dd52dc-89a8-469d-9e8f-8d483095d1e8}
[2016/03/26 16:55:47 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2014/10/02 00:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profileshgx4pa98.default\extensions
[2014/10/02 00:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profileshgx4pa98.default\extensions\staged
[2015/06/16 10:49:49 | 000,033,429 | ---- | M] () (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
[2016/03/24 22:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\System32\drmstor.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\System32\drmclien.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\System32\drmv2clt.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\System32\blackbox.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\System32\msnetobj.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_10] C:\WINDOWS\System32\wmsdmoe2.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_2] C:\WINDOWS\System32\wmnetmgr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_20] C:\WINDOWS\System32\wmadmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_21] C:\WINDOWS\System32\mpg4dmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\System32\mp43dmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\System32\mp4sdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\System32\wmsdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll" File not found
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_30] C:\WINDOWS\System32\laprxy.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_31] C:\WINDOWS\System32\logagent.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_32] C:\WINDOWS\System32\wmvcore.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\System32\wmvdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\System32\wmvdmoe2.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\System32\wmadmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\System32\wmspdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\System32\wmspdmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\System32\wmsdmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\system32\wmpasf.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScriptsBckp = -1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7107B94-1DDC-4D20-A2B4-35619214B37B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/10/01 20:14:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2016/03/31 15:51:43 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sf\Desktop\OTL.exe
[2016/03/29 01:10:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2016/03/29 01:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2016/03/28 12:08:19 | 002,470,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2016/03/28 12:08:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2016/03/28 12:08:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2016/03/28 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2016/03/28 12:08:14 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2016/03/28 12:08:13 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2016/03/28 12:08:12 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2016/03/28 12:08:08 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2016/03/28 12:07:57 | 000,104,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2016/03/28 12:07:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2016/03/28 12:07:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2016/03/28 12:07:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2016/03/28 12:07:54 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2016/03/28 12:07:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2016/03/28 12:07:53 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2016/03/28 12:07:53 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2016/03/28 12:07:53 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2016/03/28 12:07:53 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2016/03/28 12:07:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2016/03/28 12:07:53 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2016/03/28 12:07:53 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2016/03/28 12:07:53 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2016/03/28 12:07:53 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2016/03/28 12:07:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2016/03/28 12:07:52 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2016/03/28 12:07:52 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2016/03/28 12:07:52 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2016/03/28 12:07:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2016/03/28 12:07:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2016/03/28 12:07:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2016/03/28 12:07:51 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2016/03/28 12:07:51 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2016/03/28 12:07:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2016/03/28 12:07:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2016/03/28 12:07:51 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2016/03/28 12:07:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2016/03/28 12:07:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2016/03/28 12:07:49 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2016/03/28 12:07:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2016/03/28 12:07:49 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2016/03/28 12:07:49 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2016/03/28 12:07:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2016/03/28 12:07:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2016/03/28 12:07:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2016/03/28 12:07:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2016/03/28 12:07:48 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2016/03/28 12:07:48 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2016/03/28 12:07:48 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2016/03/28 12:07:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2016/03/28 12:07:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2016/03/28 12:07:48 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2016/03/28 12:07:47 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2016/03/28 12:07:47 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2016/03/28 12:07:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2016/03/28 12:07:46 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2016/03/28 12:07:46 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2016/03/28 12:07:46 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2016/03/28 12:07:46 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2016/03/28 12:07:46 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2016/03/28 12:07:46 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2016/03/28 12:07:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2016/03/28 12:07:46 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2016/03/28 12:07:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2016/03/28 12:07:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2016/03/28 12:07:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2016/03/28 12:07:45 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2016/03/28 12:07:42 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2016/03/28 12:07:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2016/03/28 12:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2016/03/28 12:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2016/03/28 12:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2016/03/28 12:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2016/03/28 12:05:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2016/03/28 12:04:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2016/03/28 12:02:27 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2016/03/28 12:02:27 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2016/03/28 12:02:27 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2016/03/28 12:02:27 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2016/03/28 12:02:27 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2016/03/28 12:02:27 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2016/03/28 12:02:27 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2016/03/28 12:02:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2016/03/28 12:02:26 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2016/03/28 12:02:26 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2016/03/28 12:02:26 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2016/03/28 12:02:26 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2016/03/28 12:02:26 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2016/03/28 12:02:25 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2016/03/28 12:02:25 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2016/03/28 12:02:25 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2016/03/28 12:02:25 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2016/03/28 12:02:25 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2016/03/28 12:02:25 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2016/03/28 12:02:25 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2016/03/28 12:02:25 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2016/03/28 12:02:25 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2016/03/28 12:02:25 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2016/03/28 12:02:25 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2016/03/28 12:02:25 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2016/03/28 12:02:25 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2016/03/28 12:02:25 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2016/03/28 12:02:25 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2016/03/28 12:02:25 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2016/03/28 12:02:25 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2016/03/28 12:02:25 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2016/03/28 12:02:25 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2016/03/28 12:02:25 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2016/03/28 12:02:25 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2016/03/28 12:02:25 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2016/03/28 12:02:24 | 000,082,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2016/03/28 12:02:24 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2016/03/28 