Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess rootkit infection


  • This topic is locked This topic is locked
25 replies to this topic

#1 brus brother

brus brother

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 November 2012 - 10:46 PM

Computer runs fairly well for an old XP machine but every now and then I have run Combofix to get rid of gremlins.
For the past year or so, I get a notification of rootkit infection zeroaccess inserted into tcp/ip stack.
Is it possibly just a residual bit of garbage or is there a real infection?
I followed some of the previous postings regarding zeroaccess. Malwarebytes run in ASafe Mode finds nothing. ESETonline found and cleaned a few threats. aswMBR run in safe mode doesn't seem to reach completion. TDDSKiller found nothing. RKill finds nothing.
So that's my story. I thought I could solve this myself following other postings but I am apparently missing something.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 09 November 2012 - 11:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The error message could mean a False/Positive result.

Run this tool and post the results for my review.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===

Include this log also.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

#3 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 10 November 2012 - 09:48 AM

Hello nasdaq.
Those options (F8 or Repair Computer)are not available to me.
It is a IBM NetVista machine running XP Sp3.
Please advise.

#4 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 10 November 2012 - 10:32 AM

Unable to access as described, I ran Farbar in normal mode and the results are below. Also attached a zip file of DDS:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2012
Ran by tess at 10-11-2012 10:22:57
Running from E:\
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-11-10 10:22 - 2012-11-10 10:22 - 00000000 ____D C:\FRST
2012-11-09 12:03 - 2012-11-09 12:04 - 00688901 ____A (Swearware) C:\Documents and Settings\tess\Desktop\dds.scr
2012-11-09 11:30 - 2012-11-09 11:29 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-09 11:30 - 2012-11-09 11:29 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-09 11:30 - 2012-11-09 11:29 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-09 11:30 - 2012-11-09 11:29 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-08 21:05 - 2012-11-08 21:05 - 00015721 ____A C:\ComboFix.txt
2012-11-08 12:33 - 2012-11-08 12:33 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-11-08 10:47 - 2012-11-07 16:57 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\Copy of aswMBR.exe
2012-11-07 20:38 - 2012-11-07 20:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tess\Desktop\tdsskiller.exe
2012-11-07 18:24 - 2012-11-07 18:59 - 00001441 ____A C:\scu.dat
2012-11-07 18:16 - 2012-11-07 18:16 - 00002024 ____A C:\Documents and Settings\tess\Desktop\aswMBR.txt
2012-11-07 18:16 - 2012-11-07 18:16 - 00000512 ____A C:\Documents and Settings\tess\Desktop\MBR.dat
2012-11-07 18:15 - 2012-11-07 18:15 - 02322184 ____A (ESET) C:\Documents and Settings\tess\Desktop\esetsmartinstaller_enu.exe
2012-11-07 16:57 - 2012-11-07 16:57 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\aswMBR.exe
2012-11-07 13:12 - 2012-09-29 19:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-07 11:56 - 2012-11-08 19:19 - 04998107 ____R (Swearware) C:\Documents and Settings\tess\Desktop\ComboFix.exe
2012-10-27 14:47 - 2012-10-27 19:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-21 17:34 - 2012-10-21 17:35 - 00000000 ____D C:\Documents and Settings\tess\My Documents\Tess0to3years
2012-10-21 17:32 - 2012-10-21 17:32 - 00000000 ____D C:\Documents and Settings\tess\Desktop\tess0-3years
2012-10-21 17:31 - 2012-10-21 17:31 - 00000000 ____D C:\Documents and Settings\tess\My Documents\tess0-3years
2012-10-21 16:53 - 2012-10-21 16:53 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-10-20 21:41 - 2012-10-20 21:41 - 00002941 ____A C:\Windows\System32\jupdate-1.6.0_37-b06.log
2012-10-20 00:58 - 2012-10-20 00:58 - 00003914 ____A C:\Documents and Settings\tess\reset.log

