Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sweet Packs Removed, Computer Still Lagging


  • This topic is locked This topic is locked
25 replies to this topic

#1 nc418

nc418

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 30 May 2013 - 03:38 PM

I am looking for advice on how to remedy a misguided removal of Sweet Packs. The issue at hand is that the computer was infected with Sweet Packs and based on information provided on this forum programs were used without proper guidance and the problem is still not resolved. The following programs were used in order WITHOUT direction from Bleeping Computer staff and irresponsibly installed and utilized:

1. AdwCleaner was used and the log file is available upon request.

2. Junkware Removal tool was used and the log file is available upon request.

3. Combofix was used (  :scratchhead: ) without Bleeping Computers consent, again the log file is available upon request.

 

The current state of the computer is one of perpetual lagging and no program will function properly. After I learned of the usage of the above programs I thought perhaps it was BitDefender taking up far too much CPU. I followed through with an update and the computer is still very slow and since Sweet Packs infected the computer there has been an occasional blue screen "STOP: 0x0000008E". The computer was in working fine prior to the infection of Sweet Packs. In the case that you could assist in any way to get the computer back in working order I would greatly appreciate it.

 

-NC418



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 AM

Posted 01 June 2013 - 09:07 PM



Hello nc418

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nc418

nc418
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 June 2013 - 04:02 PM

Hello,
 
Thank you so much for responding, here is the DDS log as requested:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Owner at 16:58:35 on 2013-06-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3325.2678 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* 
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehrecvr.exe
C:\WINDOWS\eHome\ehsched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = :0
uProxyOverride = <local>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
mRunOnce: [EasyTuneVI] c:\program files\gigabyte\et6\ETCall.exe
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] c:\windows\system32\cmd.exe /c del "c:\documents and settings\all users\application data\microsoft help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{91140000-0057-0000-0000-0000000FF1CE}] c:\windows\system32\cmd.exe /c del "c:\documents and settings\all users\application data\microsoft help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] c:\windows\system32\cmd.exe /c del "c:\documents and settings\all users\application data\microsoft help\Rgstrtn.lck" /Q /A:H
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: talk4free.com
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340490372000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{DB0477EF-93C6-4D09-AC3A-BFA9EE9A71EF} : DHCPNameServer = 75.75.76.76 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\knc90xt7.default-1369760584953\
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\emusic download manager 6\npEMusic603.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-5-30 633344]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-5-29 162976]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-10-26 18544]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2013-5-30 72704]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2013-5-28 76696]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2011-10-26 22016]
R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2013-5-30 82824]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2013-5-30 55984]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-27 101392]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-5-30 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-5-30 486536]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-5-30 116560]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-1-26 52224]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-10-26 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-5-30 66392]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2011-10-27 17488]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-1-26 32256]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-5-29 30464]
S3 MDE;MDE;c:\docume~1\owner\locals~1\temp\MDE.exe [2013-5-30 519040]
S3 QDKVCRW;QDKVCRW;c:\docume~1\owner\locals~1\temp\QDKVCRW.exe [2013-5-30 449408]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2011-10-26 36384]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2011-10-26 17536]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\system explorer\service\SystemExplorerService.exe [2012-6-16 558040]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2013-5-30 62688]
SUnknown GVTDrv;GVTDrv; [x]
.
=============== Created Last 30 ================
.
2013-06-02 14:45:22 17488 ----a-w- c:\windows\gdrv.sys
2013-05-30 19:03:50 -------- d-----w- c:\program files\Windows Resource Kits
2013-05-30 18:37:31 -------- d-----w- c:\program files\common files\Microsoft
2013-05-30 18:31:01 -------- d-----w- c:\program files\Windows Kits
2013-05-30 18:04:36 -------- d-----w- c:\documents and settings\all users\application data\Package Cache
2013-05-30 04:12:11 603796 ----a-w- c:\documents and settings\all users\application data\1369885592.bdinstall.bin
2013-05-30 04:01:31 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-05-30 04:01:23 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-05-30 04:01:23 511328 ----a-w- c:\windows\capicom.dll
2013-05-30 04:01:23 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2013-05-30 04:01:06 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-05-30 04:00:24 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-05-30 04:00:16 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-05-30 04:00:08 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-05-30 03:57:19 -------- d-----w- c:\documents and settings\owner\application data\Bitdefender
2013-05-30 03:57:16 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
2013-05-30 03:46:55 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-05-30 03:46:50 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-30 03:46:49 -------- d-----w- c:\program files\Bitdefender
2013-05-30 03:45:50 -------- d-----w- c:\program files\common files\Bitdefender
2013-05-30 02:53:26 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-05-29 02:00:37 -------- d-----w- c:\windows\ERUNT
2013-05-29 01:57:24 -------- d-----w- C:\JRT
2013-05-28 22:00:48 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2013-05-28 19:22:37 214256 ----a-w- c:\windows\system32\muweb.dll
2013-05-28 18:26:45 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2013-05-28 02:36:54 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-05-28 02:36:49 131720 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2013-05-26 16:25:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-05-26 16:25:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-25 02:19:00 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-06-02 20:34:17 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-06-02 16:33:51 17488 ----a-w- c:\windows\etdrv.sys