12:02:23 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2016/03/28 12:02:23 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2016/03/28 12:02:23 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2016/03/28 12:02:23 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2016/03/28 12:02:23 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2016/03/28 12:02:22 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2016/03/28 12:02:22 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2016/03/28 12:02:22 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2016/03/28 12:02:22 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2016/03/28 12:02:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2016/03/28 12:02:22 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2016/03/28 12:02:22 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2016/03/28 12:02:22 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2016/03/28 12:02:22 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2016/03/28 12:02:21 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2016/03/28 12:02:21 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2016/03/28 12:02:21 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2016/03/28 12:02:21 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2016/03/28 12:02:21 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2016/03/28 12:02:21 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2016/03/28 12:02:21 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2016/03/28 11:57:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2016/03/28 10:56:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2016/03/28 10:56:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2016/03/28 10:56:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2016/03/28 10:56:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2016/03/28 10:56:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2016/03/28 10:56:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2016/03/28 10:56:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2016/03/28 10:56:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2016/03/28 10:56:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2016/03/28 10:53:30 | 005,658,151 | R--- | C] (Swearware) -- C:\Documents and Settings\sf\Desktop\ComboFix.exe
[2016/03/28 10:49:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2016/03/27 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Local Settings\Application Data\Opera Software
[2016/03/27 21:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\Opera Software
[2016/03/27 21:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2016/03/27 14:35:54 | 005,111,240 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\sf\Desktop\spsetup129.exe
[2016/03/27 14:31:19 | 002,694,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\sf\Desktop\procexp.exe
[2016/03/26 20:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2016/03/26 16:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Local Settings\Application Data\panda
[2016/03/26 16:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2016/03/26 16:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\pandasecuritytb
[2016/03/26 16:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\pandasecuritytb
[2016/03/26 16:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Free Antivirus
[2016/03/26 15:46:09 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2016/03/26 15:31:48 | 002,310,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2016/03/26 15:31:47 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2016/03/26 15:31:42 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2016/03/26 15:31:42 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2016/03/26 15:31:42 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2016/03/26 15:31:42 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2016/03/26 15:31:42 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2016/03/26 15:31:42 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2016/03/26 15:31:41 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2016/03/26 15:31:41 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2016/03/26 15:31:41 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2016/03/26 15:31:41 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2016/03/26 15:31:33 | 000,077,824 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2016/03/26 15:31:31 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2016/03/26 15:31:29 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2016/03/26 15:31:28 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2016/03/26 15:31:27 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2016/03/26 15:31:26 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2016/03/26 15:31:25 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2016/03/26 15:31:24 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2016/03/26 15:31:23 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2016/03/26 15:31:22 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2016/03/26 15:31:21 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2016/03/26 15:31:20 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2016/03/26 15:31:18 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2016/03/26 15:31:17 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2016/03/26 15:31:16 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2016/03/26 15:31:15 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2016/03/26 15:31:14 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2016/03/26 15:31:13 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2016/03/26 15:31:12 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2016/03/26 15:31:11 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2016/03/26 15:31:10 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2016/03/26 15:31:09 | 000,114,688 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2016/03/26 15:31:07 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2016/03/26 15:31:06 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2016/03/26 15:31:05 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2016/03/26 15:31:04 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2016/03/26 15:31:03 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2016/03/26 15:31:02 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2016/03/26 15:31:01 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2016/03/26 15:30:53 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4363.dll
[2016/03/26 11:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2016/03/26 11:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2016/03/26 11:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2016/03/26 11:49:39 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2016/03/26 11:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2016/03/26 00:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2016/03/26 00:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2016/03/25 22:38:57 | 000,000,000 | ---D | C] -- C:\FRST
[2016/03/25 22:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\FLV and Media Player
[2016/03/25 22:22:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/03/25 22:17:39 | 001,610,352 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\sf\Desktop\JRT.exe
[2016/03/25 22:14:11 | 001,725,440 | ---- | C] (Farbar) -- C:\Documents and Settings\sf\Desktop\FRST.exe
[2016/03/24 22:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2016/03/24 21:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\CrystalIdea Software
[2016/03/24 21:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Start Menu\Programs\SpeedFan
[2016/03/24 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2016/03/24 16:37:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\sf\Start Menu\Programs\Administrative Tools
[2016/03/23 18:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/10/14 10:44:12 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Common Files\atimpenc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/03/31 15:52:05 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sf\Desktop\OTL.exe
[2016/03/31 15:43:44 | 000,005,840 | ---- | M] () -- C:\SIPOBJ.DBG
[2016/03/31 15:38:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2016/03/31 15:38:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/03/29 01:19:12 | 000,405,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2016/03/29 01:19:12 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2016/03/29 01:13:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2016/03/28 22:42:17 | 000,125,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2016/03/28 12:13:42 | 000,006,643 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2016/03/28 12:02:01 | 000,275,136 | RHS- | M] () -- C:\ntldr
[2016/03/28 10:54:46 | 005,658,151 | R--- | M] (Swearware) -- C:\Documents and Settings\sf\Desktop\ComboFix.exe
[2016/03/28 09:53:31 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Opera scheduled Autoupdate 1459085101.job
[2016/03/27 23:09:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2016/03/27 21:25:32 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2016/03/27 21:25:32 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2016/03/27 14:37:34 | 005,111,240 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\sf\Desktop\spsetup129.exe
[2016/03/27 14:32:07 | 002,694,816 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\sf\Desktop\procexp.exe
[2016/03/26 20:20:58 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2016/03/26 15:31:13 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2016/03/26 15:31:12 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2016/03/26 15:31:11 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2016/03/26 15:31:10 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2016/03/26 15:31:09 | 000,114,688 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2016/03/26 15:31:07 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2016/03/26 15:31:04 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2016/03/26 15:31:03 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2016/03/26 15:31:02 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2016/03/26 15:31:01 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2016/03/26 15:31:00 | 000,038,014 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2016/03/26 15:30:59 | 000,049,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2016/03/26 15:30:56 | 000,116,859 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2016/03/26 15:30:54 | 000,899,706 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2016/03/26 15:30:53 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4363.dll