==================== One Month Modified Files and Folders ========

2012-11-10 10:22 - 2012-11-10 10:22 - 00000000 ____D C:\FRST
2012-11-10 10:22 - 2006-10-30 19:36 - 02055137 ____A C:\Windows\WindowsUpdate.log
2012-11-10 10:21 - 2002-09-23 16:27 - 00000159 ____A C:\Windows\wiadebug.log
2012-11-10 10:21 - 2002-09-23 16:27 - 00000050 ____A C:\Windows\wiaservc.log
2012-11-10 10:21 - 1980-01-01 03:00 - 00001170 ____A C:\Windows\System32\wpa.dbl
2012-11-10 10:20 - 2011-12-22 22:21 - 00000276 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
2012-11-10 10:20 - 2010-10-27 22:00 - 00000236 ____A C:\Windows\Tasks\OGALogon.job
2012-11-10 10:20 - 2009-05-15 15:45 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-11-10 10:20 - 2009-05-15 15:44 - 00000000 ____A C:\Windows\System32\Drivers\logiflt.iad
2012-11-10 10:20 - 2006-01-28 09:04 - 00000062 __ASH C:\Documents and Settings\tess\Local Settings\desktop.ini
2012-11-10 10:20 - 2002-09-23 16:41 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-10 10:20 - 2002-09-23 16:41 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-10 10:20 - 2002-09-23 16:33 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-10 10:19 - 2010-10-23 23:32 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-11-10 10:19 - 2006-01-28 09:04 - 00000278 ___SH C:\Documents and Settings\tess\ntuser.ini
2012-11-10 10:19 - 2002-09-23 16:41 - 00032182 ____A C:\Windows\SchedLgU.Txt
2012-11-10 10:10 - 2010-03-02 22:40 - 00000974 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004UA.job
2012-11-10 10:10 - 2010-03-02 22:40 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core.job
2012-11-10 10:01 - 2012-07-18 07:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-10 09:20 - 2012-09-28 00:58 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
2012-11-10 08:30 - 2011-01-12 03:29 - 00000284 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
2012-11-10 00:23 - 2012-07-15 22:09 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-11-10 00:16 - 2002-09-23 16:25 - 00522770 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-09 12:04 - 2012-11-09 12:03 - 00688901 ____A (Swearware) C:\Documents and Settings\tess\Desktop\dds.scr
2012-11-09 11:30 - 2006-11-17 19:44 - 00000000 ____D C:\Program Files\Common Files\Java
2012-11-09 11:29 - 2012-11-09 11:30 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-09 11:29 - 2012-11-09 11:30 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-09 11:29 - 2012-11-09 11:30 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-09 11:29 - 2012-11-09 11:30 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-09 11:29 - 2012-04-04 12:21 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-09 11:29 - 2009-04-04 11:11 - 00143872 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2012-11-09 11:29 - 2006-11-17 19:45 - 00000000 ____D C:\Program Files\Java
2012-11-08 21:05 - 2012-11-08 21:05 - 00015721 ____A C:\ComboFix.txt
2012-11-08 21:05 - 2011-10-01 12:29 - 00000000 ____D C:\Qoobox
2012-11-08 21:02 - 1980-01-01 03:00 - 00000227 ____A C:\Windows\system.ini
2012-11-08 19:19 - 2012-11-07 11:56 - 04998107 ____R (Swearware) C:\Documents and Settings\tess\Desktop\ComboFix.exe
2012-11-08 12:35 - 2006-01-28 09:03 - 00000281 __ASH C:\BOOT.INI
2012-11-08 12:35 - 1980-01-01 03:00 - 00000664 ____A C:\Windows\win.ini
2012-11-08 12:33 - 2012-11-08 12:33 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-11-07 20:38 - 2012-11-07 20:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tess\Desktop\tdsskiller.exe
2012-11-07 20:13 - 2012-07-11 19:08 - 00000972 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core1cd5fc288ebd164.job
2012-11-07 18:59 - 2012-11-07 18:24 - 00001441 ____A C:\scu.dat
2012-11-07 18:24 - 2010-12-20 23:39 - 00000000 ___HD C:\Documents and Settings\All Users\Documents\Server
2012-11-07 18:16 - 2012-11-07 18:16 - 00002024 ____A C:\Documents and Settings\tess\Desktop\aswMBR.txt
2012-11-07 18:16 - 2012-11-07 18:16 - 00000512 ____A C:\Documents and Settings\tess\Desktop\MBR.dat
2012-11-07 18:15 - 2012-11-07 18:15 - 02322184 ____A (ESET) C:\Documents and Settings\tess\Desktop\esetsmartinstaller_enu.exe
2012-11-07 16:57 - 2012-11-08 10:47 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\Copy of aswMBR.exe
2012-11-07 16:57 - 2012-11-07 16:57 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\aswMBR.exe
2012-11-07 16:32 - 2002-09-23 16:16 - 00000000 ____D C:\Windows\repair
2012-11-07 13:12 - 2009-11-18 21:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-29 14:28 - 2012-08-27 14:31 - 00000000 ____D C:\Documents and Settings\tess\Desktop\yale
2012-10-28 17:30 - 2012-04-26 10:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-10-27 19:32 - 2012-10-27 14:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-27 14:05 - 2012-09-21 19:25 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-10-21 17:35 - 2012-10-21 17:34 - 00000000 ____D C:\Documents and Settings\tess\My Documents\Tess0to3years
2012-10-21 17:32 - 2012-10-21 17:32 - 00000000 ____D C:\Documents and Settings\tess\Desktop\tess0-3years
2012-10-21 17:31 - 2012-10-21 17:31 - 00000000 ____D C:\Documents and Settings\tess\My Documents\tess0-3years
2012-10-21 17:29 - 2012-09-08 17:54 - 00000000 ____D C:\Program Files\Mplayer
2012-10-21 17:24 - 2006-01-28 10:19 - 00000049 ____A C:\Windows\NeroDigital.ini
2012-10-21 16:53 - 2012-10-21 16:53 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-10-21 16:53 - 2011-05-12 19:19 - 00000000 ____D C:\Program Files\Nitro PDF
2012-10-21 09:58 - 2011-10-23 12:21 - 00000000 ____D C:\Documents and Settings\tess\Application Data\Downloaded Installations
2012-10-21 08:43 - 2007-03-12 15:08 - 00000349 ____A C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
2012-10-20 21:41 - 2012-10-20 21:41 - 00002941 ____A C:\Windows\System32\jupdate-1.6.0_37-b06.log
2012-10-20 00:58 - 2012-10-20 00:58 - 00003914 ____A C:\Documents and Settings\tess\reset.log

Attached Files


Edited by brus brother, 10 November 2012 - 10:50 AM.


#5 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 11 November 2012 - 08:17 AM

I ran Farbar from F8 Safe Mode with Command Prompt which appeared the closest to your instructions and the result is pasted below:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2012
Ran by tess at 11-11-2012 07:50:56
Running from E:\
Service Pack 3 (X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-11-10 22:54 - 2012-11-10 22:54 - 00000000 ____D C:\Documents and Settings\tess\Local Settings\Application Data\Sun
2012-11-10 10:47 - 2012-11-10 10:47 - 00006929 ____A C:\Documents and Settings\tess\Desktop\attach.zip
2012-11-10 10:38 - 2012-11-10 10:38 - 00031585 ____A C:\Documents and Settings\tess\Desktop\attach.txt
2012-11-10 10:38 - 2012-11-10 10:38 - 00016996 ____A C:\Documents and Settings\tess\Desktop\dds.txt
2012-11-10 10:22 - 2012-11-11 07:50 - 00000000 ____D C:\FRST
2012-11-09 12:03 - 2012-11-09 12:04 - 00688901 ____R (Swearware) C:\Documents and Settings\tess\Desktop\dds.scr
2012-11-09 11:30 - 2012-11-09 11:29 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-09 11:30 - 2012-11-09 11:29 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-09 11:30 - 2012-11-09 11:29 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-09 11:30 - 2012-11-09 11:29 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-08 21:05 - 2012-11-08 21:05 - 00015721 ____A C:\ComboFix.txt
2012-11-08 12:33 - 2012-11-08 12:33 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-11-08 10:47 - 2012-11-07 16:57 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\Copy of aswMBR.exe
2012-11-07 20:38 - 2012-11-07 20:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tess\Desktop\tdsskiller.exe
2012-11-07 18:24 - 2012-11-07 18:59 - 00001441 ____A C:\scu.dat
2012-11-07 18:16 - 2012-11-07 18:16 - 00002024 ____A C:\Documents and Settings\tess\Desktop\aswMBR.txt
2012-11-07 18:16 - 2012-11-07 18:16 - 00000512 ____A C:\Documents and Settings\tess\Desktop\MBR.dat
2012-11-07 18:15 - 2012-11-07 18:15 - 02322184 ____A (ESET) C:\Documents and Settings\tess\Desktop\esetsmartinstaller_enu.exe
2012-11-07 16:57 - 2012-11-07 16:57 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\aswMBR.exe
2012-11-07 13:12 - 2012-09-29 19:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-07 11:56 - 2012-11-08 19:19 - 04998107 ____R (Swearware) C:\Documents and Settings\tess\Desktop\ComboFix.exe
2012-10-27 14:47 - 2012-10-27 19:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-21 17:34 - 2012-10-21 17:35 - 00000000 ____D C:\Documents and Settings\tess\My Documents\Tess0to3years
2012-10-21 17:32 - 2012-10-21 17:32 - 00000000 ____D C:\Documents and Settings\tess\Desktop\tess0-3years
2012-10-21 17:31 - 2012-10-21 17:31 - 00000000 ____D C:\Documents and Settings\tess\My Documents\tess0-3years
2012-10-21 16:53 - 2012-10-21 16:53 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-10-20 21:41 - 2012-10-20 21:41 - 00002941 ____A C:\Windows\System32\jupdate-1.6.0_37-b06.log
2012-10-20 00:58 - 2012-10-20 00:58 - 00003914 ____A C:\Documents and Settings\tess\reset.log