2013-05-15 18:42:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 18:42:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 22:42:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-08 22:42:45 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-08 22:42:45 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 22:42:45 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 16:58:54.92 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/26/2011 10:18:37 PM
System Uptime: 6/2/2013 4:26:04 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-880GMA-USB3
Processor: AMD Phenom™ II X4 955 Processor | Socket M2 | 3214/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 1286.961 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Etron USB 3.0 Extensible Root Hub
Device ID: ENUSB3\ROOT_HUB30\5&393B626&0&0002
Manufacturer: 
Name: Etron USB 3.0 Extensible Root Hub
PNP Device ID: ENUSB3\ROOT_HUB30\5&393B626&0&0002
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_00000000&REV_42\3&61AAA01&0&A0
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_00000000&REV_42\3&61AAA01&0&A0
Service: 
.
==== System Restore Points ===================
.
RP570: 3/5/2013 2:16:54 PM - System Checkpoint
RP571: 3/6/2013 2:46:07 PM - System Checkpoint
RP572: 3/7/2013 3:49:51 PM - System Checkpoint
RP573: 3/8/2013 5:11:24 PM - System Checkpoint
RP574: 3/8/2013 5:42:27 PM - Removed Java 7 Update 7
RP575: 3/9/2013 6:15:17 PM - System Checkpoint
RP576: 3/9/2013 6:33:20 PM - Removed Microsoft Office Outlook Connector
RP577: 3/10/2013 11:26:01 PM - Installed SmartFTP Client
RP578: 3/11/2013 2:59:39 PM - Unsigned driver install
RP579: 3/12/2013 8:21:37 PM - System Checkpoint
RP580: 3/13/2013 12:43:13 AM - Removed SmartFTP Client
RP581: 3/13/2013 3:00:24 AM - Software Distribution Service 3.0
RP582: 3/14/2013 1:58:43 PM - System Checkpoint
RP583: 3/15/2013 2:11:26 PM - System Checkpoint
RP584: 3/16/2013 2:54:43 PM - System Checkpoint
RP585: 3/17/2013 4:35:11 PM - System Checkpoint
RP586: 3/18/2013 6:54:30 PM - System Checkpoint
RP587: 3/20/2013 7:09:38 PM - System Checkpoint
RP588: 3/21/2013 8:38:58 PM - System Checkpoint
RP589: 3/22/2013 8:58:40 PM - System Checkpoint
RP590: 3/22/2013 9:46:01 PM - Unsigned driver install
RP591: 3/24/2013 12:25:22 PM - System Checkpoint
RP592: 3/25/2013 12:58:25 PM - System Checkpoint
RP593: 3/26/2013 2:02:09 PM - System Checkpoint
RP594: 3/27/2013 3:03:50 PM - System Checkpoint
RP595: 3/28/2013 3:59:06 PM - System Checkpoint
RP596: 3/29/2013 4:53:02 PM - System Checkpoint
RP597: 3/30/2013 7:59:12 PM - System Checkpoint
RP598: 3/31/2013 8:57:12 PM - System Checkpoint
RP599: 4/1/2013 4:38:34 AM - Software Distribution Service 3.0
RP600: 4/2/2013 5:15:12 AM - System Checkpoint
RP601: 4/3/2013 6:13:00 AM - System Checkpoint
RP602: 4/4/2013 7:11:13 AM - System Checkpoint
RP603: 4/4/2013 3:53:41 PM - Unsigned driver install
RP604: 4/4/2013 4:32:40 PM - Installed WebUpdater
RP605: 4/4/2013 5:01:00 PM - Unsigned driver install
RP606: 4/5/2013 5:56:22 PM - System Checkpoint
RP607: 4/6/2013 10:40:35 AM - Installed Actron Scanning Suite.
RP608: 4/6/2013 11:20:19 AM - Removed Actron Scanning Suite.
RP609: 4/6/2013 11:30:42 AM - Installed Actron Scanning Suite.
RP610: 4/6/2013 11:41:57 AM - Unsigned driver install
RP611: 4/7/2013 12:24:09 PM - System Checkpoint
RP612: 4/9/2013 12:14:41 AM - System Checkpoint
RP613: 4/10/2013 3:24:17 AM - System Checkpoint
RP614: 4/10/2013 10:35:02 PM - Software Distribution Service 3.0
RP615: 4/12/2013 12:08:02 AM - System Checkpoint
RP616: 4/13/2013 12:28:20 AM - System Checkpoint
RP617: 4/14/2013 1:01:02 AM - System Checkpoint
RP618: 4/15/2013 1:40:57 AM - System Checkpoint
RP619: 4/16/2013 2:31:45 AM - System Checkpoint
RP620: 4/17/2013 5:57:47 AM - System Checkpoint
RP621: 4/18/2013 9:36:44 AM - System Checkpoint
RP622: 4/19/2013 10:16:01 AM - System Checkpoint
RP623: 4/20/2013 11:13:06 AM - System Checkpoint
RP624: 4/21/2013 11:14:13 AM - System Checkpoint
RP625: 4/22/2013 12:11:37 PM - System Checkpoint
RP626: 4/23/2013 12:53:20 PM - System Checkpoint
RP627: 4/24/2013 5:39:52 PM - System Checkpoint
RP628: 4/25/2013 7:37:19 PM - System Checkpoint
RP629: 4/26/2013 10:04:36 PM - System Checkpoint
RP630: 4/28/2013 1:19:10 AM - System Checkpoint
RP631: 4/29/2013 1:32:18 AM - System Checkpoint
RP632: 4/30/2013 2:20:55 AM - System Checkpoint
RP633: 5/1/2013 2:51:19 AM - System Checkpoint
RP634: 5/2/2013 3:35:09 AM - System Checkpoint
RP635: 5/3/2013 4:34:16 AM - System Checkpoint
RP636: 5/4/2013 5:10:06 AM - System Checkpoint
RP637: 5/5/2013 6:04:58 AM - System Checkpoint
RP638: 5/6/2013 10:29:27 AM - System Checkpoint
RP639: 5/7/2013 11:03:57 AM - System Checkpoint
RP640: 5/7/2013 11:20:20 AM - Software Distribution Service 3.0
RP641: 5/8/2013 2:06:00 PM - System Checkpoint
RP642: 5/8/2013 9:31:55 PM - Unsigned driver install
RP643: 5/9/2013 11:13:24 PM - System Checkpoint
RP644: 5/11/2013 1:15:33 AM - System Checkpoint
RP645: 5/12/2013 1:41:55 AM - System Checkpoint
RP646: 5/13/2013 2:40:53 AM - System Checkpoint
RP647: 5/14/2013 3:39:44 AM - System Checkpoint
RP648: 5/15/2013 6:24:42 AM - System Checkpoint
RP649: 5/16/2013 3:00:29 AM - Software Distribution Service 3.0
RP650: 5/17/2013 3:42:47 AM - System Checkpoint
RP651: 5/18/2013 5:26:27 PM - System Checkpoint
RP652: 5/19/2013 5:28:54 PM - System Checkpoint
RP653: 5/20/2013 9:52:56 PM - System Checkpoint
RP654: 5/21/2013 10:22:33 PM - System Checkpoint
RP655: 5/23/2013 2:12:10 AM - System Checkpoint
RP656: 5/24/2013 1:56:05 AM - Installed Microsoft Visual C++ 2005 Redistributable - KB2467175
RP657: 5/25/2013 2:49:41 AM - System Checkpoint
RP658: 5/26/2013 3:15:10 AM - System Checkpoint
RP659: 5/26/2013 12:18:22 PM - Uniblue SpeedUpMyPC installation
RP660: 5/26/2013 11:32:52 PM - Removed Internet Explorer Toolbar 4.8 by SweetPacks
RP661: 5/27/2013 9:09:54 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP662: 5/27/2013 9:54:34 PM - Removed Google Earth.
RP663: 5/28/2013 1:27:54 PM - Removed Apple Software Update
RP664: 5/28/2013 1:31:01 PM - Configured Ulead VideoStudio
RP665: 5/28/2013 4:12:11 PM - Restore Operation
RP666: 5/28/2013 4:41:08 PM - Restore Operation
RP667: 5/28/2013 6:10:39 PM - Restore Operation
RP668: 5/30/2013 12:03:13 AM - Installed Windows XP Wdf01009.
RP669: 5/30/2013 3:03:41 PM - Installed Windows Resource Kit Tools
RP670: 5/30/2013 4:21:43 PM - Software Distribution Service 3.0
RP671: 5/30/2013 9:35:37 PM - Software Distribution Service 3.0
RP672: 6/2/2013 2:29:56 PM - System Checkpoint
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.4 (remove only)
Actron Scanning Suite
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Akamai NetSession Interface
Any Video Converter Professional 3.5.8
Apple Application Support
Apple Mobile Device Support
Audacity 2.0
Audible Download Manager
AudibleManager
Bing Rewards Client Installer
Bitdefender Total Security 2013
Bonjour
Canon Utilities CameraWindow DC 8
CaptureWizPro 5.20
CCleaner
Dell Driver Download Manager
eMusic Download Manager 6
FileZilla Client 3.6.0.2
freesteam IAPWS-IF97 steam tables library
Garmin BaseCamp
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Update
HPDiagnosticAlert
InterVideo DeviceService
iTunes
Java 7 Update 17
Java Auto Updater
JavaFX 2.1.0
Kits Configuration Installer
magicJack
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Visio 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Skype™ 6.3
Sony Vegas 5.0d
System Explorer 3.8.9
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WebLog Expert 8.0 beta 1
Winamp
Winamp Detector Plug-in
Windows Driver Kit