[2016/03/26 15:30:51 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2016/03/26 14:58:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2016/03/25 23:32:09 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\sf\Desktop\VEW.exe
[2016/03/25 22:18:26 | 001,610,352 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\sf\Desktop\JRT.exe
[2016/03/25 22:16:31 | 001,530,368 | ---- | M] () -- C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
[2016/03/25 22:14:52 | 001,725,440 | ---- | M] (Farbar) -- C:\Documents and Settings\sf\Desktop\FRST.exe
[2016/03/24 21:14:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\sf\Desktop\SpeedFan.lnk
[2016/03/24 21:14:26 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2016/03/24 17:07:15 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/03/07 10:44:42 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\WPS Writer.lnk
[2016/03/06 10:19:47 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
[2016/03/04 17:01:22 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\windrvrz.vxd
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/03/31 15:43:43 | 000,005,840 | ---- | C] () -- C:\SIPOBJ.DBG
[2016/03/28 12:13:29 | 000,006,643 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2016/03/28 12:08:16 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2016/03/28 12:08:16 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2016/03/28 12:08:16 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2016/03/28 12:08:16 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2016/03/28 12:08:15 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2016/03/28 12:08:15 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2016/03/28 12:08:15 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2016/03/28 12:08:15 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2016/03/28 12:08:15 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2016/03/28 12:08:15 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2016/03/28 12:08:15 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2016/03/28 12:08:15 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2016/03/28 12:08:15 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2016/03/28 12:08:15 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2016/03/28 12:08:15 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2016/03/28 12:08:15 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2016/03/28 12:08:15 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2016/03/28 12:08:14 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2016/03/28 12:08:14 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2016/03/28 12:08:14 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2016/03/28 12:08:14 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2016/03/28 12:08:14 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2016/03/28 12:08:14 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2016/03/28 12:08:14 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2016/03/28 12:08:14 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2016/03/28 12:08:14 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2016/03/28 12:08:14 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2016/03/28 12:08:14 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2016/03/28 12:08:14 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2016/03/28 12:08:14 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2016/03/28 12:08:14 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2016/03/28 12:08:14 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2016/03/28 12:08:14 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2016/03/28 12:08:14 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2016/03/28 12:08:14 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2016/03/28 12:08:14 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2016/03/28 12:08:14 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2016/03/28 12:08:14 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2016/03/28 12:08:14 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2016/03/28 12:08:14 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2016/03/28 12:08:14 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2016/03/28 12:08:14 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2016/03/28 12:08:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2016/03/28 12:08:14 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2016/03/28 12:08:13 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2016/03/28 12:08:13 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2016/03/28 12:08:13 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2016/03/28 12:08:13 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2016/03/28 12:08:13 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2016/03/28 12:08:13 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2016/03/28 12:08:13 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2016/03/28 12:08:13 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2016/03/28 12:08:13 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2016/03/28 12:08:13 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2016/03/28 12:08:13 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2016/03/28 12:08:13 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2016/03/28 12:08:13 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2016/03/28 12:08:13 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2016/03/28 12:08:13 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2016/03/28 12:08:13 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2016/03/28 12:08:13 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2016/03/28 12:08:13 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2016/03/28 12:08:13 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2016/03/28 12:08:13 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2016/03/28 12:08:13 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2016/03/28 12:08:13 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2016/03/28 12:08:13 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2016/03/28 12:08:12 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2016/03/28 12:08:12 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2016/03/28 12:08:12 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2016/03/28 12:08:12 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2016/03/28 12:08:12 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2016/03/28 12:08:12 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2016/03/28 12:08:12 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2016/03/28 12:08:12 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2016/03/28 12:08:12 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2016/03/28 12:08:12 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2016/03/28 12:08:12 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2016/03/28 12:08:12 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2016/03/28 12:08:12 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2016/03/28 12:02:25 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2016/03/28 12:02:24 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2016/03/28 12:02:23 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2016/03/28 10:56:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2016/03/28 10:56:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2016/03/28 10:56:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2016/03/28 10:56:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2016/03/28 10:56:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2016/03/27 21:25:42 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\Opera scheduled Autoupdate 1459085101.job
[2016/03/27 21:25:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2016/03/27 21:25:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2016/03/27 21:25:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2016/03/27 20:02:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2016/03/26 15:31:49 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2016/03/26 15:31:49 | 000,058,675 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2016/03/26 15:31:49 | 000,018,496 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2016/03/26 15:31:49 | 000,000,900 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2016/03/26 11:51:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2016/03/25 23:26:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\sf\Desktop\VEW.exe
[2016/03/25 22:15:54 | 001,530,368 | ---- | C] () -- C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
[2016/03/24 21:14:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\sf\Desktop\SpeedFan.lnk
[2016/03/24 21:14:16 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2016/03/07 10:44:42 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\WPS Writer.lnk
[2016/02/07 18:00:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2016/02/07 17:10:11 | 001,180,048 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2016/02/07 17:10:11 | 000,048,288 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2015/10/25 19:14:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\DriverCoInstaller.dll
[2015/09/19 21:53:36 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2015/09/19 21:53:33 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2015/09/19 21:53:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2015/08/22 05:49:14 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
[2015/07/24 14:07:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2014/10/17 23:26:02 | 000,945,683 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-688789844-1343024091-1003-0.dat
[2014/10/17 23:25:57 | 000,113,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/10/02 03:58:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014/10/02 03:56:14 | 000,125,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/10/01 21:27:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/10/01 20:46:05 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/10/01 20:18:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/10/01 20:09:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/11/29 14:02:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 09:55:12 | 002,164,224 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/14 09:55:08 | 000,477,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 09:55:14 | 000,275,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EAB5F6