==================== One Month Modified Files and Folders ========

2012-11-11 07:50 - 2002-09-23 16:25 - 00522770 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-11 07:46 - 2006-01-28 09:04 - 00000062 __ASH C:\Documents and Settings\tess\Local Settings\desktop.ini
2012-11-11 07:46 - 1980-01-01 03:00 - 00001170 ____A C:\Windows\System32\wpa.dbl
2012-11-11 07:45 - 2009-05-15 15:44 - 00000000 ____A C:\Windows\System32\Drivers\logiflt.iad
2012-11-11 07:45 - 2002-09-23 16:41 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-11 07:44 - 2006-10-30 19:36 - 01056799 ____A C:\Windows\WindowsUpdate.log
2012-11-11 07:43 - 2010-10-23 23:32 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-11-11 07:43 - 2006-01-28 09:04 - 00000278 ___SH C:\Documents and Settings\tess\ntuser.ini
2012-11-11 07:43 - 2002-09-23 16:41 - 00032400 ____A C:\Windows\SchedLgU.Txt
2012-11-11 07:43 - 2002-09-23 16:33 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-11 07:43 - 2002-09-23 16:27 - 00000275 ____A C:\Windows\wiadebug.log
2012-11-11 07:43 - 2002-09-23 16:27 - 00000050 ____A C:\Windows\wiaservc.log
2012-11-11 07:10 - 2010-03-02 22:40 - 00000974 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004UA.job
2012-11-11 07:01 - 2012-07-18 07:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-11 04:12 - 2012-09-28 00:58 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
2012-11-11 03:04 - 2012-07-15 22:09 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-11-10 22:54 - 2012-11-10 22:54 - 00000000 ____D C:\Documents and Settings\tess\Local Settings\Application Data\Sun
2012-11-10 20:13 - 2012-07-11 19:08 - 00000972 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core1cd5fc288ebd164.job
2012-11-10 18:33 - 2011-12-22 22:21 - 00000276 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
2012-11-10 18:33 - 2010-10-27 22:00 - 00000236 ____A C:\Windows\Tasks\OGALogon.job
2012-11-10 18:33 - 2009-05-15 15:45 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-11-10 18:33 - 2002-09-23 16:41 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-10 15:05 - 2012-09-21 19:25 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-11-10 10:47 - 2012-11-10 10:47 - 00006929 ____A C:\Documents and Settings\tess\Desktop\attach.zip
2012-11-10 10:38 - 2012-11-10 10:38 - 00031585 ____A C:\Documents and Settings\tess\Desktop\attach.txt
2012-11-10 10:38 - 2012-11-10 10:38 - 00016996 ____A C:\Documents and Settings\tess\Desktop\dds.txt
2012-11-10 10:10 - 2010-03-02 22:40 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core.job
2012-11-10 08:30 - 2011-01-12 03:29 - 00000284 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
2012-11-09 12:04 - 2012-11-09 12:03 - 00688901 ____R (Swearware) C:\Documents and Settings\tess\Desktop\dds.scr
2012-11-09 11:30 - 2006-11-17 19:44 - 00000000 ____D C:\Program Files\Common Files\Java
2012-11-09 11:29 - 2012-11-09 11:30 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-09 11:29 - 2012-11-09 11:30 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-09 11:29 - 2012-11-09 11:30 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-09 11:29 - 2012-11-09 11:30 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-09 11:29 - 2012-04-04 12:21 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-09 11:29 - 2009-04-04 11:11 - 00143872 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2012-11-09 11:29 - 2006-11-17 19:45 - 00000000 ____D C:\Program Files\Java
2012-11-08 21:05 - 2012-11-08 21:05 - 00015721 ____A C:\ComboFix.txt
2012-11-08 21:05 - 2011-10-01 12:29 - 00000000 ____D C:\Qoobox
2012-11-08 21:02 - 1980-01-01 03:00 - 00000227 ____A C:\Windows\system.ini
2012-11-08 19:19 - 2012-11-07 11:56 - 04998107 ____R (Swearware) C:\Documents and Settings\tess\Desktop\ComboFix.exe
2012-11-08 12:35 - 2006-01-28 09:03 - 00000281 __ASH C:\BOOT.INI
2012-11-08 12:35 - 1980-01-01 03:00 - 00000664 ____A C:\Windows\win.ini
2012-11-08 12:33 - 2012-11-08 12:33 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-11-07 20:38 - 2012-11-07 20:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tess\Desktop\tdsskiller.exe
2012-11-07 18:59 - 2012-11-07 18:24 - 00001441 ____A C:\scu.dat
2012-11-07 18:24 - 2010-12-20 23:39 - 00000000 ___HD C:\Documents and Settings\All Users\Documents\Server
2012-11-07 18:16 - 2012-11-07 18:16 - 00002024 ____A C:\Documents and Settings\tess\Desktop\aswMBR.txt
2012-11-07 18:16 - 2012-11-07 18:16 - 00000512 ____A C:\Documents and Settings\tess\Desktop\MBR.dat
2012-11-07 18:15 - 2012-11-07 18:15 - 02322184 ____A (ESET) C:\Documents and Settings\tess\Desktop\esetsmartinstaller_enu.exe
2012-11-07 16:57 - 2012-11-08 10:47 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\Copy of aswMBR.exe
2012-11-07 16:57 - 2012-11-07 16:57 - 04731392 ____A (AVAST Software) C:\Documents and Settings\tess\Desktop\aswMBR.exe
2012-11-07 16:32 - 2002-09-23 16:16 - 00000000 ____D C:\Windows\repair
2012-11-07 13:12 - 2009-11-18 21:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-29 14:28 - 2012-08-27 14:31 - 00000000 ____D C:\Documents and Settings\tess\Desktop\yale
2012-10-28 17:30 - 2012-04-26 10:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-10-27 19:32 - 2012-10-27 14:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-21 17:35 - 2012-10-21 17:34 - 00000000 ____D C:\Documents and Settings\tess\My Documents\Tess0to3years
2012-10-21 17:32 - 2012-10-21 17:32 - 00000000 ____D C:\Documents and Settings\tess\Desktop\tess0-3years
2012-10-21 17:31 - 2012-10-21 17:31 - 00000000 ____D C:\Documents and Settings\tess\My Documents\tess0-3years
2012-10-21 17:29 - 2012-09-08 17:54 - 00000000 ____D C:\Program Files\Mplayer
2012-10-21 17:24 - 2006-01-28 10:19 - 00000049 ____A C:\Windows\NeroDigital.ini
2012-10-21 16:53 - 2012-10-21 16:53 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-10-21 16:53 - 2011-05-12 19:19 - 00000000 ____D C:\Program Files\Nitro PDF
2012-10-21 09:58 - 2011-10-23 12:21 - 00000000 ____D C:\Documents and Settings\tess\Application Data\Downloaded Installations
2012-10-21 08:43 - 2007-03-12 15:08 - 00000349 ____A C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
2012-10-20 21:41 - 2012-10-20 21:41 - 00002941 ____A C:\Windows\System32\jupdate-1.6.0_37-b06.log
2012-10-20 00:58 - 2012-10-20 00:58 - 00003914 ____A C:\Documents and Settings\tess\reset.log


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2012-11-11 02:04 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP639

RP: -> 2012-11-11 00:37 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP638

RP: -> 2012-11-09 23:49 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP637

RP: -> 2012-11-09 11:29 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP636