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports  (13/04/2009 1.03)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports  (01/07/2010 2.0.0)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
Windows Search 4.0
.
==== Event Viewer Messages From Past Week ========
.
6/2/2013 12:43:28 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM AppleCharger avc3 bdselfpr BDVEDISK Fips gzflt pxrts SBRE trufos
5/30/2013 12:07:40 PM, error: Service Control Manager [7022]  - The Bitdefender Virus Shield service hung on starting.
5/30/2013 1:47:29 PM, error: System Error [1003]  - Error code 1000008e, parameter1 c0000005, parameter2 806381aa, parameter3 a357eb74, parameter4 00000000.
5/30/2013 1:43:05 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the SafeBox service.
5/30/2013 1:09:19 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/29/2013 9:03:35 AM, error: Service Control Manager [7034]  - The HitmanPro Scheduler service terminated unexpectedly.  It has done this 1 time(s).
5/29/2013 9:02:01 AM, error: Service Control Manager [7034]  - The LexBce Server service terminated unexpectedly.  It has done this 1 time(s).
5/29/2013 9:01:21 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
5/29/2013 8:59:59 AM, error: Service Control Manager [7031]  - The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/29/2013 6:04:09 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/29/2013 11:31:10 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
5/29/2013 11:31:10 PM, error: Service Control Manager [7000]  - The COM+ System Application service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/29/2013 11:30:40 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
5/29/2013 11:07:36 PM, error: Service Control Manager [7034]  - The BitDefender Desktop Update Service service terminated unexpectedly.  It has done this 1 time(s).
5/29/2013 10:46:58 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WSearch service.
5/28/2013 9:46:38 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the YahooAUService service.
5/28/2013 9:46:38 PM, error: Service Control Manager [7000]  - The Yahoo! Updater service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 8:59:44 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
5/28/2013 8:59:44 PM, error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 8:59:43 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.
5/28/2013 8:59:43 PM, error: Service Control Manager [7000]  - The Ati HotKey Poller service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 7:09:59 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}
5/28/2013 6:56:59 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
5/28/2013 6:52:57 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/28/2013 6:52:20 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/28/2013 6:49:02 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/28/2013 6:25:50 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AmdPPM AppleCharger avc3 bdfsfltr bdftdif bdselfpr BDVEDISK Fips IPSec MRxSmb NetBIOS NetBT pxrts RasAcd Rdbss SBRE Tcpip trufos
5/28/2013 6:25:50 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
5/28/2013 6:25:50 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/28/2013 6:25:50 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/28/2013 6:25:50 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
5/28/2013 6:25:50 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/28/2013 6:25:50 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/28/2013 6:25:31 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/28/2013 5:42:15 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/28/2013 5:42:12 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM AppleCharger avc3 bdfsfltr bdselfpr BDVEDISK Fips pxrts SBRE trufos
5/28/2013 3:47:07 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/28/2013 3:47:07 PM, error: Service Control Manager [7000]  - The Application Layer Gateway Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 3:10:01 PM, error: Service Control Manager [7034]  - The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
5/28/2013 3:06:21 PM, error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
5/28/2013 2:44:25 PM, error: Service Control Manager [7000]  - The Media Center Extender Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 2:44:22 PM, error: Service Control Manager [7023]  - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated with the following error:  The class is configured to run as a security id different from the caller
5/28/2013 2:44:22 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
5/28/2013 2:44:22 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the McrdSvc service.
5/28/2013 2:44:22 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the  service.
5/28/2013 2:44:22 PM, error: Service Control Manager [7000]  - The Print Spooler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 2:07:09 AM, error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
5/28/2013 12:25:55 PM, error: Service Control Manager [7000]  - The HTTP SSL service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2013 12:25:54 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
5/28/2013 12:23:50 PM, error: Service Control Manager [7022]  - The Windows Search service hung on starting.
5/28/2013 12:22:01 PM, error: Service Control Manager [7022]  - The BitDefender Virus Shield service hung on starting.
5/28/2013 11:55:45 PM, error: PlugPlayManager [11]  - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
5/28/2013 1:24:10 AM, error: Dhcp [1002]  - The IP address lease 24.3.25.1 for the Network Card with network address 50E54933647D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2013 9:37:17 PM, error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
5/27/2013 9:36:23 PM, error: Service Control Manager [7034]  - The Media Center Scheduler Service service terminated unexpectedly.  It has done this 1 time(s).
5/27/2013 9:36:23 PM, error: Service Control Manager [7031]  - The Media Center Extender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/27/2013 9:35:48 PM, error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2013 9:33:41 PM, error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2013 8:52:14 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2013 8:50:29 PM, error: Service Control Manager [7034]  - The Ulead Burning Helper service terminated unexpectedly.  It has done this 1 time(s).
5/27/2013 8:50:08 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2013 8:50:03 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
5/27/2013 8:50:03 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the HitmanProScheduler service.
5/27/2013 8:50:03 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
5/27/2013 8:50:03 PM, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/27/2013 8:50:03 PM, error: Service Control Manager [7000]  - The Java Quick Starter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/27/2013 8:50:03 PM, error: Service Control Manager [7000]  - The DefaultTabUpdate service failed to start due to the following error:  The pipe has been ended.
5/26/2013 12:25:26 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
5/26/2013 12:25:26 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/26/2013 11:47:59 PM, error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
5/26/2013 11:44:04 PM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/26/2013 11:37:43 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
.
==== End Of File ===========================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 AM