< End of report >


The extra log

OTL Extras logfile created on: 3/31/2016 3:57:08 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\sf\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.42 Mb Total Physical Memory | 312.39 Mb Available Physical Memory | 63.18% Memory free
1.13 Gb Paging File | 0.94 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.23 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 5.29 Gb Free Space | 18.04% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 2.95 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive F: | 33.66 Gb Total Space | 3.33 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: SS | User Name: sf | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --playlist-enqueue "%1" (Applian Technologies Inc)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --no-playlist-enqueue "%1" (Applian Technologies Inc)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"F:\Microsoft Age of Empires - Rise of Rome\AOE\Empires.exe" = F:\Microsoft Age of Empires - Rise of Rome\AOE\Empires.exe:*:Disabled:Age of Empires -- (Microsoft Corporation)
"F:\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE" = F:\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE:*:Disabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"E:\Microsoft Age of Empires - Rise of Rome\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE" = E:\Microsoft Age of Empires - Rise of Rome\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe" = C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe:*:Enabled:VSDC Free Video Editor -- (Flash-Integro LLC)
"C:\Program Files\FlashIntegro\VideoEditor\Updater.exe" = C:\Program Files\FlashIntegro\VideoEditor\Updater.exe:*:Enabled:VSDC Free Video Editor Updater -- (Flash-Integro LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
"C:\Program Files\pandasecuritytb\dtuser.exe" = C:\Program Files\pandasecuritytb\dtuser.exe:*:Enabled:Panda Security Toolbar DTX Broker -- (Visicom Media Inc.)
"C:\Program Files\pandasecuritytb\ToolbarCleaner.exe" = C:\Program Files\pandasecuritytb\ToolbarCleaner.exe:*:Enabled:ToolbarCleaner -- (Visicom Media Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1" = Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22
"{113C4F3B-C1FB-41B1-877C-193AFE330007}" = Panda Free Antivirus
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F30B469-5ED7-4734-8252-B9BC962A2AB3}" = PCIxx20
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{B0C5249A-E603-450A-B19A-D9989D24C855}}_is1" = FreeSizer v.1.0.0
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 3.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 15.14
"iMacsoft iPhone Photo to PC Transfer" = iMacsoft iPhone Photo to PC Transfer
"InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}" = Texas Instruments PCIxx20 drivers.
"lavfilters_is1" = LAV Filters 0.51.3
"Mozilla Firefox 45.0.1 (x86 en-US)" = Mozilla Firefox 45.0.1 (x86 en-US)
"NingPo MahJong Deluxe 1.04" = NingPo MahJong Deluxe 1.04
"Opera 34.0.2036.50" = Opera Stable 34.0.2036.50
"Panda Devices Agent" = Panda Devices Agent
"Panda Universal Agent Endpoint" = Panda Free Antivirus
"pandasecuritytb" = Panda Security Toolbar
"PhotoBulk_is1" = PhotoBulk 1.0.257
"PhotoToolkit_is1" = Photo! Editor 1.1
"ProInst" = Intel® PROSet/Wireless Software
"SpeedFan" = SpeedFan (remove only)
"VSDC Free Video Editor_is1" = VSDC Free Video Editor version 3.3.0.394
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WPS Office" = WPS Office (9.1.0.4746)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2016 11:26:50 PM | Computer Name = SS | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- iTunes requires that your computer is running Windows
7 or newer.

Error - 3/25/2016 11:32:17 PM | Computer Name = SS | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- iTunes requires that your computer is running Windows
7 or newer.

Error - 3/26/2016 4:25:58 AM | Computer Name = SS | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- iTunes requires that your computer is running Windows
7 or newer.

Error - 3/28/2016 1:19:09 PM | Computer Name = SS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2764, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 3/28/2016 1:19:09 PM | Computer Name = SS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/28/2016 1:19:12 PM | Computer Name = SS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2764, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 3/25/2016 11:44:39 AM | Computer Name = SS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 3/25/2016 11:44:39 AM | Computer Name = SS | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 3/26/2016 2:34:24 AM | Computer Name = SS | Source = Service Control Manager | ID = 7034
Description = The aunhelper service terminated unexpectedly. It has done this 1
time(s).

Error - 3/26/2016 3:18:29 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/26/2016 3:18:42 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/26/2016 3:18:51 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/26/2016 3:18:58 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
  • 0

#29
RKinner
Posted 31 March 2016 - 06:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

The link was good but the forum software hides the details so it only works if you click on it or right click and copy link address.

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
 
Copy the text in the code box by highlighting and Ctrl + c 
 
 
/md5start
wmv8dmod.dll
msahci.sys
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.

  • 0

#30
evolutionpill
Posted 31 March 2016 - 08:37 AM

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

As previously mentioned, my pc automatically keeps rebooting even in safe mode. Sometimes immediately upon opening the desk top, or with in a minute or few minutes, so been a struggle to get otl to scan without the automatic reboot and trying to then get the logs attached....but here they are. I used the lot I downloaded earlier even when I copy the link it won't open the page.