RP: -> 2012-11-08 16:59 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP635

RP: -> 2012-11-07 16:47 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP634

RP: -> 2012-11-06 21:26 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP633

RP: -> 2012-11-05 19:37 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP632

RP: -> 2012-10-29 14:44 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP631

RP: -> 2012-10-29 11:32 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP630

RP: -> 2012-10-28 06:54 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP629

RP: -> 2012-10-28 01:24 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP628

RP: -> 2012-10-27 07:07 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP627

RP: -> 2012-10-27 05:21 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP626

RP: -> 2012-10-26 04:15 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP625

RP: -> 2012-10-25 01:03 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP624

RP: -> 2012-10-24 19:04 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP623

RP: -> 2012-10-23 18:51 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP622

RP: -> 2012-10-22 19:04 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP621

RP: -> 2012-10-21 16:46 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP620

RP: -> 2012-10-21 01:10 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP619

RP: -> 2012-10-20 21:41 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP618

RP: -> 2012-10-20 21:13 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP617

RP: -> 2012-10-19 18:52 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP616

RP: -> 2012-10-18 23:09 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP615

RP: -> 2012-10-17 22:30 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP614

RP: -> 2012-10-16 13:38 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP613

RP: -> 2012-10-15 13:38 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP612

RP: -> 2012-10-15 00:23 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP611

RP: -> 2012-10-13 23:37 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP610

RP: -> 2012-10-12 17:50 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP609

RP: -> 2012-10-12 08:15 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP608

RP: -> 2012-10-11 04:49 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP607

RP: -> 2012-10-10 02:42 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP606

RP: -> 2012-10-10 02:00 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP605

RP: -> 2012-10-08 14:10 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP604

RP: -> 2012-10-07 03:57 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP603

RP: -> 2012-10-07 01:14 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP602

RP: -> 2012-10-05 17:40 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP601

RP: -> 2012-10-04 15:58 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP600

RP: -> 2012-10-03 15:59 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP599

RP: -> 2012-10-02 22:13 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP598

RP: -> 2012-10-01 19:46 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP597

RP: -> 2012-09-30 08:54 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP596

RP: -> 2012-09-30 00:34 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP595

RP: -> 2012-09-29 01:01 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP594

RP: -> 2012-09-28 00:47 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP593

RP: -> 2012-09-27 15:28 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP592

RP: -> 2012-09-26 15:24 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP591

RP: -> 2012-09-24 19:45 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP590

RP: -> 2012-09-24 02:17 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP589

RP: -> 2012-09-23 02:00 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP588

RP: -> 2012-09-23 00:51 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP587

RP: -> 2012-09-22 21:44 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP586

RP: -> 2012-09-21 20:00 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP585

RP: -> 2012-09-21 19:46 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP584

RP: -> 2012-09-20 20:01 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP583

RP: -> 2012-09-19 20:01 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP582

RP: -> 2012-09-19 03:50 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP581

RP: -> 2012-09-18 03:25 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP580

RP: -> 2012-09-17 03:24 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP579

RP: -> 2012-09-16 03:25 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP578

RP: -> 2012-09-16 01:04 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP577

RP: -> 2012-09-15 03:26 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP576

RP: -> 2012-09-13 20:54 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP575

RP: -> 2012-09-13 02:00 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP574

RP: -> 2012-09-12 08:06 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP573

RP: -> 2012-09-12 02:00 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP572

RP: -> 2012-09-10 19:31 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP571

RP: -> 2012-09-09 04:27 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP570

RP: -> 2012-09-09 00:48 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP569

RP: -> 2012-09-07 19:44 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP568

RP: -> 2012-09-06 18:52 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP567

RP: -> 2012-09-05 18:51 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP566

RP: -> 2012-09-04 20:04 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP565

RP: -> 2012-09-04 03:02 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP564

RP: -> 2012-09-03 03:05 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP563

RP: -> 2012-09-02 03:00 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP562

RP: -> 2012-09-02 00:45 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP561

RP: -> 2012-09-01 14:47 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP560

RP: -> 2012-09-01 14:42 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP559

RP: -> 2012-09-01 03:11 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP558

RP: -> 2012-08-31 20:41 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP557

RP: -> 2012-08-30 20:39 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP556

RP: -> 2012-08-29 20:42 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP555

RP: -> 2012-08-28 20:42 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP554

RP: -> 2012-08-27 20:40 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP553

RP: -> 2012-08-26 20:38 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP552

RP: -> 2012-08-26 00:38 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP551

RP: -> 2012-08-25 20:41 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP550

RP: -> 2012-08-25 01:30 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP549

RP: -> 2012-08-24 01:29 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP548

RP: -> 2012-08-23 19:17 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP547

RP: -> 2012-08-22 17:34 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP546

RP: -> 2012-08-21 17:33 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP545

RP: -> 2012-08-20 17:36 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP544

RP: -> 2012-08-20 01:24 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP543

RP: -> 2012-08-19 01:17 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP542

RP: -> 2012-08-18 04:34 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP541

RP: -> 2012-08-17 04:32 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP540

RP: -> 2012-08-16 04:34 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP539

RP: -> 2012-08-15 02:00 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP538

RP: -> 2012-08-14 17:20 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP537

RP: -> 2012-08-13 17:19 - 028672 _restore{E7276E57-4F79-409F-B1A4-3D382C476E72}\RP536


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 1021.98 MB
Available physical RAM: 773.13 MB
Total Pagefile: 2458 MB
Available Pagefile: 2332.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.52 MB

==================== Partitions =============================

1 Drive c: (IBM_PRELOAD) (Fixed) (Total:149.05 GB) (Free:40.87 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (New Volume) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 32 KB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C IBM_PRELOAD NTFS Partition 149 GB Healthy System (partition with boot components)
=========================================================
==================== End Of Log ============================

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 17 November 2012 - 08:22 AM

I apologize for this long delay. Are you still with me?

#7 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 November 2012 - 09:16 AM

Still here with my nose pressed against the screen!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 17 November 2012 - 09:39 AM

The ZeroAccess notice from ComboFix might just be a false positive.

Run this tool and post the log. I also want to know if you can run this computer in Normal Mode.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#9 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 November 2012 - 10:38 AM

Computer can run in Normal Mode.