Posted 02 June 2013 - 04:08 PM



Hello nc418

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nc418

nc418
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 June 2013 - 04:37 PM

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 17:17:39
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - NAME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knc90xt7.default-1369760584953\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.94
 
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [8412 octets] - [28/05/2013 21:31:56]
AdwCleaner[R2].txt - [1134 octets] - [02/06/2013 17:17:15]
AdwCleaner[S1].txt - [8416 octets] - [28/05/2013 21:35:49]
AdwCleaner[S2].txt - [1066 octets] - [02/06/2013 17:17:39]
 
########## EOF - C:\AdwCleaner[S2].txt - [1126 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Sun 06/02/2013 at 17:31:10.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/02/2013 at 17:35:12.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 AM

Posted 02 June 2013 - 04:57 PM


Hello nc418

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nc418

nc418
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 June 2013 - 04:57 PM

The computer is still lagging, by this I mean a slow start-up, icons take an unreasonable amount of time to load, programs especially browsers are slow, and overall computer performance has been greatly diminished since the Sweet Packs infection. 

Your assistance is greatly appreciated,

 

-nc418



#8 nc418

nc418
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 June 2013 - 05:42 PM

ComboFix 13-06-02.02 - Owner 06/02/2013  18:09:04.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3325.2733 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1369885592.bdinstall.bin
c:\windows\system32\SET62A.tmp
c:\windows\system32\SET62B.tmp
c:\windows\system32\SET62C.tmp
c:\windows\system32\SET62D.tmp
c:\windows\system32\SET62E.tmp
c:\windows\system32\SET62F.tmp
c:\windows\system32\SET630.tmp
c:\windows\system32\SET634.tmp
c:\windows\system32\SET64B.tmp
c:\windows\system32\SET64C.tmp
c:\windows\system32\SET64D.tmp
c:\windows\system32\SET64E.tmp
c:\windows\system32\SET64F.tmp
c:\windows\system32\SET650.tmp
c:\windows\system32\SET651.tmp
c:\windows\system32\SET652.tmp
c:\windows\system32\SET656.tmp
c:\windows\system32\SET6F5.tmp
c:\windows\system32\SET6F6.tmp
c:\windows\system32\SET6F7.tmp
c:\windows\system32\SET6F8.tmp
c:\windows\system32\SET6F9.tmp
c:\windows\system32\SET6FA.tmp
c:\windows\system32\SET6FB.tmp
c:\windows\system32\SET6FC.tmp
c:\windows\system32\SET7B8.tmp
c:\windows\system32\SET7B9.tmp
c:\windows\system32\SET7BA.tmp
c:\windows\system32\SET7BB.tmp
c:\windows\system32\SET7BC.tmp
c:\windows\system32\SET7BD.tmp
c:\windows\system32\SET7BE.tmp
c:\windows\system32\SET7BF.tmp
c:\windows\system32\SET7C4.tmp
c:\windows\system32\SET7C5.tmp
c:\windows\system32\SET7C6.tmp
c:\windows\system32\SET7C7.tmp
c:\windows\system32\SET7C8.tmp
c:\windows\system32\SET7C9.tmp
c:\windows\system32\SET7CA.tmp
c:\windows\system32\SET7CB.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET962.tmp
c:\windows\system32\SET963.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-02 to 2013-06-02  )))))))))))))))))))))))))))))))
.
.
2013-06-02 21:49 . 2013-06-02 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Dumps
2013-06-02 14:45 . 2013-06-02 21:25 17488 ----a-w- c:\windows\gdrv.sys
2013-05-30 19:03 . 2013-05-30 19:03 -------- d-----w- c:\program files\Windows Resource Kits
2013-05-30 18:37 . 2013-05-30 18:37 -------- d-----w- c:\program files\Common Files\Microsoft
2013-05-30 18:31 . 2013-05-30 18:31 -------- d-----w- c:\program files\Windows Kits
2013-05-30 18:04 . 2013-05-30 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2013-05-30 04:01 . 2012-04-17 18:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-05-30 04:01 . 2013-02-22 23:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2013-05-30 04:01 . 2012-11-12 22:11 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-05-30 04:01 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2013-05-30 04:01 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-05-30 04:00 . 2012-11-02 18:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-05-30 04:00 . 2013-04-17 18:59 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-05-30 04:00 . 2013-04-17 18:59 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-05-30 03:57 . 2013-05-30 03:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Bitdefender
2013-05-30 03:57 . 2013-05-30 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2013-05-30 03:46 . 2012-10-04 18:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-05-30 03:46 . 2013-05-30 04:33 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-30 03:46 . 2013-05-30 03:57 -------- d-----w- c:\program files\Bitdefender
2013-05-30 03:45 . 2013-05-30 03:46 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-05-30 02:53 . 2013-05-30 02:53 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-05-29 02:00 . 2013-05-29 02:00 -------- d-----w- c:\windows\ERUNT
2013-05-29 01:57 . 2013-06-02 21:29 -------- d-----w- C:\JRT
2013-05-28 22:00 . 2013-05-28 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2013-05-28 19:22 . 2012-06-02 19:18 214256 ----a-w- c:\windows\system32\muweb.dll
2013-05-28 18:26 . 2013-05-28 18:26 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2013-05-28 02:36 . 2013-05-28 02:36 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-05-28 02:36 . 2013-05-28 02:36 131720 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2013-05-26 16:25 . 2013-05-26 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-05-26 16:25 . 2013-05-27 03:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-05-10 01:24 . 2013-05-10 01:24 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-02 21:25 . 2011-10-27 03:18 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-06-02 16:33 . 2011-10-27 08:57 17488 ----a-w- c:\windows\etdrv.sys
2013-05-15 18:42 . 2012-04-06 01:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 18:42 . 2011-10-27 06:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-10 11:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2012-06-16 16:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 22:42 . 2013-03-08 22:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-08 22:42 . 2012-05-23 01:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-08 22:42 . 2011-12-11 20:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 22:42 . 2011-12-11 20:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-08 08:36 . 2004-08-10 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2005-03-30 01:21 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2005-03-30 01:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-10 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 11:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2004-08-10 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2004-08-10 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 02:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2004-08-10 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-02-27 19:42 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-02-27 19:42 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-02-27 19:42 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-02-27 19:42 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-27 98304]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-04-24 1611784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="del" [X]
"{91140000-0057-0000-0000-0000000FF1CE}"="del" [X]
"{90140000-001A-0409-0000-0000000FF1CE}"="del" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopArcadeHits292]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopArcadeHits547]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopArcadeHits675]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopArcadeHits764]
reg delete HKCU\Software\AppDataLow\Software\toparcadehitsconfig [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 17:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2011-10-27 04:23 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 18:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-21 01:03 719672 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2012-03-07 17:46 79872 ----a-w- c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 19:19 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemExplorerAutoStart]
2012-06-18 11:42 2610648 ----a-w- c:\program files\System Explorer\SystemExplorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopArcadeHits535]
2013-05-23 05:44 825808 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2010-04-20 14:18 222504 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
"5060:UDP"= 5060:UDP:MJ1
"5070:UDP"= 5070:UDP:MJ2
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [5/30/2013 12:00 AM 633344]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [5/29/2013 11:46 PM 162976]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [10/26/2011 11:05 PM 18544]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [5/30/2013 12:01 AM 72704]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/28/2013 2:26 PM 76696]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [10/26/2011 11:10 PM 22016]
R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [5/30/2013 12:01 AM 82824]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [5/30/2013 12:01 AM 55984]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [10/27/2011 6:05 PM 101392]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [5/30/2013 12:00 AM 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [5/30/2013 12:00 AM 486536]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [5/30/2013 12:01 AM 116560]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [1/26/2011 1:41 AM 52224]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/26/2011 11:21 PM 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [5/30/2013 12:01 AM 66392]
S3 etdrv;etdrv;c:\windows\etdrv.sys [10/27/2011 4:57 AM 17488]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [1/26/2011 1:41 AM 32256]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [5/29/2013 10:53 PM 30464]
S3 MDE;MDE;c:\docume~1\Owner\LOCALS~1\Temp\MDE.exe --> c:\docume~1\Owner\LOCALS~1\Temp\MDE.exe [?]
S3 QDKVCRW;QDKVCRW;c:\docume~1\Owner\LOCALS~1\Temp\QDKVCRW.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QDKVCRW.exe [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [10/26/2011 11:11 PM 36384]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [10/26/2011 11:11 PM 17536]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [6/16/2012 10:00 PM 558040]
S3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [7/25/2012 7:04 PM 94208]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [5/30/2013 12:01 AM 62688]
SUnknown GVTDrv;GVTDrv; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 12:07 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-02 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2013-05-30 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2013-05-30 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2013-06-02 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-28 03:32]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-28 03:32]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1644491937-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-03-03 22:57]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1644491937-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-03-03 22:57]
.
2013-05-30 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\hp deskjet 1000 j110 series\bin\hpwebreg.exe [2010-11-17 01:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: magicjack.com\data
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com
Trusted Zone: talk4free.com\reg
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\knc90xt7.default-1369760584953\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-02 18:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,f0,b0,c3,da,14,fe,4b,a3,f8,0a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,f0,b0,c3,da,14,fe,4b,a3,f8,0a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-06-02  18:41:13
ComboFix-quarantined-files.txt  2013-06-02 22:41
ComboFix2.txt  2013-05-29 09:45
ComboFix3.txt  2011-12-24 00:05
.
Pre-Run: 1,381,790,334,976 bytes free
Post-Run: 1,381,873,659,904 bytes free
.
- - End Of File - - 691F33D00CBC8BB6B812EE78A6B71FC5


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 AM

Posted 02 June 2013 - 09:29 PM



Hello nc418

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 nc418

nc418
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 June 2013 - 12:43 PM

OTL logfile created on: 6/3/2013 1:28:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.57% Memory free
5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 1286.99 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
 
Computer Name: NAME | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\downloader.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttpph.mdl ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttpdsp.mdl ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttprbl.mdl ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00013_002\ashttpbr.mdl ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\ui\imsecurityal.ui ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\ui\accessl.ui ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender Safebox\system.data.sqlite.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\IZArc\IZArcCM.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBAPP5C.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (QDKVCRW) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\QDKVCRW.exe File not found
SRV - (MDE) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\MDE.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Te.Service) -- C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
SRV - (SystemExplorerHelpService) -- C:\Program Files\System Explorer\service\SystemExplorerService.exe (Mister Group)
SRV - (AppleChargerSrv) -- C:\WINDOWS\system32\AppleChargerSrv.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (etdrv) -- C:\WINDOWS\etdrv.sys (Windows ® 2000 DDK provider)
DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (Bdfndisf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys (BitDefender LLC)
DRV - (BDSandBox) -- C:\WINDOWS\system32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (avchv) -- C:\WINDOWS\system32\drivers\avchv.sys (BitDefender)
DRV - (gzflt) -- C:\WINDOWS\system32\drivers\gzflt.sys (BitDefender LLC)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)
DRV - (BDVEDISK) -- C:\WINDOWS\system32\drivers\bdvedisk.sys (BitDefender)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (EtronXHCI) -- C:\WINDOWS\system32\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV - (EtronHub3) -- C:\WINDOWS\system32\drivers\EtronHub3.sys (Etron Technology Inc)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (AppleCharger) -- C:\WINDOWS\system32\drivers\AppleCharger.sys ()
DRV - (RTLTEAMING) -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS (Realtek Semiconductor Corporation)
DRV - (RtNdPt5x) -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys (Realtek Semiconductor Corporation                           )
DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..\SearchScopes\{155276F4-D2A3-E016-B329-F646B1D9E78C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGAIDF&install_date=20111104&iesrc={referrer:source}
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-220523388-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files\eMusic Download Manager 6\npEMusic603.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/29 21:10:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 21:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/27 21:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/05/30 00:01:25 | 000,000,000 | ---D | M]
 
[2012/12/06 23:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/12/06 23:11:57 | 000,000,000 | ---D | M] (Special Savings) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com
[2013/05/28 13:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3h64jh.default\extensions
[2013/05/28 13:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3h64jh.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/05/24 22:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/24 22:19:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/28 11:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: eMusicPlugin DLM6 (Enabled) = C:\Program Files\eMusic Download Manager 6\npEMusic603.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/06/02 18:32:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files\Gigabyte\ET6\ETcall.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [{91140000-0057-0000-0000-0000000FF1CE}] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{91140000-0057-0000-0000-0000000FF1CE}] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..Trusted Domains: magicjack.com ([data] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..Trusted Domains: talk4free.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340490372000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB0477EF-93C6-4D09-AC3A-BFA9EE9A71EF}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/18 01:34:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/10/26 22:15:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/03 13:13:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/06/02 18:06:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/02 18:06:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/02 18:06:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/02 18:06:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/02 17:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dumps
[2013/06/02 16:42:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2013/06/02 10:45:22 | 000,017,488 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013/05/30 15:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Resource Kit Tools
[2013/05/30 15:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2013/05/30 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Kits
[2013/05/30 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft
[2013/05/30 14:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Kits
[2013/05/30 14:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/05/30 12:42:09 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\RootkitRevealer.exe
[2013/05/30 01:56:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/05/30 00:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2013
[2013/05/30 00:01:31 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys
[2013/05/30 00:01:23 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\capicom.dll
[2013/05/30 00:01:23 | 000,116,560 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2013/05/30 00:01:23 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2013/05/30 00:01:06 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll
[2013/05/30 00:00:24 | 000,242,504 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2013/05/30 00:00:16 | 000,486,536 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2013/05/30 00:00:08 | 000,633,344 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2013/05/29 23:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Bitdefender
[2013/05/29 23:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2013/05/29 23:46:55 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
[2013/05/29 23:46:50 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2013/05/29 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/05/29 23:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/05/28 22:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/28 21:57:24 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/28 21:57:00 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/05/28 18:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2013/05/28 14:26:45 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2013/05/28 13:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Old Firefox Data
[2013/05/28 11:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bikestuff
[2013/05/28 11:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Daemons
[2013/05/27 22:36:54 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/05/27 22:36:49 | 000,131,720 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2013/05/26 14:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sharebuilder
[2013/05/26 12:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/05/26 12:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/24 22:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/24 00:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/09 21:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/05/05 18:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ACA Maps
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/03 13:13:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/06/03 13:07:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 13:01:55 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2013/06/03 13:01:44 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013/06/03 13:01:08 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 12:55:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/02 19:45:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1644491937-725345543-1003UA.job
[2013/06/02 18:32:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/02 16:42:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2013/06/02 14:00:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/06/02 12:33:51 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\etdrv.sys
[2013/06/02 10:10:13 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/06/02 01:15:30 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini
[2013/06/01 20:53:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/30 21:54:16 | 000,527,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/30 21:54:16 | 000,096,690 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/30 13:18:11 | 006,594,560 | ---- | M] () -- C:\WINDOWS\System32\WYVO
[2013/05/30 12:47:03 | 006,586,368 | ---- | M] () -- C:\WINDOWS\System32\HTGCEF
[2013/05/30 12:06:02 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2013/05/30 12:00:37 | 000,590,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/30 00:33:31 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2013/05/30 00:03:36 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2013.lnk
[2013/05/30 00:03:36 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
[2013/05/29 23:55:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/05/29 22:53:26 | 000,030,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/29 20:56:00 | 000,000,550 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2013/05/29 20:40:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/05/29 19:12:24 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HP Printer Diagnostic Tools.url
[2013/05/29 13:59:06 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130529_135858.reg
[2013/05/29 08:45:17 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1644491937-725345543-1003Core.job
[2013/05/29 08:34:55 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 08:34:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2013/05/29 05:59:51 | 000,006,238 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130529_055948.reg
[2013/05/28 21:57:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/05/28 21:30:27 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
[2013/05/28 19:13:54 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/28 14:26:45 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2013/05/28 14:21:40 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_142116.reg
[2013/05/28 14:20:21 | 000,000,364 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_142002.reg
[2013/05/28 14:19:41 | 000,005,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_141646.reg
[2013/05/28 13:25:04 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_132502.reg
[2013/05/28 13:24:32 | 000,001,154 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_132430.reg
[2013/05/28 13:23:12 | 000,009,014 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_132302.reg
[2013/05/27 22:36:49 | 000,131,720 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2013/05/27 22:36:12 | 000,256,904 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/05/27 21:15:11 | 000,001,070 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130527_211508.reg
[2013/05/27 17:11:33 | 000,001,246 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130527_165931.reg
[2013/05/26 23:48:17 | 000,003,664 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fss.reg
[2013/05/26 12:04:01 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010.lnk
[2013/05/25 23:08:27 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130525_230824.reg
[2013/05/25 22:54:29 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2013/05/24 23:13:46 | 000,749,020 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tornadoproof.br7
[2013/05/24 01:54:14 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2013/05/16 12:11:07 | 000,013,876 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\l.jpg
[2013/05/16 12:08:12 | 000,035,820 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tn.jpg
[2013/05/16 12:03:34 | 000,060,983 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_Eve_o0123copy-3-1.jpg
[2013/05/16 12:00:29 | 000,080,526 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Enochian.jpg
[2013/05/16 11:41:07 | 000,040,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ref.goetia_144.jpg
[2013/05/16 06:54:17 | 000,003,874 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beachball119.jpg
[2013/05/16 06:27:14 | 000,073,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USR5686G-DT-unit.jpg
[2013/05/16 05:56:08 | 000,389,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\instantamericagraphic.jpg
[2013/05/15 14:42:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 14:42:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/14 13:29:26 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk
[2013/05/09 21:24:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/05/09 01:54:39 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130509_015437.reg
[2013/05/07 00:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/02 18:06:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/02 18:06:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/02 18:06:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/02 18:06:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/02 18:06:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/30 14:45:26 | 001,798,905 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1644491937-725345543-1003-0.dat
[2013/05/30 14:45:25 | 000,577,386 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/05/30 13:17:31 | 006,594,560 | ---- | C] () -- C:\WINDOWS\System32\WYVO
[2013/05/30 12:46:57 | 006,586,368 | ---- | C] () -- C:\WINDOWS\System32\HTGCEF
[2013/05/30 12:42:09 | 000,102,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootkitRevealer.chm
[2013/05/30 12:06:02 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2013/05/30 11:47:07 | 000,590,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/30 00:03:36 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2013.lnk
[2013/05/30 00:03:35 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
[2013/05/29 22:53:26 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/29 20:55:59 | 000,000,550 | ---- | C] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2013/05/29 19:12:24 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HP Printer Diagnostic Tools.url
[2013/05/29 13:59:04 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130529_135858.reg
[2013/05/29 05:59:50 | 000,006,238 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130529_055948.reg
[2013/05/28 21:30:10 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
[2013/05/28 14:21:38 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_142116.reg
[2013/05/28 14:20:19 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_142002.reg
[2013/05/28 14:19:37 | 000,005,696 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_141646.reg
[2013/05/28 13:25:03 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_132502.reg
[2013/05/28 13:24:31 | 000,001,154 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_132430.reg
[2013/05/28 13:23:09 | 000,009,014 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130528_132302.reg
[2013/05/27 21:15:10 | 000,001,070 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130527_211508.reg
[2013/05/27 17:11:28 | 000,001,246 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130527_165931.reg
[2013/05/26 23:48:16 | 000,003,664 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fss.reg
[2013/05/25 23:08:26 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130525_230824.reg
[2013/05/24 02:19:50 | 000,749,020 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tornadoproof.br7
[2013/05/16 12:11:07 | 000,013,876 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\l.jpg
[2013/05/16 12:08:12 | 000,035,820 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tn.jpg
[2013/05/16 12:03:34 | 000,060,983 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_Eve_o0123copy-3-1.jpg
[2013/05/16 12:00:29 | 000,080,526 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Enochian.jpg
[2013/05/16 11:41:07 | 000,040,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ref.goetia_144.jpg
[2013/05/16 06:54:17 | 000,003,874 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\beachball119.jpg
[2013/05/16 06:27:14 | 000,073,400 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USR5686G-DT-unit.jpg
[2013/05/16 05:56:08 | 000,389,708 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\instantamericagraphic.jpg
[2013/05/09 01:54:39 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130509_015437.reg
[2013/03/16 13:58:44 | 000,329,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/11 14:18:23 | 000,004,849 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2013/02/24 14:08:23 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Owner\ntuser.pol
[2012/12/07 15:48:44 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Owner\Application Datauser_gensett.xml
[2012/11/29 14:23:56 | 000,123,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/06/25 12:48:01 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012/06/25 11:54:20 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2012/04/26 15:45:26 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2012/04/26 15:45:26 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2012/04/26 15:45:26 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2012/04/26 15:45:26 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2012/04/26 15:45:26 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2012/04/26 15:45:26 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2012/04/25 08:54:42 | 000,426,496 | ---- | C] () -- C:\WINDOWS\System32\STLibWrapper.dll
[2012/04/25 08:54:42 | 000,204,884 | ---- | C] () -- C:\WINDOWS\System32\spxusb.dll
[2012/04/25 08:54:42 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2012/04/16 20:09:24 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/02/15 23:33:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/30 18:31:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/30 18:31:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/14 19:29:28 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/31 01:10:18 | 000,025,704 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2011/10/31 01:10:10 | 000,447,592 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2011/10/31 01:00:42 | 000,025,704 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2011/10/27 19:22:22 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 17:37:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/27 04:59:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/10/27 01:55:49 | 000,000,443 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2011/10/27 01:55:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2011/10/27 01:55:12 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2011/10/27 00:21:51 | 000,000,336 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2011/10/26 23:30:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 23:18:34 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2011/10/26 23:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/26 23:05:21 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
[2011/10/26 23:05:21 | 000,018,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2011/10/26 22:57:35 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/10/26 22:42:42 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2011/10/26 22:42:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2011/10/26 22:29:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2011/10/26 22:18:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/26 22:11:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/23 20:17:02 | 000,066,664 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
 