OTL logfile created on: 3/31/2016 10:07:54 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\sf\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.42 Mb Total Physical Memory | 339.83 Mb Available Physical Memory | 68.73% Memory free
1.13 Gb Paging File | 0.94 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.23 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 5.29 Gb Free Space | 18.04% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 2.95 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive F: | 33.66 Gb Total Space | 3.33 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: SS | User Name: sf | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/03/31 15:52:05 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sf\Desktop\OTL.exe
PRC - [2015/02/27 07:35:55 | 000,038,136 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
PRC - [2015/02/27 07:04:25 | 000,142,584 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
PRC - [2008/04/14 09:55:22 | 001,134,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/13 01:23:30 | 000,612,664 | ---- | M] () -- C:\Program Files\Panda Security\Panda Security Protection\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wondershare\TunesGoRetro\DriverInstall.exe -- (WsDrvInst)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2015/02/27 07:35:55 | 000,038,136 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe -- (PSUAService)
SRV - [2015/02/27 07:04:25 | 000,142,584 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe -- (NanoServiceMain)
SRV - [2014/10/09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe -- (PandaAgent)
SRV - [2008/02/05 13:05:14 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Unknown (0) | Unavailable | Unknown] -- -- (msahci)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2015/06/17 22:57:29 | 000,140,792 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2015/02/26 03:03:45 | 000,100,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINReg.sys -- (PSINReg)
DRV - [2015/02/26 03:03:44 | 000,124,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2015/02/26 03:03:44 | 000,114,704 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2015/02/26 03:03:43 | 000,172,432 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2015/02/26 03:03:43 | 000,103,312 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2015/02/10 05:02:21 | 000,094,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2015/02/10 05:02:20 | 000,239,888 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2015/02/10 05:02:20 | 000,108,432 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2015/02/10 05:02:19 | 000,281,232 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2015/02/10 05:02:19 | 000,205,456 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2015/02/10 05:02:18 | 000,120,592 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2015/02/10 05:02:17 | 000,099,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2015/02/10 05:02:17 | 000,052,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS)
DRV - [2015/02/10 05:02:16 | 000,202,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2015/02/10 05:02:16 | 000,126,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2015/02/10 05:02:16 | 000,109,584 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV - [2015/02/10 05:02:15 | 000,086,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2014/10/21 20:18:36 | 000,046,480 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NNSNAHS.sys -- (NNSNAHS)
DRV - [2014/03/07 10:18:06 | 000,032,968 | R--- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2013/10/28 16:04:08 | 000,046,160 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rockusb.sys -- (Rockusb)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
DRV - [2004/10/21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/05/21 14:18:56 | 000,067,072 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CN"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.region: "CN"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/10/01 21:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Extensions
[2016/03/26 16:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions
[2014/10/02 00:02:51 | 000,000,000 | ---D | M] ("Web Counselor") -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\{25dd52dc-89a8-469d-9e8f-8d483095d1e8}
[2016/03/26 16:55:47 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2014/10/02 00:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profileshgx4pa98.default\extensions
[2014/10/02 00:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profileshgx4pa98.default\extensions\staged
[2015/06/16 10:49:49 | 000,033,429 | ---- | M] () (No name found) -- C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
[2016/03/24 22:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\System32\drmstor.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\System32\drmclien.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\System32\drmv2clt.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\System32\blackbox.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\System32\msnetobj.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_10] C:\WINDOWS\System32\wmsdmoe2.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_2] C:\WINDOWS\System32\wmnetmgr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_20] C:\WINDOWS\System32\wmadmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_21] C:\WINDOWS\System32\mpg4dmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\System32\mp43dmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\System32\mp4sdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\System32\wmsdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll" File not found
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_30] C:\WINDOWS\System32\laprxy.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_31] C:\WINDOWS\System32\logagent.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_32] C:\WINDOWS\System32\wmvcore.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\System32\wmvdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\System32\wmvdmoe2.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\System32\wmadmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\System32\wmspdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\System32\wmspdmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\System32\wmsdmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\system32\wmpasf.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7107B94-1DDC-4D20-A2B4-35619214B37B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/10/01 20:14:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2016/03/31 15:51:43 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sf\Desktop\OTL.exe
[2016/03/29 01:10:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2016/03/29 01:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2016/03/28 12:08:19 | 002,470,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2016/03/28 12:08:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2016/03/28 12:08:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2016/03/28 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2016/03/28 12:08:14 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2016/03/28 12:08:13 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2016/03/28 12:08:12 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2016/03/28 12:08:08 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2016/03/28 12:07:57 | 000,104,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2016/03/28 12:07:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2016/03/28 12:07:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2016/03/28 12:07:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2016/03/28 12:07:54 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2016/03/28 12:07:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2016/03/28 12:07:53 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2016/03/28 12:07:53 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2016/03/28 12:07:53 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2016/03/28 12:07:53 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2016/03/28 12:07:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2016/03/28 12:07:53 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2016/03/28 12:07:53 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2016/03/28 12:07:53 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2016/03/28 12:07:53 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2016/03/28 12:07:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2016/03/28 12:07:52 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2016/03/28 12:07:52 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2016/03/28 12:07:52 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2016/03/28 12:07:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2016/03/28 12:07:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2016/03/28 12:07:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2016/03/28 12:07:51 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2016/03/28 12:07:51 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2016/03/28 12:07:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2016/03/28 12:07:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2016/03/28 12:07:51 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2016/03/28 12:07:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2016/03/28 12:07:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2016/03/28 12:07:49 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2016/03/28 12:07:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2016/03/28 12:07:49 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2016/03/28 12:07:49 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2016/03/28 12:07:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2016/03/28 12:07:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2016/03/28 12:07:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2016/03/28 12:07:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2016/03/28 12:07:48 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2016/03/28 12:07:48 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2016/03/28 12:07:48 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2016/03/28 12:07:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2016/03/28 12:07:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2016/03/28 12:07:48 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2016/03/28 12:07:47 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2016/03/28 12:07:47 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2016/03/28 12:07:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2016/03/28 12:07:46 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2016/03/28 12:07:46 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2016/03/28 12:07:46 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2016/03/28 12:07:46 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2016/03/28 12:07:46 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2016/03/28 12:07:46 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2016/03/28 12:07:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2016/03/28 12:07:46 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2016/03/28 12:07:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2016/03/28 12:07:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2016/03/28 12:07:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2016/03/28 12:07:45 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2016/03/28 12:07:42 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2016/03/28 12:07:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2016/03/28 12:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2016/03/28 12:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2016/03/28 12:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2016/03/28 12:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2016/03/28 12:05:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2016/03/28 