OTL logfile created on: 11/17/2012 10:15:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\tess\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 540.35 Mb Available Physical Memory | 52.87% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.15% Paging File free
Paging file location(s): C:\pagefile.sys 1531 1531 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 39.52 Gb Free Space | 26.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: IBMDESKTOP | User Name: tess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\tess\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\tess\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\NMSSvc.Exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll ()
MOD - c:\Program Files\McAfee\SiteAdvisor\cntscan.dll ()
MOD - c:\Program Files\McAfee\SiteAdvisor\apengine.dll ()
MOD - C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
MOD - C:\WINDOWS\system32\NgSharedPort.dll ()


========== Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (NMSSvc) -- C:\WINDOWS\system32\NMSSvc.Exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCANDIS5) -- C:\DOCUME~1\tess\Desktop\DWL-520\PCANDIS5.SYS File not found
DRV - (MFE_RR) -- C:\DOCUME~1\tess\LOCALS~1\Temp\mfe_rr.sys File not found
DRV - (ManyCam) -- system32\DRIVERS\ManyCam.sys File not found
DRV - (lvselsus) -- system32\DRIVERS\lvselsus.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\tess\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (silabser) -- C:\WINDOWS\system32\drivers\silabser.sys (Silicon Laboratories)
DRV - (silabenm) -- C:\WINDOWS\system32\drivers\silabenm.sys (Silicon Laboratories)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WISTechVIDCAP) -- C:\WINDOWS\system32\drivers\wisgostrm.sys (Pinnacle Systems)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (NMSCFG) -- C:\WINDOWS\system32\drivers\NMSCFG.SYS (Intel Corporation)
DRV - (PRISM) -- C:\WINDOWS\system32\drivers\PRISMNDS.sys (D-Link Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{84B7EDDA-5203-4BE6-8ECD-0791C8F0FB98}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={233A1C6D-4DA7-4FE4-86DF-4B1013189FB4}&mid=cce437dcc68d47d08876d1402d59286f-fefe181a7e9d8666b82fcd87346638a22869c469&lang=en&ds=ga011&pr=sa&d=2012-07-17 21:20:42&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{FDA3B927-CE90-F095-31E5-29B4FDC893D7}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z204&form=ZGAIDF&install_date=20111120&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z204&form=ZGAADF&install_date=20111120&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\tess\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\tess\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\tess\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/11/06 04:04:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/22 03:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 15:08:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 14:52:20 | 000,000,000 | ---D | M]

[2012/06/30 05:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Extensions
[2009/01/13 11:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/11/15 07:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions
[2011/03/06 05:33:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/06 05:33:20 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/06/16 07:06:48 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}(2)
[2010/04/01 20:31:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/12/24 08:05:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)
[2009/03/10 17:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Sunbird\Profiles\wybtss1d.default\extensions
[2012/11/15 07:11:40 | 000,124,993 | ---- | M] () (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/10/18 03:00:17 | 000,221,098 | ---- | M] () (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\artur.dubovoy@gmail.com.xpi
[2011/12/03 18:20:03 | 000,097,169 | ---- | M] () (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/07/25 07:34:01 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\tess\Application Data\Mozilla\Firefox\Profiles\xj11qpn2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/27 14:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 14:47:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/27 14:47:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 14:47:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/27 14:47:40 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2012/11/06 04:04:24 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/03/04 06:50:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps(2).dll
[2011/03/04 06:50:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps(3).dll
[2012/10/27 15:08:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/05/05 20:15:36 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2011/07/13 16:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 16:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/22 03:34:53 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/17 20:20:26 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/29 19:53:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/12 11:03:37 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\tess\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: No name found = C:\Documents and Settings\tess\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/11/07 12:28:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\tess\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342629291906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BC419D-CE60-4978-A915-E5E18AA73CDF}: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/28 09:04:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 10:11:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tess\Desktop\OTL.exe
[2012/11/16 05:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tess\Local Settings\Application Data\PCHealth
[2012/11/11 10:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/10 22:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tess\Local Settings\Application Data\Sun
[2012/11/10 10:22:53 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/09 12:03:58 | 000,688,901 | R--- | C] (Swearware) -- C:\Documents and Settings\tess\Desktop\dds.scr
[2012/11/09 11:30:23 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/09 11:30:00 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/09 11:30:00 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/09 11:30:00 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/08 21:15:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/08 12:33:49 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/08 10:47:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\tess\Desktop\Copy of aswMBR.exe
[2012/11/07 20:38:31 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tess\Desktop\tdsskiller.exe
[2012/11/07 18:15:56 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\tess\Desktop\esetsmartinstaller_enu.exe
[2012/11/07 16:57:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\tess\Desktop\aswMBR.exe
[2012/11/07 13:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/07 13:12:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/07 11:56:42 | 004,998,107 | R--- | C] (Swearware) -- C:\Documents and Settings\tess\Desktop\ComboFix.exe
[2012/10/27 14:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/21 17:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tess\My Documents\Tess0to3years
[2012/10/21 17:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tess\Desktop\tess0-3years
[2012/10/21 17:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tess\My Documents\tess0-3years
[2012/10/21 16:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/17 10:11:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tess\Desktop\OTL.exe
[2012/11/17 10:10:08 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core.job
[2012/11/17 10:10:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004UA.job
[2012/11/17 10:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/17 09:54:19 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/11/17 08:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
[2012/11/16 20:13:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core1cd5fc288ebd164.job
[2012/11/16 19:34:53 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/16 19:28:32 | 000,441,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 19:28:32 | 000,071,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/16 19:24:41 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/16 19:24:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/11/16 19:24:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
[2012/11/16 19:23:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/16 19:23:46 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 19:23:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/11/16 19:23:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/11/16 10:07:36 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/11/16 05:25:59 | 001,931,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/16 03:15:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/13 17:32:31 | 000,014,505 | ---- | M] () -- C:\Documents and Settings\tess\Desktop\Nationsl
[2012/11/13 17:15:19 | 000,015,189 | ---- | M] () -- C:\Documents and Settings\tess\Desktop\Nationsl.xml
[2012/11/10 15:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/10 10:47:23 | 000,006,929 | ---- | M] () -- C:\Documents and Settings\tess\Desktop\attach.zip
[2012/11/09 12:04:15 | 000,688,901 | R--- | M] (Swearware) -- C:\Documents and Settings\tess\Desktop\dds.scr
[2012/11/09 11:29:38 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/11/09 11:29:31 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/11/09 11:29:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/11/09 11:29:31 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/11/09 11:29:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/11/09 11:29:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/08 19:19:01 | 004,998,107 | R--- | M] (Swearware) -- C:\Documents and Settings\tess\Desktop\ComboFix.exe
[2012/11/08 13:29:14 | 000,002,266 | ---- | M] () -- C:\Documents and Settings\tess\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/08 12:35:45 | 000,000,281 | -HS- | M] () -- C:\BOOT.INI
[2012/11/08 12:33:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/07 20:38:34 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tess\Desktop\tdsskiller.exe
[2012/11/07 18:59:46 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/07 18:16:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\tess\Desktop\MBR.dat
[2012/11/07 18:15:59 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\tess\Desktop\esetsmartinstaller_enu.exe
[2012/11/07 16:57:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\tess\Desktop\Copy of aswMBR.exe
[2012/11/07 16:57:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\tess\Desktop\aswMBR.exe
[2012/11/07 12:28:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/10/21 17:24:59 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/21 08:43:48 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/13 17:32:29 | 000,014,505 | ---- | C] () -- C:\Documents and Settings\tess\Desktop\Nationsl
[2012/11/13 17:14:57 | 000,015,189 | ---- | C] () -- C:\Documents and Settings\tess\Desktop\Nationsl.xml
[2012/11/11 08:09:29 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/10 10:47:19 | 000,006,929 | ---- | C] () -- C:\Documents and Settings\tess\Desktop\attach.zip
[2012/11/07 18:24:33 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/07 18:16:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\tess\Desktop\MBR.dat
[2012/10/21 16:54:24 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Nitro Reader 2.lnk
[2012/09/06 03:11:55 | 000,004,676 | ---- | C] () -- C:\Documents and Settings\tess\.recently-used.xbel
[2012/02/14 21:40:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/27 11:14:10 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/12/10 07:02:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\p4546B.com.b
[2011/12/10 06:59:57 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\02Tb2s2E.dat
[2011/12/09 20:58:31 | 000,013,318 | -HS- | C] () -- C:\Documents and Settings\tess\Local Settings\Application Data\763025o6x612j178g650o6kbd1h1
[2011/11/20 16:32:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/11/20 16:31:12 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/10/01 12:29:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/01 12:29:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/01 12:29:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/01 12:29:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/01 12:29:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/26 02:12:34 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/06/26 02:12:34 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011/04/22 11:10:59 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2010/12/07 19:22:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\tess\Application Data\$_hpcst$.hpc
[2010/04/01 20:18:28 | 000,016,110 | -HS- | C] () -- C:\Documents and Settings\tess\Local Settings\Application Data\8Cq4r
[2010/04/01 20:18:28 | 000,016,110 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2010/04/01 08:07:04 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\tess\Local Settings\Application Data\8kUL5H5g
[2010/04/01 08:07:04 | 000,014,792 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8kUL5H5g
[2010/03/01 23:24:16 | 000,012,244 | -HS- | C] () -- C:\Documents and Settings\tess\Local Settings\Application Data\S7L2
[2010/01/24 11:48:26 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\tess\Local Settings\Application Data\.mpid
[2009/10/29 21:26:47 | 000,024,011 | ---- | C] () -- C:\Documents and Settings\tess\wonderwoman logo.jpg
[2009/04/01 19:55:39 | 000,038,849 | ---- | C] () -- C:\Documents and Settings\tess\Application Data\Comma Separated Values (Windows).ADR
[2009/03/10 15:36:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\tess\PUTTY.RND
[2009/02/25 18:34:23 | 000,006,908 | ---- | C] () -- C:\Documents and Settings\tess\Application Data\PrimoPDFSet.xml
[2008/01/03 16:03:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\tess\Local Settings\Application Data\fusioncache.dat
[2007/03/16 08:12:46 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\tess\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/12 15:55:32 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\tess\hhjj.bat~
[2006/01/28 10:19:30 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\tess\default.pls