========== ZeroAccess Check ==========
 
[2011/10/26 22:11:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 

 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 AM

Posted 03 June 2013 - 09:53 PM

Hello nc418

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O3 - HKU\S-1-5-21-220523388-1644491937-725345543-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    [2013/05/30 13:18:11 | 006,594,560 | ---- | M] () -- C:\WINDOWS\System32\WYVO
    [2013/05/30 12:47:03 | 006,586,368 | ---- | M] () -- C:\WINDOWS\System32\HTGCEF
    
    :Files
    ipconfig /flushdns /c
    :files
    C:\windows\tasks\At*.job
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.


Let me know How things are doing

Gringo

Edited by gringo_pr, 03 June 2013 - 09:53 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nc418

nc418
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 June 2013 - 10:27 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
C:\WINDOWS\system32\WYVO moved successfully.
C:\WINDOWS\system32\HTGCEF moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Owner
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 41620 bytes
 
User: LocalService
 
User: NetworkService
->Flash cache emptied: 13332 bytes
 
User: Owner
->Flash cache emptied: 9168516 bytes
 
Total Flash Files Cleaned = 9.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_230332
 

 

 

The document did not pop-up after restart as requested. The computer is slow on start-up and the icons still took a long period of time to load. Programs are still overall running slow and taking a long time to run. When I open new tabs on Google Chrome it takes a long period of time. Audio and video on websites still isn't working properly. 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 AM

Posted 03 June 2013 - 10:29 PM


Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 nc418

nc418
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 June 2013 - 10:54 PM

Gringo,

 

The reset has completely fixed all of the aforementioned issues. Thank you for your time and assistance in resolving this problem. Is there anything else that I need to do?

Appreciative,

 

-nc418



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:31 AM

Posted 03 June 2013 - 11:11 PM


Hello nc418

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users