12:04:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2016/03/28 12:02:27 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2016/03/28 12:02:27 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2016/03/28 12:02:27 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2016/03/28 12:02:27 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2016/03/28 12:02:27 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2016/03/28 12:02:27 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2016/03/28 12:02:27 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2016/03/28 12:02:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2016/03/28 12:02:26 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2016/03/28 12:02:26 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2016/03/28 12:02:26 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2016/03/28 12:02:26 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2016/03/28 12:02:26 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2016/03/28 12:02:25 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2016/03/28 12:02:25 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2016/03/28 12:02:25 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2016/03/28 12:02:25 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2016/03/28 12:02:25 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2016/03/28 12:02:25 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2016/03/28 12:02:25 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2016/03/28 12:02:25 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2016/03/28 12:02:25 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2016/03/28 12:02:25 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2016/03/28 12:02:25 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2016/03/28 12:02:25 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2016/03/28 12:02:25 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2016/03/28 12:02:25 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2016/03/28 12:02:25 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2016/03/28 12:02:25 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2016/03/28 12:02:25 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2016/03/28 12:02:25 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2016/03/28 12:02:25 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2016/03/28 12:02:25 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2016/03/28 12:02:25 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2016/03/28 12:02:25 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2016/03/28 12:02:24 | 000,082,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2016/03/28 12:02:24 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2016/03/28 12:02:23 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2016/03/28 12:02:23 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2016/03/28 12:02:23 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2016/03/28 12:02:23 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2016/03/28 12:02:23 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2016/03/28 12:02:22 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2016/03/28 12:02:22 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2016/03/28 12:02:22 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2016/03/28 12:02:22 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2016/03/28 12:02:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2016/03/28 12:02:22 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2016/03/28 12:02:22 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2016/03/28 12:02:22 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2016/03/28 12:02:22 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2016/03/28 12:02:21 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2016/03/28 12:02:21 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2016/03/28 12:02:21 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2016/03/28 12:02:21 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2016/03/28 12:02:21 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2016/03/28 12:02:21 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2016/03/28 12:02:21 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2016/03/28 11:57:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2016/03/28 10:56:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2016/03/28 10:56:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2016/03/28 10:56:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2016/03/28 10:56:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2016/03/28 10:56:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2016/03/28 10:56:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2016/03/28 10:56:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2016/03/28 10:56:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2016/03/28 10:56:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2016/03/28 10:53:30 | 005,658,151 | R--- | C] (Swearware) -- C:\Documents and Settings\sf\Desktop\ComboFix.exe
[2016/03/28 10:49:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2016/03/27 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Local Settings\Application Data\Opera Software
[2016/03/27 21:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\Opera Software
[2016/03/27 21:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2016/03/27 14:35:54 | 005,111,240 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\sf\Desktop\spsetup129.exe
[2016/03/27 14:31:19 | 002,694,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\sf\Desktop\procexp.exe
[2016/03/26 20:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2016/03/26 16:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Local Settings\Application Data\panda
[2016/03/26 16:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2016/03/26 16:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\pandasecuritytb
[2016/03/26 16:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\pandasecuritytb
[2016/03/26 16:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Free Antivirus
[2016/03/26 15:46:09 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2016/03/26 15:31:48 | 002,310,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2016/03/26 15:31:47 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2016/03/26 15:31:42 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2016/03/26 15:31:42 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2016/03/26 15:31:42 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2016/03/26 15:31:42 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2016/03/26 15:31:42 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2016/03/26 15:31:42 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2016/03/26 15:31:42 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2016/03/26 15:31:41 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2016/03/26 15:31:41 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2016/03/26 15:31:41 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2016/03/26 15:31:41 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2016/03/26 15:31:33 | 000,077,824 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2016/03/26 15:31:31 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2016/03/26 15:31:29 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2016/03/26 15:31:28 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2016/03/26 15:31:27 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2016/03/26 15:31:26 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2016/03/26 15:31:25 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2016/03/26 15:31:24 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2016/03/26 15:31:23 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2016/03/26 15:31:22 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2016/03/26 15:31:21 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2016/03/26 15:31:20 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2016/03/26 15:31:18 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2016/03/26 15:31:17 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2016/03/26 15:31:16 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2016/03/26 15:31:15 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2016/03/26 15:31:14 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2016/03/26 15:31:13 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2016/03/26 15:31:12 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2016/03/26 15:31:11 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2016/03/26 15:31:10 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2016/03/26 15:31:09 | 000,114,688 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2016/03/26 15:31:07 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2016/03/26 15:31:06 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2016/03/26 15:31:05 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2016/03/26 15:31:04 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2016/03/26 15:31:03 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2016/03/26 15:31:02 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2016/03/26 15:31:01 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2016/03/26 15:30:53 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4363.dll
[2016/03/26 11:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2016/03/26 11:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2016/03/26 11:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2016/03/26 11:49:39 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2016/03/26 11:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2016/03/26 00:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2016/03/26 00:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2016/03/25 22:38:57 | 000,000,000 | ---D | C] -- C:\FRST
[2016/03/25 22:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\FLV and Media Player
[2016/03/25 22:22:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/03/25 22:17:39 | 001,610,352 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\sf\Desktop\JRT.exe
[2016/03/25 22:14:11 | 001,725,440 | ---- | C] (Farbar) -- C:\Documents and Settings\sf\Desktop\FRST.exe
[2016/03/24 22:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2016/03/24 21:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Application Data\CrystalIdea Software
[2016/03/24 21:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sf\Start Menu\Programs\SpeedFan
[2016/03/24 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2016/03/24 16:37:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\sf\Start Menu\Programs\Administrative Tools
[2016/03/23 18:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/10/14 10:44:12 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Common Files\atimpenc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/03/31 21:50:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/03/31 15:52:05 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sf\Desktop\OTL.exe
[2016/03/31 15:43:44 | 000,005,840 | ---- | M] () -- C:\SIPOBJ.DBG
[2016/03/31 15:38:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2016/03/29 01:19:12 | 000,405,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2016/03/29 01:19:12 | 000,054,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2016/03/29 01:13:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2016/03/28 22:42:17 | 000,125,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2016/03/28 12:13:42 | 000,006,643 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2016/03/28 12:02:01 | 000,275,136 | RHS- | M] () -- C:\ntldr
[2016/03/28 10:54:46 | 005,658,151 | R--- | M] (Swearware) -- C:\Documents and Settings\sf\Desktop\ComboFix.exe
[2016/03/28 09:53:31 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Opera scheduled Autoupdate 1459085101.job