========== ZeroAccess Check ==========

[2007/12/29 18:20:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 20:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/17 20:19:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/08 23:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\corz
[2012/09/14 14:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2009/02/11 22:29:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\f17e372
[2011/11/20 16:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/10/24 12:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/01/28 12:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/05/12 19:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/10/09 18:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2007/03/13 02:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/03/13 02:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2012/05/09 02:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/03/16 11:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/01/17 08:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/09/14 14:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/09/03 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/04 09:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/03 15:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Acapela Group
[2010/10/31 08:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Amazon
[2012/09/14 13:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Any DVD Cloner Platinum
[2011/02/03 18:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Barnes & Noble
[2009/08/29 18:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Blender Foundation
[2012/05/05 20:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Catalina Marketing Corp
[2012/03/08 23:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\corz
[2012/10/08 00:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Digiarty
[2012/10/21 09:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Downloaded Installations
[2010/07/27 23:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\E-centives
[2012/02/07 05:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\ElevatedDiagnostics
[2009/04/20 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\FileZilla
[2012/01/12 16:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\GetRightToGo
[2010/10/30 05:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\gobby-0.4
[2012/09/06 03:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\gtk-2.0
[2010/12/21 17:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Hypena
[2009/04/03 13:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\ICAClient
[2010/10/26 14:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\ImgBurn
[2009/05/15 15:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Leadertech
[2012/05/26 14:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\LibreOffice
[2009/09/28 07:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\LogoMaker
[2009/05/15 22:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\ManyCam
[2012/06/30 05:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Moonchild Productions
[2012/07/18 18:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Nitro PDF
[2011/05/12 19:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\OpenCandy
[2010/02/22 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\OpenOffice.org
[2010/03/08 08:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Participatory Culture Foundation
[2010/03/01 23:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\PicturePaste.com
[2011/05/12 19:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\PrimoPDF
[2012/09/16 14:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\RipIt4Me
[2011/10/01 09:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\RW8R9TUlBz0c1v
[2012/07/10 14:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Scribus
[2009/03/12 21:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Serif
[2006/01/28 10:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Snapfish
[2012/07/21 12:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\TeamViewer
[2011/10/01 09:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\tnFaHsJfLgZjCIr
[2009/01/13 11:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\TomTom
[2011/05/10 12:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Ugiwol
[2009/12/01 19:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\XnView
[2011/02/03 15:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tess\Application Data\Xtranormal

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/11/08 12:33:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2012/08/30 21:03:50 | 000,193,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MpFilter.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[1980/01/01 03:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2002/09/23 16:33:55 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006/01/28 09:03:51 | 000,000,258 | ---- | C] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2006/01/28 09:03:52 | 000,000,258 | ---- | C] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2006/01/28 09:03:52 | 000,000,258 | ---- | C] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2010/03/02 22:40:43 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core.job
[2010/03/02 22:40:44 | 000,000,974 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004UA.job
[2010/10/27 22:00:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/01/12 03:29:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
[2011/12/22 22:21:00 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4246261720-1157900144-1835783390-1004.job
[2012/07/11 19:08:58 | 000,000,972 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4246261720-1157900144-1835783390-1004Core1cd5fc288ebd164.job
[2012/07/15 22:09:37 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/18 07:25:35 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/09/21 19:25:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2012/09/28 00:58:34 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\Tasks\MpIdleTask.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-11-17 08:01:30

< MD5 for: AGP440.SYS >
[2007/03/13 16:27:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/02 21:29:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/03/13 16:27:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/04/02 21:29:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: AHCIX86.SYS >
[2009/04/08 13:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\AM2\ahcix86.sys
[2007/08/08 09:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\AM3\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/03/13 16:27:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/02 21:29:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/03/13 16:27:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/04/02 21:29:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 02:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2002/08/29 08:00:00 | 000,565,760 | ---- | M] (Microsoft Corporation) MD5=C29EA308913FEC2AF4F977EF718A3574 -- C:\I386\AUTOCHK.EXE

< MD5 for: BEEP.SYS >
[2002/08/29 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2002/08/29 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 000,975,360 | ---- | M] (Microsoft Corporation) MD5=9784E0719124E4A23989AEF9E7CA02D6 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2008/12/03 05:24:40 | 000,286,720 | ---- | M] () MD5=DC3E9DF567567080CFDA56347C63A983 -- C:\Documents and Settings\tess\Desktop\MIO FILES\MioPocket 4.0 Release 68\MioPocket 4.0 Release 68\MioAutoRun\System\CE5\explorer.exe
[2006/11/18 21:50:04 | 000,280,064 | ---- | M] () MD5=FAC2688D868B71355E125B9332864956 -- C:\Documents and Settings\tess\Desktop\MIO FILES\MioPocket 4.0 Release 68\MioPocket 4.0 Release 68\MioAutoRun\System\CE4\explorer.exe