[2016/03/27 23:09:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2016/03/27 21:25:32 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2016/03/27 21:25:32 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2016/03/27 14:37:34 | 005,111,240 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\sf\Desktop\spsetup129.exe
[2016/03/27 14:32:07 | 002,694,816 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\sf\Desktop\procexp.exe
[2016/03/26 20:20:58 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2016/03/26 15:31:13 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2016/03/26 15:31:12 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2016/03/26 15:31:11 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2016/03/26 15:31:10 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2016/03/26 15:31:09 | 000,114,688 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2016/03/26 15:31:07 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2016/03/26 15:31:04 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2016/03/26 15:31:03 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2016/03/26 15:31:02 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2016/03/26 15:31:01 | 000,040,960 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2016/03/26 15:31:00 | 000,038,014 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2016/03/26 15:30:59 | 000,049,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2016/03/26 15:30:56 | 000,116,859 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2016/03/26 15:30:54 | 000,899,706 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2016/03/26 15:30:53 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4363.dll
[2016/03/26 15:30:51 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2016/03/26 14:58:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2016/03/25 23:32:09 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\sf\Desktop\VEW.exe
[2016/03/25 22:18:26 | 001,610,352 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\sf\Desktop\JRT.exe
[2016/03/25 22:16:31 | 001,530,368 | ---- | M] () -- C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
[2016/03/25 22:14:52 | 001,725,440 | ---- | M] (Farbar) -- C:\Documents and Settings\sf\Desktop\FRST.exe
[2016/03/24 21:14:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\sf\Desktop\SpeedFan.lnk
[2016/03/24 21:14:26 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2016/03/24 17:07:15 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/03/07 10:44:42 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\WPS Writer.lnk
[2016/03/06 10:19:47 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
[2016/03/04 17:01:22 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\windrvrz.vxd
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/03/31 15:43:43 | 000,005,840 | ---- | C] () -- C:\SIPOBJ.DBG
[2016/03/28 12:13:29 | 000,006,643 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2016/03/28 12:08:16 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2016/03/28 12:08:16 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2016/03/28 12:08:16 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2016/03/28 12:08:16 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2016/03/28 12:08:15 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2016/03/28 12:08:15 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2016/03/28 12:08:15 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2016/03/28 12:08:15 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2016/03/28 12:08:15 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2016/03/28 12:08:15 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2016/03/28 12:08:15 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2016/03/28 12:08:15 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2016/03/28 12:08:15 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2016/03/28 12:08:15 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2016/03/28 12:08:15 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2016/03/28 12:08:15 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2016/03/28 12:08:15 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2016/03/28 12:08:14 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2016/03/28 12:08:14 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2016/03/28 12:08:14 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2016/03/28 12:08:14 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2016/03/28 12:08:14 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2016/03/28 12:08:14 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2016/03/28 12:08:14 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2016/03/28 12:08:14 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2016/03/28 12:08:14 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2016/03/28 12:08:14 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2016/03/28 12:08:14 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2016/03/28 12:08:14 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2016/03/28 12:08:14 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2016/03/28 12:08:14 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2016/03/28 12:08:14 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2016/03/28 12:08:14 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2016/03/28 12:08:14 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2016/03/28 12:08:14 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2016/03/28 12:08:14 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2016/03/28 12:08:14 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2016/03/28 12:08:14 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2016/03/28 12:08:14 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2016/03/28 12:08:14 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2016/03/28 12:08:14 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2016/03/28 12:08:14 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2016/03/28 12:08:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2016/03/28 12:08:14 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2016/03/28 12:08:13 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2016/03/28 12:08:13 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2016/03/28 12:08:13 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2016/03/28 12:08:13 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2016/03/28 12:08:13 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2016/03/28 12:08:13 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2016/03/28 12:08:13 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2016/03/28 12:08:13 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2016/03/28 12:08:13 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2016/03/28 12:08:13 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2016/03/28 12:08:13 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2016/03/28 12:08:13 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2016/03/28 12:08:13 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2016/03/28 12:08:13 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2016/03/28 12:08:13 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2016/03/28 12:08:13 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2016/03/28 12:08:13 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2016/03/28 12:08:13 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2016/03/28 12:08:13 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2016/03/28 12:08:13 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2016/03/28 12:08:13 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2016/03/28 12:08:13 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2016/03/28 12:08:13 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2016/03/28 12:08:12 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2016/03/28 12:08:12 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2016/03/28 12:08:12 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2016/03/28 12:08:12 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2016/03/28 12:08:12 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2016/03/28 12:08:12 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2016/03/28 12:08:12 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2016/03/28 12:08:12 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2016/03/28 12:08:12 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2016/03/28 12:08:12 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2016/03/28 12:08:12 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2016/03/28 12:08:12 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2016/03/28 12:08:12 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2016/03/28 12:02:25 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2016/03/28 12:02:24 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2016/03/28 12:02:23 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2016/03/28 10:56:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2016/03/28 10:56:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2016/03/28 10:56:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2016/03/28 10:56:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2016/03/28 10:56:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2016/03/27 21:25:42 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\Opera scheduled Autoupdate 1459085101.job
[2016/03/27 21:25:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2016/03/27 21:25:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2016/03/27 21:25:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2016/03/27 20:02:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2016/03/26 15:31:49 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2016/03/26 15:31:49 | 000,058,675 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2016/03/26 15:31:49 | 000,018,496 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2016/03/26 15:31:49 | 000,000,900 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2016/03/26 11:51:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2016/03/25 23:26:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\sf\Desktop\VEW.exe
[2016/03/25 22:15:54 | 001,530,368 | ---- | C] () -- C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
[2016/03/24 21:14:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\sf\Desktop\SpeedFan.lnk
[2016/03/24 21:14:16 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2016/03/07 10:44:42 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\sf\Application Data\Microsoft\Internet Explorer\Quick Launch\WPS Writer.lnk
[2016/02/07 18:00:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2016/02/07 17:10:11 | 001,180,048 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2016/02/07 17:10:11 | 000,048,288 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2015/10/25 19:14:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\DriverCoInstaller.dll
[2015/09/19 21:53:36 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2015/09/19 21:53:33 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2015/09/19 21:53:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2015/08/22 05:49:14 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
[2015/07/24 14:07:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2014/10/17 23:26:02 | 000,945,683 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-688789844-1343024091-1003-0.dat
[2014/10/17 23:25:57 | 000,113,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/10/02 03:58:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014/10/02 03:56:14 | 000,125,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/10/01 21:27:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/10/01 20:46:05 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/10/01 20:18:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/10/01 20:09:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/11/29 14:02:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 09:55:12 | 002,164,224 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/14 09:55:08 | 000,477,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 09:55:14 | 000,275,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EAB5F6