< MD5 for: IASTOR.SYS >
[2010/03/03 21:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\I4\IaStor.sys
[2005/10/12 06:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\I\iastor.sys
[2007/09/29 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\I3\IASTOR.SYS
[2007/02/12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\I2\iaStor.sys

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/04 02:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2002/08/29 08:00:00 | 000,930,304 | ---- | M] (Microsoft Corporation) MD5=8F162DC91D67D87C1A481BF602A9DAC8 -- C:\WINDOWS\$NtUninstallKB917422_0$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 02:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 01:15:09 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
[2002/08/29 08:00:00 | 000,561,920 | ---- | M] (Microsoft Corporation) MD5=E3AE9C79498210A5F39FE5A9AD62BC55 -- C:\I386\NTFS.SYS

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 02:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: NVATABUS.SYS >
[2006/02/26 10:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\N2\NVATABUS.sys
[2006/04/24 10:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\Nt\NVATABUS.sys

< MD5 for: NVGTS.SYS >
[2010/04/08 19:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=52DCE3B30C9D61C8E20FE3C6DA4BDFB7 -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\N7\nvgts.sys
[2008/11/12 10:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\N6\nvgts.sys
[2010/04/08 19:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=87096913DFB9129144E1038AADFF17EE -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\N7r\nvgts.sys
[2008/11/12 10:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\N6r\nvgts.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 02:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 02:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2002/08/29 08:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 02:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 02:56:57 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2002/08/29 08:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=9B4155BA58192D4073082B8FC5D42612 -- C:\WINDOWS\$NtUninstallKB896423_0$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 02:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 02:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2010/02/22 10:29:10 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=79D0DCF683856593309601F4089F758A -- C:\Documents and Settings\tess\Desktop\dr pks\D\M\V\viamraid.sys

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 02:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< End of report >

OTL Extras logfile created on: 11/17/2012 10:15:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\tess\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 540.35 Mb Available Physical Memory | 52.87% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.15% Paging File free
Paging file location(s): C:\pagefile.sys 1531 1531 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 39.52 Gb Free Space | 26.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: IBMDESKTOP | User Name: tess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [01.checksum] -- "C:\Program Files\corz\checksum\checksum.exe" cr "%1" (corz.org)
Directory [03.checksum] -- "C:\Program Files\corz\checksum\checksum.exe" vr "%1" (corz.org)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"513:TCP" = 513:TCP:*:Enabled:LPD
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe" = C:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe:*:Enabled:Contribute CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"Zvpebfbsg Jvaqbjf Ubfgvat Freivpr" = C:\DOCUME~1\tess\LOCALS~1\Temp\csrssr.exe
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\tess\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\tess\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33DF935B-2B12-4BA8-94AE-048784AB8B4D}" = Nitro Reader 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{368A06CC-909A-4F55-AF29-6CFCCEA02479}" = LibreOffice 3.5 Help Pack (English)
"{379F9A64-4317-477A-BBC5-35466F8476B5}" = OpenOffice.org 3.2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3E913965-40E7-4801-8C53-82A61E1533E7}" = Shipping Assistant 3.7
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{50063EEB-8CD5-4AA4-AA13-30699DD92629}" = Adobe Setup
"{5BB770DE-19FF-4D71-A0E0-1F21E1847512}" = Adobe PDistiller
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83227C6D-EE12-44F2-9C50-BCB454F18C2C}" = Adobe Update Manager CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{87A7D286-B0AD-45CB-906D-0E59E2698661}" = D-Link 11Mbps Wireless LAN for Windows
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A14FBBE-DADD-428A-BB16-37E0D3420B49}" = Multi-Media Keyboard
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BCD7AE7-F713-4D50-BAB9-7839B938686F}" = ImageShack Uploader 2.1.0
"{8EC4F64D-92E4-4274-9495-4C887D49DEC3}" = Xtranormal State
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D28CB048-A0AB-4F98-909F-69F3F25AA87D}" = Xtranormal State - Showpak-Playgoz-Preview
"{E1DFFBAD-B55C-4296-A9FB-9F411BB7535C}" = D-Link 11Mbps Wireless LAN for Windows
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF1482CF-D19B-44DD-B887-9698CB51DFD5}" = Studio 10.8 Patch
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4c96cd7621076512aaef5e76536b4ef" = Adobe Contribute CS4
"Alt CDA to MP3 Converter 7.2 Shareware_is1" = Alt CDA to MP3 Converter 7.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ATT-RC" = ATT-RC Self Support Tool
"ATT-RemoteControl" = ATT-RemoteControl
"Audacity_is1" = Audacity 1.2.6
"Blender" = Blender (remove only)
"BN_DesktopReader" = NOOK for PC
"CeRegEditor_is1" = CeRegEditor 0.0.5.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.2.1.0 (07/09/2012) Qt
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"FileZilla Client" = FileZilla Client 3.2.3.1
"Finale 2009" = Finale 2009
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Window Registry Repair" = Free Window Registry Repair
"GIF Animator" = Microsoft GIF Animator
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogoMaker_is1" = LogoMaker 2.0
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Miro" = Miro
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSPUB5" = Microsoft Publisher 98
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NETGEAR ProSafe Firewall Router" = NETGEAR ProSafe Firewall Router
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Picasa 3" = Picasa 3
"PIXresizer_is1" = PIXresizer
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF4.1.0.9" = PrimoPDF
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RealPlayer 15.0" = RealPlayer
"Scribus 1.4.1" = Scribus 1.4.1
"TomTom HOME" = TomTom HOME 2.5.2.60
"TransMac_is1" = TransMac version 10.2
"Veetle TV" = Veetle TV 0.9.18
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.9.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Smoker Free Edition_is1" = XP Smoker Free Edition 6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2012 11:11:55 AM | Computer Name = IBMDESKTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 11/16/2012 4:47:33 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/16/2012 4:47:37 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error - 11/16/2012 4:47:41 AM | Computer Name = IBMDESKTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 11/16/2012 11:07:23 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/16/2012 11:07:26 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error - 11/16/2012 11:07:28 AM | Computer Name = IBMDESKTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 11/17/2012 4:01:23 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/17/2012 4:01:27 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error - 11/17/2012 4:01:29 AM | Computer Name = IBMDESKTOP | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD Networking
Support Environment service which failed to start because of the following error:
%%31

Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT oreans32 PCLEPCI RasAcd Rdbss Tcpip Tcpip6
WS2IFSL

Error - 11/11/2012 8:47:54 AM | Computer Name = IBMDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/11/2012 9:08:24 AM | Computer Name = IBMDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/11/2012 9:09:58 AM | Computer Name = IBMDESKTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer4.

Error - 11/16/2012 4:50:20 AM | Computer Name = IBMDESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error - 11/16/2012 11:07:29 AM | Computer Name = IBMDESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error - 11/17/2012 4:03:02 AM | Computer Name = IBMDESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).


< End of report >

#10 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 November 2012 - 10:40 AM

OTL Extras logfile created on: 11/17/2012 10:15:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\tess\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 540.35 Mb Available Physical Memory | 52.87% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.15% Paging File free
Paging file location(s): C:\pagefile.sys 1531 1531 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 39.52 Gb Free Space | 26.52% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: IBMDESKTOP | User Name: tess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [01.checksum] -- "C:\Program Files\corz\checksum\checksum.exe" cr "%1" (corz.org)
Directory [03.checksum] -- "C:\Program Files\corz\checksum\checksum.exe" vr "%1" (corz.org)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"513:TCP" = 513:TCP:*:Enabled:LPD
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe" = C:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe:*:Enabled:Contribute CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"Zvpebfbsg Jvaqbjf Ubfgvat Freivpr" = C:\DOCUME~1\tess\LOCALS~1\Temp\csrssr.exe
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\tess\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\tess\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33DF935B-2B12-4BA8-94AE-048784AB8B4D}" = Nitro Reader 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{368A06CC-909A-4F55-AF29-6CFCCEA02479}" = LibreOffice 3.5 Help Pack (English)
"{379F9A64-4317-477A-BBC5-35466F8476B5}" = OpenOffice.org 3.2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3E913965-40E7-4801-8C53-82A61E1533E7}" = Shipping Assistant 3.7
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{50063EEB-8CD5-4AA4-AA13-30699DD92629}" = Adobe Setup
"{5BB770DE-19FF-4D71-A0E0-1F21E1847512}" = Adobe PDistiller
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83227C6D-EE12-44F2-9C50-BCB454F18C2C}" = Adobe Update Manager CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{87A7D286-B0AD-45CB-906D-0E59E2698661}" = D-Link 11Mbps Wireless LAN for Windows
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A14FBBE-DADD-428A-BB16-37E0D3420B49}" = Multi-Media Keyboard
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BCD7AE7-F713-4D50-BAB9-7839B938686F}" = ImageShack Uploader 2.1.0
"{8EC4F64D-92E4-4274-9495-4C887D49DEC3}" = Xtranormal State
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D28CB048-A0AB-4F98-909F-69F3F25AA87D}" = Xtranormal State - Showpak-Playgoz-Preview
"{E1DFFBAD-B55C-4296-A9FB-9F411BB7535C}" = D-Link 11Mbps Wireless LAN for Windows
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF1482CF-D19B-44DD-B887-9698CB51DFD5}" = Studio 10.8 Patch
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4c96cd7621076512aaef5e76536b4ef" = Adobe Contribute CS4
"Alt CDA to MP3 Converter 7.2 Shareware_is1" = Alt CDA to MP3 Converter 7.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ATT-RC" = ATT-RC Self Support Tool
"ATT-RemoteControl" = ATT-RemoteControl
"Audacity_is1" = Audacity 1.2.6
"Blender" = Blender (remove only)
"BN_DesktopReader" = NOOK for PC
"CeRegEditor_is1" = CeRegEditor 0.0.5.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.2.1.0 (07/09/2012) Qt
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"FileZilla Client" = FileZilla Client 3.2.3.1
"Finale 2009" = Finale 2009
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Window Registry Repair" = Free Window Registry Repair
"GIF Animator" = Microsoft GIF Animator
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogoMaker_is1" = LogoMaker 2.0
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Miro" = Miro
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSPUB5" = Microsoft Publisher 98
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NETGEAR ProSafe Firewall Router" = NETGEAR ProSafe Firewall Router
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Picasa 3" = Picasa 3
"PIXresizer_is1" = PIXresizer
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF4.1.0.9" = PrimoPDF
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RealPlayer 15.0" = RealPlayer
"Scribus 1.4.1" = Scribus 1.4.1
"TomTom HOME" = TomTom HOME 2.5.2.60
"TransMac_is1" = TransMac version 10.2
"Veetle TV" = Veetle TV 0.9.18
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.9.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Smoker Free Edition_is1" = XP Smoker Free Edition 6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2012 11:11:55 AM | Computer Name = IBMDESKTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 11/16/2012 4:47:33 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/16/2012 4:47:37 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error - 11/16/2012 4:47:41 AM | Computer Name = IBMDESKTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 11/16/2012 11:07:23 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/16/2012 11:07:26 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error - 11/16/2012 11:07:28 AM | Computer Name = IBMDESKTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 11/17/2012 4:01:23 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/17/2012 4:01:27 AM | Computer Name = IBMDESKTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error - 11/17/2012 4:01:29 AM | Computer Name = IBMDESKTOP | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD Networking
Support Environment service which failed to start because of the following error:
%%31

Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 11/11/2012 8:47:01 AM | Computer Name = IBMDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT oreans32 PCLEPCI RasAcd Rdbss Tcpip Tcpip6
WS2IFSL

Error - 11/11/2012 8:47:54 AM | Computer Name = IBMDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/11/2012 9:08:24 AM | Computer Name = IBMDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/11/2012 9:09:58 AM | Computer Name = IBMDESKTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer4.

Error - 11/16/2012 4:50:20 AM | Computer Name = IBMDESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error - 11/16/2012 11:07:29 AM | Computer Name = IBMDESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error - 11/17/2012 4:03:02 AM | Computer Name = IBMDESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).


< End of report >

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 17 November 2012 - 01:44 PM

Nothing suspicious was found on your OTL log

If you want to check further on the ComboFix error reguarding the ZeroAccess infection I need you to install the

You did see this error.

Error: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

You do not want to be fumbling with clumsy users when the sh*t hits the fan. Get them to install it as soon as possible. There's a guide for doing so here :
http://www.bleepingcomputer.com/tutorials/tutorial117.html

You did see this warning?
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Execute this immediately.
How to install and use the Windows XP Recovery Console
http://www.bleepingcomputer.com/tutorials/tutorial117.html

You will be sorry if you do not and have to restore your operating system.

Then run the Farbar Recovery Scan one more time and post the log.

While at it please include a fresh ComboFix log for my review.

#12 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 November 2012 - 02:46 PM

Actually, I didn't see the warning but oddly, I was always presented with the option when booting of Win XP Pro or Recovery Console.
When I press F8 at start I am only offered options such as normal, safe, safe with command prompt, safe with networking, last known etc. There is no Repair Computer option in that F8 command.
Do I run Farbar in Recovery Console?? I ran it in Safe Mode with command prompt before and that was the second log presented Post #5.
This is where I have been stuck since your first instructions.

Edited by brus brother, 17 November 2012 - 04:00 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 18 November 2012 - 08:05 AM

Do I run Farbar in Recovery Console??

Yes, use the Repair function and follow my previous instructions in post no. 5.

#14 brus brother

brus brother
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 18 November 2012 - 09:43 AM

Do I run Farbar in Recovery Console??

Yes, use the Repair function and follow my previous instructions in post no. 5.

Post #5 is one of my posts so I am confused.
As I stated originally, mine is an XP machine and the "Repair Computer" you keep mentioning is not available in XP when selecting F8. It is only available in Vista and 7.
What I see is:
Posted Image

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 18 November 2012 - 11:05 AM

I'm sorry. my bad.
I need some rest...

I hope this works.

Try this.

How to reset Internet Protocol (TCP/IP)
http://support.microsoft.com/kb/299357

You can use the Automatic way or Do it manually for XP computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users