< End of report >

OTL Extras logfile created on: 3/31/2016 10:07:54 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\sf\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.42 Mb Total Physical Memory | 339.83 Mb Available Physical Memory | 68.73% Memory free
1.13 Gb Paging File | 0.94 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.23 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 5.29 Gb Free Space | 18.04% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 2.95 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive F: | 33.66 Gb Total Space | 3.33 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: SS | User Name: sf | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --playlist-enqueue "%1" (Applian Technologies Inc)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --no-playlist-enqueue "%1" (Applian Technologies Inc)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"F:\Microsoft Age of Empires - Rise of Rome\AOE\Empires.exe" = F:\Microsoft Age of Empires - Rise of Rome\AOE\Empires.exe:*:Disabled:Age of Empires -- (Microsoft Corporation)
"F:\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE" = F:\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE:*:Disabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"E:\Microsoft Age of Empires - Rise of Rome\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE" = E:\Microsoft Age of Empires - Rise of Rome\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe" = C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe:*:Enabled:VSDC Free Video Editor -- (Flash-Integro LLC)
"C:\Program Files\FlashIntegro\VideoEditor\Updater.exe" = C:\Program Files\FlashIntegro\VideoEditor\Updater.exe:*:Enabled:VSDC Free Video Editor Updater -- (Flash-Integro LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
"C:\Program Files\pandasecuritytb\dtuser.exe" = C:\Program Files\pandasecuritytb\dtuser.exe:*:Enabled:Panda Security Toolbar DTX Broker -- (Visicom Media Inc.)
"C:\Program Files\pandasecuritytb\ToolbarCleaner.exe" = C:\Program Files\pandasecuritytb\ToolbarCleaner.exe:*:Enabled:ToolbarCleaner -- (Visicom Media Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1" = Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22
"{113C4F3B-C1FB-41B1-877C-193AFE330007}" = Panda Free Antivirus
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F30B469-5ED7-4734-8252-B9BC962A2AB3}" = PCIxx20
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{B0C5249A-E603-450A-B19A-D9989D24C855}}_is1" = FreeSizer v.1.0.0
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 3.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 15.14
"iMacsoft iPhone Photo to PC Transfer" = iMacsoft iPhone Photo to PC Transfer
"InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}" = Texas Instruments PCIxx20 drivers.
"lavfilters_is1" = LAV Filters 0.51.3
"Mozilla Firefox 45.0.1 (x86 en-US)" = Mozilla Firefox 45.0.1 (x86 en-US)
"NingPo MahJong Deluxe 1.04" = NingPo MahJong Deluxe 1.04
"Opera 34.0.2036.50" = Opera Stable 34.0.2036.50
"Panda Devices Agent" = Panda Devices Agent
"Panda Universal Agent Endpoint" = Panda Free Antivirus
"pandasecuritytb" = Panda Security Toolbar
"PhotoBulk_is1" = PhotoBulk 1.0.257
"PhotoToolkit_is1" = Photo! Editor 1.1
"ProInst" = Intel® PROSet/Wireless Software
"SpeedFan" = SpeedFan (remove only)
"VSDC Free Video Editor_is1" = VSDC Free Video Editor version 3.3.0.394
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WPS Office" = WPS Office (9.1.0.4746)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2016 11:26:50 PM | Computer Name = SS | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- iTunes requires that your computer is running Windows
7 or newer.

Error - 3/25/2016 11:32:17 PM | Computer Name = SS | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- iTunes requires that your computer is running Windows
7 or newer.

Error - 3/26/2016 4:25:58 AM | Computer Name = SS | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- iTunes requires that your computer is running Windows
7 or newer.

Error - 3/28/2016 1:19:09 PM | Computer Name = SS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2764, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 3/28/2016 1:19:09 PM | Computer Name = SS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/28/2016 1:19:12 PM | Computer Name = SS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2764, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 3/25/2016 11:44:39 AM | Computer Name = SS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 3/25/2016 11:44:39 AM | Computer Name = SS | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 3/26/2016 2:34:24 AM | Computer Name = SS | Source = Service Control Manager | ID = 7034
Description = The aunhelper service terminated unexpectedly. It has done this 1
time(s).

Error - 3/26/2016 3:18:29 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/26/2016 3:18:42 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/26/2016 3:18:51 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/26/2016 3:18:58 AM | Computer Name = SS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP