Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSODs-Random, on shutdown, and always in a browser


  • This topic is locked This topic is locked
41 replies to this topic

#1 mtbow

mtbow

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 20 March 2014 - 04:00 PM

I've been dealing with this for nearly 3 years.  Thought it was just bad components, but could never narrow it down, but really trying to nip it in the bud before April 8th because the operating system is xp pro and because it's tax season.  I've used norton internet security for years and had run malwarebytes and spybot along side, but now they can't complete scans and often result in bsod.  Malwarebytes is shutdown when scanning or bsod's.  Malwarebytes rootkit found some zeroaccess, but I'm convinced there's more.  Browsers still crashing.  Ran a gmer scan and I don't know what to do with it yet, 4 items that may indicate something, but may also be normal from what I know about my system.

 

It can be relatively stable as long as I don't access the internet.  I uninstalled google chrome as it kept getting progressively worse so that just opening it guaranteed an instant BSOD.  Also, I can almost guarantee a BSOD on shutdown if I click the turn off and the screen pops up with a choice to sleep? or turn off, or restart.  It will crash when the background is fading from color to b&w.

 

One last thing, for the longest time, if I searched for a file with explorer it would be in an endless loop, so if the file was found in c:\windows\system32, this file would be repeated until the search was canceled, so I theoretically could have the same file listed 100 times.  Removing the 2 files that had the zeroaccess problem at least cleared that up.  Also, Norton Bootable recovery keeps identifying a w32.tiot infection, but the scan can never complete to get an option to remove.

 

Thank you for your assistance.

 

mtbow

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by HP_Administrator at 9:17:19 on 2014-03-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1462 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\HP_ADM~1.MTB\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\HP_ADM~1.MTB\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://finance.yahoo.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uProxyServer = 192.168.0.5:8080
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - 
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - 
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - 
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - 
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCDrProfiler] <no file>
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\apcups~1.lnk - c:\program files\apc\powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - 
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352963105140
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353379382806
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.unmc.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2D3790EF-7D0B-45B7-B27E-9B58F851F438} : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - c:\windows\system32\eztoolslib2.dll
Notify: AtiExtEvent - <no file>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2013-3-3 102728]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 APC Data Service;APC Data Service;c:\program files\apc\powerchute personal edition\dataserv.exe [2012-1-24 21880]
RUnknown mbamchameleon;mbamchameleon; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\pc-doctor 5 for windows\atixpgaa.sys --> c:\program files\pc-doctor 5 for windows\ATIXPGAA.SYS [?]
S3 BWPWPEDCM;BWPWPEDCM;c:\docume~1\hp_adm~1.mtb\locals~1\temp\bwpwpedcm.exe --> c:\docume~1\hp_adm~1.mtb\locals~1\temp\BWPWPEDCM.exe [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-2-5 47416]
S3 NEOFLTR_730_24657;Juniper Networks TDI Filter Driver (NEOFLTR_730_24657);c:\windows\system32\drivers\NEOFLTR_730_24657.SYS [2013-11-22 92264]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2005-9-7 21120]
S3 PORTMON;PORTMON;\??\c:\src\utility\ms-sysinternalssuite\sysinternalssuite\portmsys.sys --> c:\src\utility\ms-sysinternalssuite\sysinternalssuite\PORTMSYS.SYS [?]
S3 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-2-23 4915040]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2014-2-23 25088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-03-20 13:47:29 0 ----a-w- c:\windows\system32\drivers\UPHCLEANHLP.SYS
2014-03-19 08:21:32 -------- d-----w- c:\documents and settings\hp_administrator.mtbnew\local settings\application data\LogMeInIgnition
2014-03-19 05:47:55 -------- d-----w- c:\documents and settings\hp_administrator.mtbnew\application data\SUPERAntiSpyware.com
2014-03-19 05:47:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-03-19 05:47:08 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-03-17 13:31:53 401408 ----a-w- c:\windows\system32\rpcss.dll
2014-03-17 12:14:38 10711040 ---ha-w- c:\documents and settings\hp_administrator.mtbnew\ntuser.tmp
2014-03-17 11:40:15 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2014-03-17 11:40:15 165496 ----a-w- c:\windows\system32\dllcache\e100b325.sys
2014-03-17 04:18:36 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2014-03-17 04:18:36 -------- d-----w- c:\program files\Belarc
2014-03-14 18:47:38 -------- d-----w- c:\program files\UPHClean
2014-03-14 04:40:54 -------- d-----w- c:\program files\ESET
2014-03-13 02:44:59 87608 ----a-w- c:\documents and settings\hp_administrator.mtbnew\application data\inst.exe
2014-03-13 02:44:59 47360 ----a-w- c:\documents and settings\hp_administrator.mtbnew\application data\pcouffin.sys
2014-03-13 02:23:00 -------- d-----w- c:\documents and settings\hp_administrator.mtbnew\application data\Picturenaut
2014-03-12 20:40:21 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2014-03-12 20:40:13 -------- d-----w- C:\temp
2014-03-12 20:14:33 36864 ------w- c:\windows\system32\KmRemove.exe
2014-03-12 14:19:16 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-12 14:19:16 13312 ------w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-08 05:19:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-03-07 01:35:02 -------- d-----w- C:\NBRT
2014-03-06 01:12:21 209184 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-06 01:12:21 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2014-03-06 01:12:21 15693600 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-06 01:12:21 144160 ----a-w- c:\windows\system32\nvcolor.exe
2014-03-06 01:12:20 54272 ----a-w- c:\windows\system32\nvwddi.dll
2014-03-06 01:11:53 57344 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-06 01:11:48 1114168 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-03-06 01:11:48 1114168 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-03-06 01:10:46 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-03-06 01:10:46 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-03-06 01:10:45 128672 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2014-03-06 01:10:35 6324224 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-06 01:10:34 21372928 ----a-w- c:\windows\system32\nvoglnt.dll
2014-03-06 01:10:33 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2014-03-06 01:10:33 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2014-03-06 01:06:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-03-06 00:58:24 3993088 ----a-w- c:\windows\system32\SET11.tmp
2014-03-05 20:37:30 2794272 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-05 20:37:30 2568704 ----a-w- c:\windows\system32\nvapi.dll
2014-03-05 20:37:28 7700480 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-05 20:37:28 2007328 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-05 20:37:27 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-05 18:59:59 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2014-03-03 20:24:06 -------- d-----w- C:\spoolerlogs
2014-03-03 03:42:59 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-03 03:24:12 -------- d-----w- C:\NVIDIA
2014-02-24 03:50:12 19448 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2014-02-24 03:49:09 -------- d-----w- c:\documents and settings\hp_administrator.mtbnew\application data\TeamViewer
2014-02-24 03:48:53 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2014-02-24 03:48:50 -------- d-----w- c:\program files\TeamViewer
.
==================== Find3M  ====================
.
2014-03-20 13:20:06 1080 ----a-w- c:\windows\AUTOLNCH.REG
2014-03-17 08:34:04 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2014-03-04 03:42:18 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-10 23:46:58 30208 ----a-w- c:\windows\system32\PcdControlPanel.cpl
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH:  9:19:04.96 ===============
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit quick scan 2014-03-20 14:58:02
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3400832AS rev.3.03 372.61GB
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1.MTB\LOCALS~1\Temp\kwldypog.sys
 
 
---- Disk sectors - GMER 2.1 ----
 
Disk            \Device\Harddisk0\DR0                                unknown MBR code
 
---- System - GMER 2.1 ----
 
Code            \WINDOWS\system32\ntkrnlpa.exe[PAGEVRFY] [80659088]  pIofCallDriver
Code            \WINDOWS\system32\ntkrnlpa.exe[PAGEVRFY] [8065971E]  pIofCompleteRequest
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \FileSystem\Fastfat \Fat                             fltmgr.sys
 
---- EOF - GMER 2.1 ----

 



BC AdBot (Login to Remove)

 


m

#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:46 AM

Posted 24 March 2014 - 12:59 AM

Hi, mtbow! I'm going to try to help you out. :)
 
Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer without asking me first! This will make it practically impossible for me to assist you.
  • Please don't run things without asking me first, this will also make it impossible for me to help you.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

I don't see anything in your logs that pops out at the moment, but I am going to have you run a scan and get a log with a different tool that I can use to start helping you more efficiently. :)

 

Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 mtbow

mtbow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 24 March 2014 - 09:57 PM

Gunto-

 

Thank you for your assistance.  Before your response, I had ran combofix and some others, however, I still cannot complete an anti-virus scan.  My last attempt was Microsoft's safety scanner.  It ran all last night, over 2MM files I think.  It found 6 infections, probably in compressed files.  Anyway it BSOD'd.  I'm currently operating on 2 sticks of ram (1GB each).  I had done that thinking that the Norton Bootable Recovery would reveal my ram was bad.  NBRT still detects w32.tiot and shuts down and reboots and never completes a scan.  Malwarebytes also shuts down before completing a scan.  I could add more, but now that I have you to analyze, I'll let you lead the way.  Here are the 2 text files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by HP_Administrator (administrator) on MTBNEW on 24-03-2014 21:42:23
Running from C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15693600 2013-09-12] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-09-12] ()
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [209184 2013-09-12] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\CLOAKER.EXE (No File)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20ACD5BE778CCE01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.unmc.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll (Microsoft Corporation)
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\WINDOWS\system32\eztoolslib2.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Mozilla\Firefox\Profiles\j6khc6sh.FF 26
FF Homepage: about:home
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://finance.yahoo.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.4.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX® Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-12]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-12]
CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-12]
CHR Extension: (AdBlock) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-16]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njgpiocdhdmnglomggfjkkonjjfahnom [2014-02-07]
CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-03-19]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-12]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
S3 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [73728 2007-08-09] (HP)
S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [67056 2007-01-18] (Ulead Systems, Inc.)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider)
S3 BWPWPEDCM; C:\DOCUME~1\HP_ADM~1.MTB\LOCALS~1\Temp\BWPWPEDCM.exe [X]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [87040 2005-08-22] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [536576 2005-08-22] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [157696 2005-08-22] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [548352 2005-08-22] (Creative Technology Ltd)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [751616 2005-08-22] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [153088 2005-08-22] (Creative Technology Ltd)
R3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [178688 2005-08-22] (Creative Technology Ltd)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-22] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-22] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-22] (HP)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-03-23] (Malwarebytes Corporation)
R0 MxEFUF; C:\WINDOWS\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [31048 2013-04-05] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NEOFLTR_730_24657; C:\WINDOWS\system32\Drivers\NEOFLTR_730_24657.SYS [92264 2013-04-15] (Juniper Networks)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2011-11-29] (PalmSource, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 ATIXPGAA; \??\C:\Program Files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [X]
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1.MTB\LOCALS~1\Temp\catchme.sys [X]
S3 COMMONFX; system32\drivers\COMMONFX.SYS [X]
S3 COMMONFX.SYS; \SystemRoot\System32\drivers\COMMONFX.SYS [X]
S3 CTAUDFX; system32\drivers\CTAUDFX.SYS [X]
S3 CTAUDFX.SYS; \SystemRoot\System32\drivers\CTAUDFX.SYS [X]
S4 ftsata2; \SystemRoot\system32\DRIVERS\ftsata2.sys [X]
S3 PCD5SRVC{085326CB-51A3560A-05010003}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PORTMON; \??\C:\SRC\Utility\MS-SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-24 21:42 - 2014-03-24 21:42 - 00020878 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.txt
2014-03-24 21:42 - 2014-03-24 21:42 - 00000000 ____D () C:\FRST
2014-03-24 21:40 - 2014-03-24 21:40 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.exe
2014-03-24 21:21 - 2014-03-24 21:21 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-03-24 19:51 - 2014-03-24 19:51 - 00018150 _____ () C:\ComboFix.txt
2014-03-24 10:52 - 2014-03-24 10:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-02.dmp
2014-03-24 08:43 - 2014-03-24 08:43 - 00005815 _____ () C:\Documents and Settings\All Users\Documents\pspbrwse.jbf
2014-03-24 08:34 - 2014-03-24 08:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-01.dmp
2014-03-23 20:57 - 2014-03-23 20:57 - 00019464 _____ () C:\ComboFix-01.txt
2014-03-23 20:18 - 2014-03-23 20:18 - 00000000 _RSHD () C:\cmdcons
2014-03-23 20:15 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-23 20:15 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-23 20:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-23 20:14 - 2014-03-24 19:51 - 00000000 ____D () C:\Qoobox
2014-03-23 20:14 - 2014-03-23 20:56 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-23 20:13 - 2014-03-23 23:34 - 05192353 ____R (Swearware) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ComboFix.exe
2014-03-23 18:08 - 2014-03-23 18:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-07.dmp
2014-03-23 17:56 - 2014-03-23 17:56 - 00003109 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_175611.txt
2014-03-23 17:49 - 2014-03-23 22:17 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-23 15:50 - 2014-03-23 15:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-06.dmp
2014-03-23 14:47 - 2014-03-23 14:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-05.dmp
2014-03-23 14:35 - 2014-03-23 14:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-04.dmp
2014-03-23 14:24 - 2014-03-23 14:24 - 00003085 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142452.txt
2014-03-23 14:24 - 2014-03-23 14:24 - 00003040 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142423.txt
2014-03-23 14:22 - 2014-03-23 14:22 - 00003006 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142203.txt
2014-03-23 14:20 - 2014-03-23 14:20 - 00002982 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142015.txt
2014-03-23 14:12 - 2014-03-23 14:12 - 00002937 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_141224.txt
2014-03-23 13:32 - 2014-03-23 13:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-03.dmp
2014-03-23 12:56 - 2014-03-23 12:56 - 00070696 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Extras.Txt
2014-03-23 12:55 - 2014-03-23 12:55 - 00143046 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.Txt
2014-03-23 12:45 - 2014-03-23 12:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.exe
2014-03-23 12:29 - 2014-03-23 12:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-02.dmp
2014-03-23 12:21 - 2014-03-23 12:21 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-01.dmp
2014-03-23 11:50 - 2014-03-23 11:50 - 00001823 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-23 08:26 - 2014-03-23 08:26 - 00005628 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal-20140322-2026.txt
2014-03-22 22:30 - 2014-03-22 22:30 - 00005628 _____ () C:\RootRepeal report 03-22-14 (22-30-23).txt
2014-03-22 22:09 - 2014-03-23 08:22 - 00000015 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\settings.dat
2014-03-22 22:08 - 2014-03-22 22:08 - 00472064 _____ ( ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal.exe
2014-03-22 21:57 - 2014-03-22 21:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-03.dmp
2014-03-22 17:08 - 2014-03-24 21:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-22 17:08 - 2014-03-24 21:21 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-22 16:44 - 2014-03-22 16:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\My Documents\Britannica_Content
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\WebRenderer
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\.webrenderer
2014-03-22 15:49 - 2014-03-22 15:49 - 40658208 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\spybot-2.2.exe
2014-03-22 10:50 - 2014-03-22 10:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-02.dmp
2014-03-22 09:54 - 2014-03-22 09:54 - 00002724 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_095429.txt
2014-03-22 02:48 - 2014-03-22 02:48 - 00008112 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro_20140322_0248.log
2014-03-22 02:13 - 2014-03-24 00:03 - 00000000 ____D () C:\AdwCleaner
2014-03-22 02:12 - 2014-03-22 02:12 - 01950720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\AdwCleaner.exe
2014-03-22 01:58 - 2014-03-22 01:53 - 101570328 _____ (Microsoft Corporation) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\msert (1).exe
2014-03-22 01:43 - 2014-03-22 01:43 - 00002691 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_014317.txt
2014-03-22 01:33 - 2014-03-22 01:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-01.dmp
2014-03-21 23:26 - 2014-03-21 23:26 - 00002896 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_232617.txt
2014-03-21 23:10 - 2014-03-21 23:10 - 00002862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_231047.txt
2014-03-21 23:08 - 2014-03-21 23:08 - 00002831 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_230826.txt
2014-03-21 23:07 - 2014-03-21 23:07 - 00002793 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_230736.txt
2014-03-21 22:58 - 2014-03-21 23:01 - 00003395 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_225816.txt
2014-03-21 22:46 - 2014-03-21 22:46 - 00003314 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_224649.txt
2014-03-21 18:12 - 2014-03-21 18:13 - 00000009 ___RH () C:\Autoexec.bat
2014-03-21 11:15 - 2014-03-21 11:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-04.dmp
2014-03-21 10:54 - 2014-03-21 10:54 - 00002849 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_105453.txt
2014-03-21 10:49 - 2014-03-21 10:49 - 00002792 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104949.txt
2014-03-21 10:47 - 2014-03-21 10:47 - 00000882 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_PR_03212014_104728.txt
2014-03-21 10:44 - 2014-03-21 10:44 - 00002906 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104411.txt
2014-03-21 10:42 - 2014-03-22 09:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RK_Quarantine
2014-03-21 10:41 - 2014-03-21 10:41 - 03943424 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RogueKiller.exe
2014-03-21 10:32 - 2014-03-21 10:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-03.dmp
2014-03-21 09:55 - 2014-03-21 09:55 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-02.dmp
2014-03-21 09:20 - 2014-03-21 09:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-21 09:15 - 2014-03-21 09:15 - 00001070 _____ () C:\WINDOWS\system32\.crusader
2014-03-21 08:47 - 2014-03-21 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-03-21 08:47 - 2014-03-21 08:47 - 09988304 _____ (SurfRight B.V.) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro.exe
2014-03-21 08:33 - 2014-03-21 08:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-21 06:30 - 2014-03-21 06:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 06:25 - 2014-03-21 06:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\uSeRiNiT.exe
2014-03-20 14:58 - 2014-03-20 14:58 - 00000756 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\GMER Log-01.log
2014-03-20 12:04 - 2014-03-20 12:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-03.dmp
2014-03-20 09:19 - 2014-03-20 09:19 - 00028621 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\attach.txt
2014-03-20 09:19 - 2014-03-20 09:19 - 00015754 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\dds.txt
2014-03-20 09:06 - 2014-03-20 09:06 - 00789444 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\census.cache
2014-03-20 09:05 - 2014-03-20 09:05 - 00315161 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\ars.cache
2014-03-20 08:31 - 2014-03-20 08:31 - 00000010 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\sponge.last.runtime.cache
2014-03-20 08:24 - 2014-03-20 08:24 - 00000036 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\housecall.guid.cache
2014-03-20 08:22 - 2014-03-20 08:22 - 00000814 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 07:23 - 2014-03-20 07:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-02.dmp
2014-03-20 07:17 - 2014-03-20 07:17 - 00000000 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\defogger_reenable
2014-03-20 07:13 - 2014-03-24 21:28 - 00005862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Rkill.txt
2014-03-20 07:11 - 2014-03-20 07:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-01.dmp
2014-03-19 21:47 - 2014-03-21 06:20 - 00002510 _____ () C:\winzip.log
2014-03-19 21:20 - 2014-03-24 21:42 - 02057023 _____ () C:\WINDOWS\pfirewall.log
2014-03-19 11:25 - 2014-03-19 11:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-16.dmp
2014-03-19 10:58 - 2014-03-19 10:58 - 00000957 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\MS-Autoruns.lnk
2014-03-19 10:54 - 2014-03-19 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-15.dmp
2014-03-19 10:44 - 2014-03-19 10:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-14.dmp
2014-03-19 10:29 - 2014-03-19 10:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-13.dmp
2014-03-19 10:23 - 2014-03-19 10:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-12.dmp
2014-03-19 09:25 - 2014-03-19 09:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-11.dmp
2014-03-19 09:15 - 2006-01-12 17:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-03-19 04:59 - 2014-03-19 04:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-10.dmp
2014-03-19 04:34 - 2014-03-19 04:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-09.dmp
2014-03-19 04:22 - 2014-03-19 04:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-08.dmp
2014-03-19 03:42 - 2014-03-19 03:42 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-07.dmp
2014-03-19 03:30 - 2014-03-19 03:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-06.dmp
2014-03-19 03:26 - 2014-03-19 03:26 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-05.dmp
2014-03-19 03:21 - 2014-03-19 03:21 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\LogMeInIgnition
2014-03-19 03:19 - 2014-03-19 03:19 - 00001024 _____ () C:\.rnd
2014-03-19 03:15 - 2014-03-19 03:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-04.dmp
2014-03-19 02:52 - 2014-03-19 02:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-03.dmp
2014-03-19 02:47 - 2014-03-19 02:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-02.dmp
2014-03-19 02:43 - 2014-03-04 12:10 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140319-024357.backup
2014-03-19 01:49 - 2014-03-19 01:49 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031914-01.dmp
2014-03-19 00:47 - 2014-03-19 00:47 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SUPERAntiSpyware.com
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-03-18 23:50 - 2014-03-02 14:03 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 23:29 - 2014-03-18 23:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-13.dmp
2014-03-18 23:18 - 2014-03-18 23:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-12.dmp
2014-03-18 23:13 - 2014-03-18 23:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-11.dmp
2014-03-18 23:07 - 2014-03-18 23:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-10.dmp
2014-03-18 23:04 - 2014-03-18 23:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-09.dmp
2014-03-18 23:01 - 2014-03-18 23:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-08.dmp
2014-03-18 22:57 - 2014-03-18 22:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-07.dmp
2014-03-18 22:52 - 2014-03-18 22:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-06.dmp
2014-03-18 22:00 - 2014-03-18 22:00 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-05.dmp
2014-03-18 21:34 - 2014-03-18 21:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-04.dmp
2014-03-18 18:58 - 2014-03-18 18:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-03.dmp
2014-03-18 16:39 - 2014-03-18 16:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-02.dmp
2014-03-18 15:16 - 2014-03-18 15:16 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-01.dmp
2014-03-17 17:54 - 2014-03-17 17:54 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-06.dmp
2014-03-17 17:16 - 2014-03-17 17:15 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-05.dmp
2014-03-17 14:06 - 2014-03-17 14:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-04.dmp
2014-03-17 13:34 - 2014-03-17 13:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-03.dmp
2014-03-17 08:31 - 2009-02-09 07:10 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2014-03-17 06:40 - 2007-11-16 13:54 - 00165496 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e100b325.sys
2014-03-17 06:40 - 2007-11-16 13:54 - 00165496 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\e100b325.sys
2014-03-17 04:42 - 2014-03-17 04:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-02.dmp
2014-03-17 01:53 - 2014-03-17 01:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-01.dmp
2014-03-17 01:38 - 2014-03-17 01:38 - 00377329 ____S () C:\WINDOWS\system32\szesmpk.jhe.bak
2014-03-17 01:23 - 2014-03-17 01:23 - 00000181 _____ () C:\WINDOWS\system32\WINS.txt
2014-03-17 01:23 - 2014-03-17 01:23 - 00000126 _____ () C:\WINDOWS\system32\StaticIP.txt
2014-03-16 23:37 - 2014-03-16 23:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SystemRequirementsLab
2014-03-16 23:18 - 2014-03-16 23:18 - 00001778 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00001772 _____ () C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00000000 ____D () C:\Program Files\Belarc
2014-03-16 23:18 - 2013-09-10 19:25 - 00003840 _____ () C:\WINDOWS\system32\Drivers\BANTExt.sys
2014-03-16 22:02 - 2014-03-16 22:02 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031614-01.dmp
2014-03-16 17:21 - 2014-03-16 17:21 - 00000000 _____ () C:\WINDOWS\system32\default_user_class.dat
2014-03-16 13:39 - 2014-03-16 13:39 - 00124327 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Laptop-ServiceList.txt
2014-03-16 13:15 - 2014-03-16 13:19 - 00139889 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\mtbnew-ServiceList2.txt
2014-03-16 12:31 - 2014-03-16 12:29 - 00067720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\LaptopServiceList.txt
2014-03-16 11:58 - 2014-03-16 11:58 - 00046352 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\MTBNEW-ServiceList.txt
2014-03-15 23:45 - 2014-03-15 23:45 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-07.dmp
2014-03-15 23:20 - 2014-03-15 23:19 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-06.dmp
2014-03-15 16:14 - 2014-03-15 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-05.dmp
2014-03-15 16:12 - 2014-03-15 16:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-04.dmp
2014-03-15 08:03 - 2014-03-15 08:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-03.dmp
2014-03-15 07:36 - 2014-03-15 07:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-02.dmp
2014-03-15 06:58 - 2014-03-15 06:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-01.dmp
2014-03-14 13:47 - 2014-03-17 03:44 - 00000000 ____D () C:\Program Files\UPHClean
2014-03-14 13:28 - 2014-03-14 13:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-07.dmp
2014-03-14 13:22 - 2014-03-14 13:22 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-06.dmp
2014-03-14 13:07 - 2014-03-14 13:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-05.dmp
2014-03-14 13:05 - 2014-03-14 13:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-04.dmp
2014-03-14 12:53 - 2014-03-14 12:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-03.dmp
2014-03-14 12:44 - 2014-03-14 12:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-02.dmp
2014-03-14 12:37 - 2014-03-14 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-01.dmp
2014-03-14 07:13 - 2014-03-14 07:13 - 00003552 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats2.txt
2014-03-13 23:40 - 2014-03-13 23:40 - 00000000 ____D () C:\Program Files\ESET
2014-03-13 23:35 - 2014-03-13 23:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-06.dmp
2014-03-13 22:56 - 2014-03-13 22:55 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-05.dmp
2014-03-13 22:17 - 2014-03-13 22:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-04.dmp
2014-03-13 08:57 - 2014-03-13 11:05 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 08:41 - 2014-03-13 08:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-03.dmp
2014-03-13 07:30 - 2014-03-13 07:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-02.dmp
2014-03-13 00:34 - 2014-03-13 00:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-01.dmp
2014-03-12 23:52 - 2014-03-12 23:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-21.dmp
2014-03-12 21:44 - 2014-03-12 21:44 - 00047360 _____ (VSO Software) C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.sys
2014-03-12 21:44 - 2014-03-12 21:44 - 00007887 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.cat
2014-03-12 21:44 - 2014-03-12 21:44 - 00000055 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.log
2014-03-12 21:44 - 2014-03-12 21:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Vso
2014-03-12 21:23 - 2014-03-12 21:23 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Picturenaut
2014-03-12 18:29 - 2014-03-12 18:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-20.dmp
2014-03-12 17:25 - 2014-03-12 17:25 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-19.dmp
2014-03-12 17:15 - 2014-03-12 17:15 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-18.dmp
2014-03-12 17:08 - 2014-03-12 17:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-17.dmp
2014-03-12 17:04 - 2014-03-12 17:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-16.dmp
2014-03-12 16:56 - 2014-03-12 16:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-15.dmp
2014-03-12 16:45 - 2014-03-12 16:45 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-14.dmp
2014-03-12 16:41 - 2014-03-12 16:41 - 00000000 _____ () C:\WINDOWS\Minidump\Mini031214-13.dmp
2014-03-12 16:28 - 2014-03-12 16:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-12.dmp
2014-03-12 16:11 - 2014-03-12 16:11 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-11.dmp
2014-03-12 15:53 - 2014-03-12 15:53 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-10.dmp
2014-03-12 15:40 - 2005-12-12 17:27 - 00019072 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\PS2.sys
2014-03-12 15:14 - 2002-11-29 16:31 - 00036864 ____N () C:\WINDOWS\system32\KmRemove.exe
2014-03-12 14:52 - 2014-03-12 14:52 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-09.dmp
2014-03-12 14:36 - 2014-03-12 14:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-08.dmp
2014-03-12 14:03 - 2014-03-12 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-07.dmp
2014-03-12 13:51 - 2014-03-12 13:51 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-06.dmp
2014-03-12 13:38 - 2014-03-12 13:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-05.dmp
2014-03-12 11:48 - 2014-03-12 11:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-04.dmp
2014-03-12 09:53 - 2014-03-12 09:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-03.dmp
2014-03-12 09:26 - 2014-03-23 21:29 - 00237086 _____ () C:\WINDOWS\setupapi.log
2014-03-12 09:26 - 2014-03-12 09:25 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-02.dmp
2014-03-12 09:23 - 2014-03-12 09:26 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 09:20 - 2014-03-12 09:21 - 00013471 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 09:19 - 2014-03-12 09:20 - 00004907 _____ () C:\WINDOWS\KB2934207.log
2014-03-12 09:19 - 2014-03-12 09:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-12 09:19 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-12 09:19 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-12 08:56 - 2014-03-12 09:20 - 00015220 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 08:56 - 2014-03-12 09:20 - 00013692 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 08:11 - 2014-03-12 08:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-01.dmp
2014-03-08 21:20 - 2014-03-08 21:19 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-08.dmp
2014-03-08 17:40 - 2014-03-08 17:40 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-07.dmp
2014-03-08 17:23 - 2014-03-08 17:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-06.dmp
2014-03-08 16:03 - 2014-03-08 16:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-05.dmp
2014-03-08 15:57 - 2014-03-08 15:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-04.dmp
2014-03-08 15:39 - 2014-03-08 15:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-03.dmp
2014-03-08 14:03 - 2014-03-08 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-02.dmp
2014-03-08 05:15 - 2014-03-08 05:15 - 00000283 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats.txt
2014-03-08 01:15 - 2014-03-08 01:14 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-08 00:40 - 2014-03-08 00:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-09.dmp
2014-03-08 00:19 - 2014-03-21 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-08 00:18 - 2014-03-21 19:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbar
2014-03-08 00:02 - 2014-03-08 00:02 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-08.dmp
2014-03-07 23:20 - 2014-03-07 23:20 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-07.dmp
2014-03-07 20:52 - 2014-03-07 20:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-06.dmp
2014-03-07 20:27 - 2014-03-07 20:27 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-05.dmp
2014-03-07 20:10 - 2014-03-07 20:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-04.dmp
2014-03-07 19:11 - 2014-03-07 19:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-03.dmp
2014-03-07 18:08 - 2014-03-07 18:08 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-02.dmp
2014-03-07 16:56 - 2014-03-07 16:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-01.dmp
2014-03-06 21:44 - 2014-03-06 21:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-02.dmp
2014-03-06 20:35 - 2014-03-06 20:35 - 00000000 ____D () C:\NBRT
2014-03-06 09:01 - 2014-03-06 09:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-01.dmp
2014-03-05 22:21 - 2014-03-05 22:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-08.dmp
2014-03-05 21:36 - 2014-03-05 21:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-07.dmp
2014-03-05 21:10 - 2014-03-05 21:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-06.dmp
2014-03-05 20:12 - 2013-09-12 01:17 - 15693600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-03-05 20:12 - 2013-09-12 01:17 - 00209184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-03-05 20:12 - 2013-09-12 01:17 - 00156960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
2014-03-05 20:12 - 2013-09-12 01:17 - 00144160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcolor.exe
2014-03-05 20:12 - 2013-09-12 01:17 - 00054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwddi.dll
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-03-05 20:11 - 2013-09-12 03:42 - 00057344 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 21372928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglnt.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 06324224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 01049376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3232723.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 00893728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3232723.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 00018300 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-03-05 20:10 - 2013-06-16 07:38 - 00128672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda32.sys
2014-03-05 20:10 - 2013-06-16 07:38 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap32.dll
2014-03-05 20:10 - 2013-01-29 03:35 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103.dll
2014-03-05 20:06 - 2014-03-05 20:11 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-03-05 20:02 - 2014-03-24 21:40 - 00003732 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-05 19:32 - 2014-03-05 19:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-05.dmp
2014-03-05 16:07 - 2014-03-05 16:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-04.dmp
2014-03-05 15:37 - 2013-09-12 03:42 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 07700480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 02794272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 02568704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 02313192 _____ () C:\WINDOWS\system32\nvdata.data
2014-03-05 15:37 - 2013-09-12 03:42 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-03-05 14:48 - 2014-03-05 14:48 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-03.dmp
2014-03-05 14:13 - 2014-03-05 14:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-02.dmp
2014-03-05 13:59 - 2014-03-07 18:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2014-03-05 08:30 - 2014-03-05 08:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-04 22:34 - 2014-03-04 22:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-06.dmp
2014-03-04 12:17 - 2014-03-04 12:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-05.dmp
2014-03-04 12:08 - 2013-04-24 06:24 - 00447138 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140304.backup
2014-03-04 11:47 - 2014-03-04 11:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-04.dmp
2014-03-04 10:47 - 2014-03-04 10:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-03.dmp
2014-03-04 04:36 - 2014-03-04 04:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-02.dmp
2014-03-04 01:51 - 2014-03-04 01:50 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-01.dmp
2014-03-03 22:57 - 2014-03-23 20:18 - 00000310 __RSH () C:\boot.ini
2014-03-03 22:43 - 2014-03-24 21:34 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-03-03 22:43 - 2014-03-24 21:34 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-03-03 22:42 - 2014-03-19 04:11 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.CDF
2014-03-03 22:42 - 2014-03-19 04:11 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.BAK
2014-03-03 19:39 - 2014-03-03 19:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-20.dmp
2014-03-03 19:30 - 2014-03-03 19:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-19.dmp
2014-03-03 18:56 - 2014-03-03 18:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-18.dmp
2014-03-03 16:21 - 2014-03-03 16:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-17.dmp
2014-03-03 16:17 - 2014-03-03 16:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-16.dmp
2014-03-03 16:14 - 2014-03-03 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-15.dmp
2014-03-03 15:58 - 2014-03-03 15:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-14.dmp
2014-03-03 15:32 - 2014-03-03 15:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-13.dmp
2014-03-03 15:12 - 2014-03-03 15:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-12.dmp
2014-03-03 15:10 - 2014-03-03 15:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-11.dmp
2014-03-03 15:01 - 2014-03-03 15:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-10.dmp
2014-03-03 12:37 - 2014-03-03 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-09.dmp
2014-03-03 12:23 - 2014-03-03 12:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-08.dmp
2014-03-03 12:18 - 2014-03-03 12:18 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-07.dmp
2014-03-03 12:09 - 2014-03-03 12:08 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-06.dmp
2014-03-03 11:31 - 2014-03-03 11:31 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-05.dmp
2014-03-03 03:05 - 2014-03-03 03:05 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-04.dmp
2014-03-03 01:37 - 2014-03-03 01:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-03.dmp
2014-03-03 01:28 - 2014-03-03 01:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 01:23 - 2014-03-03 01:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-03 00:44 - 2014-03-03 00:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-06.dmp
2014-03-03 00:36 - 2014-03-03 00:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-05.dmp
2014-03-03 00:24 - 2014-03-03 00:24 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-04.dmp
2014-03-03 00:21 - 2014-03-03 00:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-03.dmp
2014-03-03 00:12 - 2014-03-03 00:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-02.dmp
2014-03-02 22:42 - 2014-03-07 18:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-02 22:32 - 2014-03-02 22:32 - 00018638 _____ () C:\WINDOWS\system32\CCCInstall_201403022132137187.log
2014-03-02 22:24 - 2014-03-02 22:42 - 00000000 ____D () C:\NVIDIA
2014-03-02 22:06 - 2014-03-02 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA
2014-03-02 17:16 - 2014-03-02 17:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-01.dmp
2014-02-25 12:10 - 2014-02-25 12:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini022514-01.dmp
2014-02-23 22:49 - 2014-02-24 17:49 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\TeamViewer
2014-02-23 22:48 - 2014-02-23 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-02-23 22:48 - 2014-02-23 22:48 - 00000826 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-02-23 22:48 - 2014-02-23 22:48 - 00000000 ____D () C:\Program Files\TeamViewer
2014-02-23 22:48 - 2013-10-17 10:32 - 00025088 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2014-02-22 15:45 - 2014-02-22 15:45 - 00094208 _____ () C:\WINDOWS\Minidump\Mini022214-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-24 21:42 - 2014-03-24 21:42 - 00020878 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.txt
2014-03-24 21:42 - 2014-03-24 21:42 - 00000000 ____D () C:\FRST
2014-03-24 21:42 - 2014-03-19 21:20 - 02057023 _____ () C:\WINDOWS\pfirewall.log
2014-03-24 21:40 - 2014-03-24 21:40 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.exe
2014-03-24 21:40 - 2014-03-05 20:02 - 00003732 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-24 21:36 - 2005-07-02 05:21 - 01190357 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-24 21:35 - 2005-07-02 05:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-24 21:35 - 2005-07-02 05:11 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-24 21:34 - 2014-03-03 22:43 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-03-24 21:34 - 2014-03-03 22:43 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-03-24 21:34 - 2011-10-30 20:26 - 00000278 ___SH () C:\Documents and Settings\HP_Administrator.MTBNEW\ntuser.ini
2014-03-24 21:34 - 2005-07-02 05:21 - 00032414 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-24 21:28 - 2014-03-20 07:13 - 00005862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Rkill.txt
2014-03-24 21:23 - 2014-03-22 17:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-24 21:21 - 2014-03-24 21:21 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-03-24 21:21 - 2014-03-22 17:08 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-24 19:57 - 2004-11-13 05:46 - 00000553 _____ () C:\WINDOWS\wiadebug.log
2014-03-24 19:57 - 2004-11-13 05:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-24 19:51 - 2014-03-24 19:51 - 00018150 _____ () C:\ComboFix.txt
2014-03-24 19:51 - 2014-03-23 20:14 - 00000000 ____D () C:\Qoobox
2014-03-24 19:48 - 2004-11-13 05:42 - 00000365 _____ () C:\WINDOWS\system.ini
2014-03-24 19:47 - 2012-10-12 01:30 - 00000000 ____D () C:\Documents and Settings\mtbowman.MTBNEW
2014-03-24 19:47 - 2012-08-10 07:01 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW
2014-03-24 19:47 - 2011-10-30 20:26 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW
2014-03-24 19:47 - 2008-11-30 10:44 - 00000000 ____D () C:\Documents and Settings\mtbowman
2014-03-24 19:47 - 2006-03-06 01:20 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
2014-03-24 19:30 - 2006-02-28 20:39 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-03-24 13:37 - 2012-11-23 00:39 - 00000000 ____D () C:\Program Files\Debugging Tools for Windows (x86)
2014-03-24 11:18 - 2014-01-08 23:54 - 00000084 _____ () C:\WINDOWS\TaxACT13.ini
2014-03-24 11:16 - 2013-01-29 22:36 - 00000084 _____ () C:\WINDOWS\TaxACT12.ini
2014-03-24 10:52 - 2014-03-24 10:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-02.dmp
2014-03-24 10:52 - 2007-09-18 05:30 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-24 08:43 - 2014-03-24 08:43 - 00005815 _____ () C:\Documents and Settings\All Users\Documents\pspbrwse.jbf
2014-03-24 08:38 - 2008-12-13 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\GloriaBoysPhotos
2014-03-24 08:37 - 2006-08-16 00:48 - 00000000 ____D () C:\Program Files\Paint Shop Pro 6
2014-03-24 08:34 - 2014-03-24 08:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-01.dmp
2014-03-24 00:03 - 2014-03-22 02:13 - 00000000 ____D () C:\AdwCleaner
2014-03-23 23:34 - 2014-03-23 20:13 - 05192353 ____R (Swearware) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ComboFix.exe
2014-03-23 22:17 - 2014-03-23 17:49 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-23 21:29 - 2014-03-12 09:26 - 00237086 _____ () C:\WINDOWS\setupapi.log
2014-03-23 20:57 - 2014-03-23 20:57 - 00019464 _____ () C:\ComboFix-01.txt
2014-03-23 20:57 - 2006-02-28 20:14 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-23 20:56 - 2014-03-23 20:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-23 20:18 - 2014-03-23 20:18 - 00000000 _RSHD () C:\cmdcons
2014-03-23 20:18 - 2014-03-03 22:57 - 00000310 __RSH () C:\boot.ini
2014-03-23 20:17 - 2005-07-15 12:14 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-23 18:08 - 2014-03-23 18:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-07.dmp
2014-03-23 17:56 - 2014-03-23 17:56 - 00003109 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_175611.txt
2014-03-23 15:50 - 2014-03-23 15:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-06.dmp
2014-03-23 14:47 - 2014-03-23 14:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-05.dmp
2014-03-23 14:35 - 2014-03-23 14:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-04.dmp
2014-03-23 14:24 - 2014-03-23 14:24 - 00003085 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142452.txt
2014-03-23 14:24 - 2014-03-23 14:24 - 00003040 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142423.txt
2014-03-23 14:22 - 2014-03-23 14:22 - 00003006 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142203.txt
2014-03-23 14:20 - 2014-03-23 14:20 - 00002982 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142015.txt
2014-03-23 14:12 - 2014-03-23 14:12 - 00002937 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_141224.txt
2014-03-23 13:32 - 2014-03-23 13:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-03.dmp
2014-03-23 12:56 - 2014-03-23 12:56 - 00070696 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Extras.Txt
2014-03-23 12:55 - 2014-03-23 12:55 - 00143046 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.Txt
2014-03-23 12:45 - 2014-03-23 12:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.exe
2014-03-23 12:29 - 2014-03-23 12:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-02.dmp
2014-03-23 12:21 - 2014-03-23 12:21 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-01.dmp
2014-03-23 11:50 - 2014-03-23 11:50 - 00001823 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-23 08:26 - 2014-03-23 08:26 - 00005628 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal-20140322-2026.txt
2014-03-23 08:22 - 2014-03-22 22:09 - 00000015 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\settings.dat
2014-03-22 22:30 - 2014-03-22 22:30 - 00005628 _____ () C:\RootRepeal report 03-22-14 (22-30-23).txt
2014-03-22 22:08 - 2014-03-22 22:08 - 00472064 _____ ( ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal.exe
2014-03-22 21:57 - 2014-03-22 21:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-03.dmp
2014-03-22 18:05 - 2007-01-13 06:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-22 17:03 - 2011-12-05 10:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\vlc
2014-03-22 16:54 - 2010-02-23 10:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-99-Miscellaneous
2014-03-22 16:44 - 2014-03-22 16:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\My Documents\Britannica_Content
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\WebRenderer
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\.webrenderer
2014-03-22 16:35 - 2013-08-29 20:59 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\AnvSoft
2014-03-22 16:35 - 2013-08-29 20:58 - 00000000 ____D () C:\Program Files\AnvSoft
2014-03-22 16:26 - 2011-11-06 09:29 - 00141824 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-22 15:49 - 2014-03-22 15:49 - 40658208 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\spybot-2.2.exe
2014-03-22 10:50 - 2014-03-22 10:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-02.dmp
2014-03-22 09:54 - 2014-03-22 09:54 - 00002724 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_095429.txt
2014-03-22 09:52 - 2014-03-21 10:42 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RK_Quarantine
2014-03-22 02:48 - 2014-03-22 02:48 - 00008112 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro_20140322_0248.log
2014-03-22 02:12 - 2014-03-22 02:12 - 01950720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\AdwCleaner.exe
2014-03-22 01:53 - 2014-03-22 01:58 - 101570328 _____ (Microsoft Corporation) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\msert (1).exe
2014-03-22 01:43 - 2014-03-22 01:43 - 00002691 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_014317.txt
2014-03-22 01:33 - 2014-03-22 01:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-01.dmp
2014-03-21 23:26 - 2014-03-21 23:26 - 00002896 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_232617.txt
2014-03-21 23:10 - 2014-03-21 23:10 - 00002862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_231047.txt
2014-03-21 23:08 - 2014-03-21 23:08 - 00002831 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_230826.txt
2014-03-21 23:07 - 2014-03-21 23:07 - 00002793 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_230736.txt
2014-03-21 23:01 - 2014-03-21 22:58 - 00003395 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_225816.txt
2014-03-21 22:46 - 2014-03-21 22:46 - 00003314 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_224649.txt
2014-03-21 19:43 - 2014-03-08 00:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-21 19:43 - 2014-03-08 00:18 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbar
2014-03-21 18:13 - 2014-03-21 18:12 - 00000009 ___RH () C:\Autoexec.bat
2014-03-21 11:15 - 2014-03-21 11:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-04.dmp
2014-03-21 10:54 - 2014-03-21 10:54 - 00002849 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_105453.txt
2014-03-21 10:49 - 2014-03-21 10:49 - 00002792 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104949.txt
2014-03-21 10:47 - 2014-03-21 10:47 - 00000882 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_PR_03212014_104728.txt
2014-03-21 10:44 - 2014-03-21 10:44 - 00002906 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104411.txt
2014-03-21 10:41 - 2014-03-21 10:41 - 03943424 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RogueKiller.exe
2014-03-21 10:32 - 2014-03-21 10:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-03.dmp
2014-03-21 09:55 - 2014-03-21 09:55 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-02.dmp
2014-03-21 09:20 - 2014-03-21 09:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-21 09:15 - 2014-03-21 09:15 - 00001070 _____ () C:\WINDOWS\system32\.crusader
2014-03-21 09:15 - 2014-03-21 08:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-03-21 09:15 - 2006-05-02 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\StartupStop
2014-03-21 08:47 - 2014-03-21 08:47 - 09988304 _____ (SurfRight B.V.) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro.exe
2014-03-21 08:33 - 2014-03-21 08:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-21 08:33 - 2008-02-24 06:13 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-21 06:31 - 2014-03-21 06:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 06:25 - 2014-03-21 06:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\uSeRiNiT.exe
2014-03-21 06:22 - 2004-11-13 13:51 - 00000915 _____ () C:\WINDOWS\win.ini
2014-03-21 06:20 - 2014-03-19 21:47 - 00002510 _____ () C:\winzip.log
2014-03-20 14:58 - 2014-03-20 14:58 - 00000756 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\GMER Log-01.log
2014-03-20 12:03 - 2014-03-20 12:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-03.dmp
2014-03-20 09:25 - 2006-03-06 01:54 - 00000265 _____ () C:\Boot.bak
2014-03-20 09:19 - 2014-03-20 09:19 - 00028621 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\attach.txt
2014-03-20 09:19 - 2014-03-20 09:19 - 00015754 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\dds.txt
2014-03-20 09:09 - 2010-02-23 10:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-71-Utilities
2014-03-20 09:06 - 2014-03-20 09:06 - 00789444 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\census.cache
2014-03-20 09:05 - 2014-03-20 09:05 - 00315161 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\ars.cache
2014-03-20 08:31 - 2014-03-20 08:31 - 00000010 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\sponge.last.runtime.cache
2014-03-20 08:24 - 2014-03-20 08:24 - 00000036 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\housecall.guid.cache
2014-03-20 08:22 - 2014-03-20 08:22 - 00000814 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 08:22 - 2005-07-02 05:12 - 00632308 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-20 08:22 - 2004-11-13 13:54 - 00840989 _____ () C:\WINDOWS\tsoc.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00602082 _____ () C:\WINDOWS\comsetup.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00372441 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00136149 _____ () C:\WINDOWS\iis6.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00099646 _____ () C:\WINDOWS\ocmsn.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00087597 _____ () C:\WINDOWS\tabletoc.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-03-20 08:22 - 2004-11-13 13:49 - 01791052 _____ () C:\WINDOWS\FaxSetup.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00929945 _____ () C:\WINDOWS\ocgen.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00313271 _____ () C:\WINDOWS\netfxocm.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00127120 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00091340 _____ () C:\WINDOWS\msgsocm.log
2014-03-20 08:22 - 2004-11-13 13:48 - 00587978 _____ () C:\WINDOWS\msmqinst.log
2014-03-20 08:20 - 2006-08-15 22:36 - 00001080 _____ () C:\WINDOWS\AUTOLNCH.REG
2014-03-20 07:23 - 2014-03-20 07:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-02.dmp
2014-03-20 07:17 - 2014-03-20 07:17 - 00000000 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\defogger_reenable
2014-03-20 07:11 - 2014-03-20 07:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-01.dmp
2014-03-19 11:25 - 2014-03-19 11:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-16.dmp
2014-03-19 10:58 - 2014-03-19 10:58 - 00000957 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\MS-Autoruns.lnk
2014-03-19 10:54 - 2014-03-19 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-15.dmp
2014-03-19 10:44 - 2014-03-19 10:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-14.dmp
2014-03-19 10:29 - 2014-03-19 10:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-13.dmp
2014-03-19 10:23 - 2014-03-19 10:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-12.dmp
2014-03-19 10:16 - 2006-10-01 00:25 - 00000000 ____D () C:\Program Files\DivX
2014-03-19 10:13 - 2007-04-10 21:16 - 00000000 ____D () C:\Program Files\Citrix
2014-03-19 10:12 - 2010-02-23 10:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Multimedia-Video
2014-03-19 10:11 - 2004-11-13 13:54 - 00004566 _____ () C:\WINDOWS\imsins.BAK
2014-03-19 09:32 - 2010-02-23 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-05-Browsers
2014-03-19 09:25 - 2014-03-19 09:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-11.dmp
2014-03-19 09:15 - 2012-03-03 09:33 - 00000000 ____D () C:\Program Files\Intel
2014-03-19 04:58 - 2014-03-19 04:59 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-10.dmp
2014-03-19 04:35 - 2012-08-10 07:01 - 00000178 ___SH () C:\Documents and Settings\Administrator.MTBNEW\ntuser.ini
2014-03-19 04:33 - 2014-03-19 04:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-09.dmp
2014-03-19 04:22 - 2014-03-19 04:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-08.dmp
2014-03-19 04:11 - 2014-03-03 22:42 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.CDF
2014-03-19 04:11 - 2014-03-03 22:42 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.BAK
2014-03-19 04:11 - 2006-03-06 01:08 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2014-03-19 04:04 - 2012-12-27 00:53 - 00018200 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\reset.log
2014-03-19 03:56 - 2009-12-23 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-03-19 03:50 - 2011-11-01 12:14 - 00057269 _____ () C:\WINDOWS\spupdsvc.log
2014-03-19 03:48 - 2011-11-13 13:52 - 00022265 _____ () C:\WINDOWS\KB956572.log
2014-03-19 03:48 - 2006-02-28 20:26 - 00248739 _____ () C:\WINDOWS\updspapi.log
2014-03-19 03:42 - 2014-03-19 03:42 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-07.dmp
2014-03-19 03:30 - 2014-03-19 03:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-06.dmp
2014-03-19 03:26 - 2014-03-19 03:26 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-05.dmp
2014-03-19 03:21 - 2014-03-19 03:21 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\LogMeInIgnition
2014-03-19 03:19 - 2014-03-19 03:19 - 00001024 _____ () C:\.rnd
2014-03-19 03:15 - 2014-03-19 03:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-04.dmp
2014-03-19 03:07 - 2013-01-13 18:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-03-19 02:52 - 2014-03-19 02:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-03.dmp
2014-03-19 02:50 - 2006-02-28 21:18 - 00000000 ____D () C:\Program Files\Google
2014-03-19 02:47 - 2014-03-19 02:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-02.dmp
2014-03-19 02:35 - 2006-02-28 20:40 - 00003320 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-03-19 02:32 - 2013-05-15 15:48 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Citrix
2014-03-19 01:49 - 2014-03-19 01:49 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031914-01.dmp
2014-03-19 00:47 - 2014-03-19 00:47 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SUPERAntiSpyware.com
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-03-18 23:29 - 2014-03-18 23:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-13.dmp
2014-03-18 23:17 - 2014-03-18 23:18 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-12.dmp
2014-03-18 23:13 - 2014-03-18 23:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-11.dmp
2014-03-18 23:07 - 2014-03-18 23:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-10.dmp
2014-03-18 23:04 - 2014-03-18 23:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-09.dmp
2014-03-18 23:01 - 2014-03-18 23:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-08.dmp
2014-03-18 22:57 - 2014-03-18 22:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-07.dmp
2014-03-18 22:52 - 2014-03-18 22:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-06.dmp
2014-03-18 22:00 - 2014-03-18 22:00 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-05.dmp
2014-03-18 21:34 - 2014-03-18 21:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-04.dmp
2014-03-18 18:58 - 2014-03-18 18:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-03.dmp
2014-03-18 18:17 - 2011-12-28 08:24 - 00002644 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-18 16:39 - 2014-03-18 16:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-02.dmp
2014-03-18 15:16 - 2014-03-18 15:16 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-01.dmp
2014-03-18 10:34 - 2011-11-30 01:26 - 00000098 _____ () C:\WINDOWS\10-key.ini
2014-03-18 08:43 - 2011-11-30 01:29 - 00001374 _____ () C:\WINDOWS\system32\msxkwn.vxp
2014-03-17 17:54 - 2014-03-17 17:54 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-06.dmp
2014-03-17 17:15 - 2014-03-17 17:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-05.dmp
2014-03-17 15:38 - 2005-07-15 12:14 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-03-17 15:24 - 2011-11-01 10:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\U3
2014-03-17 14:15 - 2004-11-13 13:54 - 02021613 _____ () C:\WINDOWS\iis6.BAK
2014-03-17 14:06 - 2014-03-17 14:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-04.dmp
2014-03-17 13:34 - 2014-03-17 13:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-03.dmp
2014-03-17 06:27 - 2005-07-15 12:01 - 00000000 ____D () C:\WINDOWS\security
2014-03-17 06:26 - 2008-05-30 06:51 - 00000000 ____D () C:\WINDOWS\pss
2014-03-17 04:41 - 2014-03-17 04:42 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-02.dmp
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\WindowsShell.Manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\wuaucpl.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\sapi.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\nwc.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\ncpa.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\cdplayer.exe.manifest
2014-03-17 04:07 - 2011-12-18 12:13 - 00045056 ___SH () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Thumbs.db
2014-03-17 03:44 - 2014-03-14 13:47 - 00000000 ____D () C:\Program Files\UPHClean
2014-03-17 03:44 - 2009-10-24 13:33 - 00000000 ____D () C:\Program Files\Palm
2014-03-17 03:44 - 2006-02-28 21:12 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows
2014-03-17 03:44 - 2005-07-15 12:02 - 00000000 ____D () C:\WINDOWS\system
2014-03-17 03:34 - 2011-11-30 12:30 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll.000.bak
2014-03-17 03:29 - 2004-11-13 13:54 - 00419840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 01:52 - 2014-03-17 01:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-01.dmp
2014-03-17 01:38 - 2014-03-17 01:38 - 00377329 ____S () C:\WINDOWS\system32\szesmpk.jhe.bak
2014-03-17 01:23 - 2014-03-17 01:23 - 00000181 _____ () C:\WINDOWS\system32\WINS.txt
2014-03-17 01:23 - 2014-03-17 01:23 - 00000126 _____ () C:\WINDOWS\system32\StaticIP.txt
2014-03-17 01:23 - 2012-11-20 20:01 - 00002730 _____ () C:\WINDOWS\system32\WmiConf.txt
2014-03-16 23:39 - 2013-08-15 18:08 - 00001100 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-03-16 23:37 - 2014-03-16 23:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SystemRequirementsLab
2014-03-16 23:18 - 2014-03-16 23:18 - 00001778 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00001772 _____ () C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00000000 ____D () C:\Program Files\Belarc
2014-03-16 22:22 - 2005-07-15 11:47 - 00000000 ____D () C:\WINDOWS\Help
2014-03-16 22:02 - 2014-03-16 22:02 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031614-01.dmp
2014-03-16 17:21 - 2014-03-16 17:21 - 00000000 _____ () C:\WINDOWS\system32\default_user_class.dat
2014-03-16 13:39 - 2014-03-16 13:39 - 00124327 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Laptop-ServiceList.txt
2014-03-16 13:19 - 2014-03-16 13:15 - 00139889 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\mtbnew-ServiceList2.txt
2014-03-16 12:29 - 2014-03-16 12:31 - 00067720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\LaptopServiceList.txt
2014-03-16 11:58 - 2014-03-16 11:58 - 00046352 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\MTBNEW-ServiceList.txt
2014-03-16 09:15 - 2005-07-15 12:01 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-15 23:45 - 2014-03-15 23:45 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-07.dmp
2014-03-15 23:19 - 2014-03-15 23:20 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-06.dmp
2014-03-15 16:23 - 2006-02-28 20:39 - 00065536 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-03-15 16:14 - 2014-03-15 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-05.dmp
2014-03-15 16:12 - 2014-03-15 16:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-04.dmp
2014-03-15 09:28 - 2012-03-07 21:45 - 00000084 _____ () C:\WINDOWS\TaxACT11.ini
2014-03-15 09:02 - 2011-07-31 15:38 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\AllUsersShortcuts
2014-03-15 08:03 - 2014-03-15 08:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-03.dmp
2014-03-15 07:36 - 2014-03-15 07:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-02.dmp
2014-03-15 06:58 - 2014-03-15 06:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-01.dmp
2014-03-14 13:33 - 2006-02-28 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
2014-03-14 13:28 - 2014-03-14 13:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-07.dmp
2014-03-14 13:22 - 2014-03-14 13:22 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-06.dmp
2014-03-14 13:07 - 2014-03-14 13:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-05.dmp
2014-03-14 13:04 - 2014-03-14 13:05 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-04.dmp
2014-03-14 12:53 - 2014-03-14 12:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-03.dmp
2014-03-14 12:44 - 2014-03-14 12:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-02.dmp
2014-03-14 12:37 - 2014-03-14 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-01.dmp
2014-03-14 07:13 - 2014-03-14 07:13 - 00003552 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats2.txt
2014-03-13 23:40 - 2014-03-13 23:40 - 00000000 ____D () C:\Program Files\ESET
2014-03-13 23:35 - 2014-03-13 23:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-06.dmp
2014-03-13 22:55 - 2014-03-13 22:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-05.dmp
2014-03-13 22:17 - 2014-03-13 22:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-04.dmp
2014-03-13 15:03 - 2012-01-30 04:10 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 11:05 - 2014-03-13 08:57 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 08:40 - 2014-03-13 08:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-03.dmp
2014-03-13 07:29 - 2014-03-13 07:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-02.dmp
2014-03-13 00:33 - 2014-03-13 00:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-01.dmp
2014-03-12 23:51 - 2014-03-12 23:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-21.dmp
2014-03-12 22:13 - 2006-02-28 20:56 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-03-12 22:13 - 2006-02-28 20:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-12 21:44 - 2014-03-12 21:44 - 00047360 _____ (VSO Software) C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.sys
2014-03-12 21:44 - 2014-03-12 21:44 - 00007887 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.cat
2014-03-12 21:44 - 2014-03-12 21:44 - 00000055 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.log
2014-03-12 21:44 - 2014-03-12 21:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Vso
2014-03-12 21:33 - 2008-01-18 22:45 - 00000000 ____D () C:\SRC
2014-03-12 21:23 - 2014-03-12 21:23 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Picturenaut
2014-03-12 18:29 - 2014-03-12 18:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-20.dmp
2014-03-12 17:25 - 2014-03-12 17:25 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-19.dmp
2014-03-12 17:15 - 2014-03-12 17:15 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-18.dmp
2014-03-12 17:08 - 2014-03-12 17:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-17.dmp
2014-03-12 17:07 - 2014-01-02 16:55 - 00000000 ____D () C:\WINDOWS\FullMemDump
2014-03-12 17:04 - 2014-03-12 17:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-16.dmp
2014-03-12 16:56 - 2014-03-12 16:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-15.dmp
2014-03-12 16:45 - 2014-03-12 16:45 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-14.dmp
2014-03-12 16:41 - 2014-03-12 16:41 - 00000000 _____ () C:\WINDOWS\Minidump\Mini031214-13.dmp
2014-03-12 16:28 - 2014-03-12 16:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-12.dmp
2014-03-12 16:11 - 2014-03-12 16:11 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-11.dmp
2014-03-12 15:53 - 2014-03-12 15:53 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-10.dmp
2014-03-12 15:43 - 2004-11-13 13:54 - 00228507 _____ () C:\WINDOWS\setupact.log
2014-03-12 15:40 - 2005-07-15 11:44 - 00000000 ____D () C:\hp
2014-03-12 15:09 - 2010-02-23 11:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-95-Hardware
2014-03-12 14:52 - 2014-03-12 14:52 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-09.dmp
2014-03-12 14:36 - 2014-03-12 14:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-08.dmp
2014-03-12 14:03 - 2014-03-12 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-07.dmp
2014-03-12 13:51 - 2014-03-12 13:51 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-06.dmp
2014-03-12 13:37 - 2014-03-12 13:38 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-05.dmp
2014-03-12 11:47 - 2014-03-12 11:48 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-04.dmp
2014-03-12 11:40 - 2010-12-14 21:29 - 00057344 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\My Documents\CashFlowPlan.xls
2014-03-12 09:53 - 2014-03-12 09:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-03.dmp
2014-03-12 09:53 - 2008-02-28 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 09:49 - 2013-09-29 04:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-12 09:48 - 2010-06-04 03:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-12 09:26 - 2014-03-12 09:23 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 09:25 - 2014-03-12 09:26 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-02.dmp
2014-03-12 09:21 - 2014-03-12 09:20 - 00013471 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 09:20 - 2014-03-12 09:19 - 00004907 _____ () C:\WINDOWS\KB2934207.log
2014-03-12 09:20 - 2014-03-12 08:56 - 00015220 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 09:20 - 2014-03-12 08:56 - 00013692 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 09:19 - 2014-03-12 09:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-12 08:24 - 2013-11-19 03:51 - 01166432 _____ () C:\WINDOWS\setupapi.log.4.old
2014-03-12 08:11 - 2014-03-12 08:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-01.dmp
2014-03-10 22:47 - 2012-08-10 07:01 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW\Local Settings\Application Data\Google
2014-03-10 22:36 - 2006-04-02 17:32 - 00000000 ____D () C:\Data
2014-03-10 11:13 - 2008-01-09 23:06 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\My Documents\WorkFiles
2014-03-08 21:19 - 2014-03-08 21:20 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-08.dmp
2014-03-08 17:40 - 2014-03-08 17:40 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-07.dmp
2014-03-08 17:23 - 2014-03-08 17:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-06.dmp
2014-03-08 16:03 - 2014-03-08 16:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-05.dmp
2014-03-08 15:57 - 2014-03-08 15:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-04.dmp
2014-03-08 15:39 - 2014-03-08 15:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-03.dmp
2014-03-08 14:03 - 2014-03-08 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-02.dmp
2014-03-08 05:15 - 2014-03-08 05:15 - 00000283 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats.txt
2014-03-08 01:27 - 2014-01-24 02:44 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-03-08 01:27 - 2010-02-23 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Multimedia-Audio
2014-03-08 01:14 - 2014-03-08 01:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-08 00:40 - 2014-03-08 00:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-09.dmp
2014-03-08 00:02 - 2014-03-08 00:02 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-08.dmp
2014-03-07 23:38 - 2011-11-06 09:18 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RegistryEditFiles
2014-03-07 23:20 - 2014-03-07 23:20 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-07.dmp
2014-03-07 20:52 - 2014-03-07 20:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-06.dmp
2014-03-07 20:27 - 2014-03-07 20:27 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-05.dmp
2014-03-07 20:10 - 2014-03-07 20:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-04.dmp
2014-03-07 19:11 - 2014-03-07 19:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-03.dmp
2014-03-07 18:18 - 2014-03-05 13:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2014-03-07 18:18 - 2014-03-02 22:42 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-07 18:08 - 2014-03-07 18:08 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-02.dmp
2014-03-07 16:56 - 2014-03-07 16:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-01.dmp
2014-03-06 21:44 - 2014-03-06 21:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-02.dmp
2014-03-06 20:38 - 2006-02-28 20:14 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-06 20:35 - 2014-03-06 20:35 - 00000000 ____D () C:\NBRT
2014-03-06 09:01 - 2014-03-06 09:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-01.dmp
2014-03-05 22:21 - 2014-03-05 22:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-08.dmp
2014-03-05 21:36 - 2014-03-05 21:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-07.dmp
2014-03-05 21:10 - 2014-03-05 21:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-06.dmp
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-03-05 20:11 - 2014-03-05 20:06 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-03-05 19:32 - 2014-03-05 19:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-05.dmp
2014-03-05 16:07 - 2014-03-05 16:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-04.dmp
2014-03-05 14:48 - 2014-03-05 14:48 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-03.dmp
2014-03-05 14:13 - 2014-03-05 14:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-02.dmp
2014-03-05 08:30 - 2014-03-05 08:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-04 22:34 - 2014-03-04 22:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-06.dmp
2014-03-04 12:17 - 2014-03-04 12:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-05.dmp
2014-03-04 12:10 - 2014-03-19 02:43 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140319-024357.backup
2014-03-04 11:47 - 2014-03-04 11:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-04.dmp
2014-03-04 10:47 - 2014-03-04 10:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-03.dmp
2014-03-04 04:36 - 2014-03-04 04:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-02.dmp
2014-03-04 02:30 - 2004-11-13 13:55 - 00105889 _____ () C:\WINDOWS\wmsetup.log
2014-03-04 01:50 - 2014-03-04 01:51 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-01.dmp
2014-03-03 22:42 - 2014-02-16 20:33 - 00081920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\OpenAL32.dll
2014-03-03 22:42 - 2006-02-28 20:36 - 00000000 ____D () C:\WINDOWS\system32\Defaults
2014-03-03 22:41 - 2013-03-17 01:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2014-03-03 22:40 - 2006-04-04 03:27 - 00000419 _____ () C:\WINDOWS\CTWave32.INI
2014-03-03 19:39 - 2014-03-03 19:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-20.dmp
2014-03-03 19:30 - 2014-03-03 19:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-19.dmp
2014-03-03 18:56 - 2014-03-03 18:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-18.dmp
2014-03-03 16:21 - 2014-03-03 16:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-17.dmp
2014-03-03 16:16 - 2014-03-03 16:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-16.dmp
2014-03-03 16:14 - 2014-03-03 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-15.dmp
2014-03-03 15:58 - 2014-03-03 15:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-14.dmp
2014-03-03 15:32 - 2014-03-03 15:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-13.dmp
2014-03-03 15:12 - 2014-03-03 15:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-12.dmp
2014-03-03 15:10 - 2014-03-03 15:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-11.dmp
2014-03-03 15:01 - 2014-03-03 15:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-10.dmp
2014-03-03 12:37 - 2014-03-03 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-09.dmp
2014-03-03 12:23 - 2014-03-03 12:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-08.dmp
2014-03-03 12:18 - 2014-03-03 12:18 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-07.dmp
2014-03-03 12:08 - 2014-03-03 12:09 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-06.dmp
2014-03-03 11:31 - 2014-03-03 11:31 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-05.dmp
2014-03-03 03:05 - 2014-03-03 03:05 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-04.dmp
2014-03-03 01:37 - 2014-03-03 01:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-03.dmp
2014-03-03 01:28 - 2014-03-03 01:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 01:23 - 2014-03-03 01:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-03 00:44 - 2014-03-03 00:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-06.dmp
2014-03-03 00:36 - 2014-03-03 00:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-05.dmp
2014-03-03 00:24 - 2014-03-03 00:24 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-04.dmp
2014-03-03 00:21 - 2014-03-03 00:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-03.dmp
2014-03-03 00:12 - 2014-03-03 00:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-02.dmp
2014-03-02 22:42 - 2014-03-02 22:24 - 00000000 ____D () C:\NVIDIA
2014-03-02 22:32 - 2014-03-02 22:32 - 00018638 _____ () C:\WINDOWS\system32\CCCInstall_201403022132137187.log
2014-03-02 22:06 - 2014-03-02 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA
2014-03-02 17:16 - 2014-03-02 17:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-01.dmp
2014-03-02 14:03 - 2014-03-18 23:50 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-26 22:39 - 2006-02-28 20:29 - 00000893 _____ () C:\WINDOWS\orun32.ini
2014-02-25 20:59 - 2014-03-12 09:19 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-25 20:59 - 2014-03-12 09:19 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-25 12:10 - 2014-02-25 12:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini022514-01.dmp
2014-02-24 17:49 - 2014-02-23 22:49 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\TeamViewer
2014-02-24 16:24 - 2004-08-04 07:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2004-08-04 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 16:09 - 2011-10-30 20:34 - 00119048 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-24 06:46 - 2011-11-09 07:18 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 06:46 - 2004-08-04 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 06:45 - 2012-06-12 21:58 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 06:45 - 2011-11-09 07:18 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 06:45 - 2011-11-09 07:18 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 06:45 - 2011-11-09 07:18 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 06:45 - 2011-11-09 07:18 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 06:45 - 2011-11-09 07:18 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 06:45 - 2011-11-09 07:18 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 06:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 06:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 06:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 06:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 06:45 - 2004-08-04 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 06:45 - 2004-08-04 07:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 06:45 - 2004-08-04 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 05:54 - 2004-08-04 07:00 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-23 22:49 - 2014-02-23 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-02-23 22:48 - 2014-02-23 22:48 - 00000826 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-02-23 22:48 - 2014-02-23 22:48 - 00000000 ____D () C:\Program Files\TeamViewer
2014-02-22 15:45 - 2014-02-22 15:45 - 00094208 _____ () C:\WINDOWS\Minidump\Mini022214-01.dmp

Files to move or delete:
====================
C:\Documents and Settings\HP_Administrator.MTBNEW\Dscan16.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\en_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\es_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\fr_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\grm_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\HPAsset.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\hpmonZ.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\it_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\jp_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\mfc80u.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\msvcr80.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\PCPE Setup.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\pt_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\ru_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\shortcut.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\Smstub16.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\zh_res.dll

Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\temp\AdobeUpdater12345.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\jre-6u26-windows-i586-iftw-rv_e9f0d688.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\siw_sdk.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\uninst.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by HP_Administrator at 2014-03-24 21:44:15
Running from C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

10-Key (HKLM\...\10-Key) (Version:  - )
AAC ACM Codec 1.9 (HKLM\...\AACACM) (Version: 1.9 - fccHandler)
Adobe Acrobat 7.0 Professional (Version: 7.1.0 - Adobe Systems) Hidden
Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional) (Version: 7.1.0 - Adobe Systems)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiO_Scan_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiOSoftwareNPI (Version: 50.0.214.000 - Hewlett-Packard) Hidden
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CameraDrivers (Version: 5.0.0.290 - Hewlett-Packard) Hidden
CameraDrivers (Version: 5.0.0.328 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CP_AtenaShokunin1Config (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 53.0.24.000 - Hewlett-Packard) Hidden
cp_LightScribePlugin (Version: 53.0.24.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
CueTour (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )
Debugging Tools for Windows (x86) (HKLM\...\{D09605BE-5587-4B0C-86C8-69B5092CB80F}) (Version: 6.12.2.633 - Microsoft Corporation)
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Easy CD Creator 5 Platinum (HKLM\...\{8851E12C-0EF9-11D4-A788-009027ABA5D0}) (Version: 5.0.0.0000 - Roxio Inc)
Elevated Installer (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
Enosoft AVI Repair Tool (HKLM\...\{85A8D103-AEC8-41DE-817D-69CA16F08A84}) (Version: 1.1 - Enosoft)
Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Fax_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden
FreeBASIC 0.90.1 (HKLM\...\FreeBASIC) (Version: 0.90.1 - http://www.freebasic.net/wiki)
Garmin Express (HKLM\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
HP Deskjet Printer Preload (HKLM\...\{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}) (Version: 10.1.0 - Hewlett-Packard Company)
HP Document Viewer 5.3 (HKLM\...\HP Document Viewer) (Version: 5.3 - HP)
HP Image Zone 5.3 (HKLM\...\HP Photo & Imaging) (Version: 5.3 - HP)
HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
HP Photosmart 330,380,420,470,7800,8000,8200 Series (HKLM\...\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}) (Version: 8.1 - HP)
HP Photosmart Cameras 5.0 (HKLM\...\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}) (Version: 5.0 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP PSC & OfficeJet 5.3.A (HKLM\...\{3E386744-10FA-44b2-98C9-DF7A270DECB3}) (Version:  - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) (Version: 18.3.62.0 - Intel)
InterVideo WinDVD Player (HKLM\...\{3912A629-0020-0005-3757-2FBA74D4DF0A}) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 7.3.0.24657 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.5.34907 - Juniper Networks, Inc.)
LightScribe  1.4.62.1 (Version: 1.4.62.1 - http://www.lightscribe.com) Hidden
LogMeIn (HKLM\...\{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}) (Version: 4.1.1890 - LogMeIn, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C3013E88-B772-4446-A0AE-A7F37180B9F1}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2003 with Business Contact Manager Update (HKLM\...\{BA68600E-96D9-4E92-80F2-26B9681B5A63}) (Version: 2.0.5324.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (HKLM\...\{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}) (Version: 6.5.7651.60 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{689404D2-1C94-44B3-9203-BEC5594FDA7A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MKVtoolnix 4.9.1 (HKLM\...\MKVtoolnix) (Version: 4.9.1 - Moritz Bunkus)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
muvee autoProducer 4.5 (HKLM\...\{E7137AFD-4E43-47A6-BDC7-533808F72B36}) (Version: 4.50.050 - muvee Technologies)
NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
NewCopy_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Palm (HKLM\...\{0C0BF96E-05A1-41CA-8F9B-796904BD3C7A}) (Version: 4.1.0420 - Palm, Inc.)
PanoStandAlone (Version: 53.0.13.000 - Hewlett-Packard) Hidden
PaperVision Document Viewer Controls (HKLM\...\{491C1345-A353-4A71-A824-16991C7B2CC8}) (Version: 74.5.0.16 - Digitech Systems, Inc.)
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.3187.03 - PC-Doctor, Inc.)
PhotoGallery (Version: 53.0.13.000 - Hewlett-Packard) Hidden
PowerChute Personal Edition 3.0.2 (HKLM\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PS8200 (Version: 8.01.0000 - HP) Hidden
PSPrinters08 (Version: 8.01.0000 - HP) Hidden
PSTAPlugin (Version: 8.01.0000 - Hewlett-Packard) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Quicken 2012 (HKLM\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
RandMap (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Readme (Version: 50.0.214.000 - Hewlett-Packard) Hidden
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.304 - SanDisk Corporation)
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SecuritiesPro Series 7 (remove only) (HKCU\...\SecuritiesPro2009L7) (Version:  - )
SkinsHP1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Sound Blaster Audigy 4 (HKLM\...\{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}) (Version: 1.0 - )
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
TaxACT 2010 Nebraska Preparer's - 1040 Edition (HKLM\...\TaxACT 2010 Nebraska Preparer's - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2010 Preparer's - 1040 Edition (HKLM\...\TaxACT 2010 Preparer's - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 Nebraska Preparer's - 1040 Edition (HKLM\...\TaxACT 2011 Nebraska Preparer's - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 Preparer's - 1040 Edition (HKLM\...\TaxACT 2011 Preparer's - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 Iowa Preparer's - 1040 Edition (HKLM\...\TaxACT 2012 Iowa Preparer's - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 Nebraska Preparer's - 1040 Edition (HKLM\...\TaxACT 2012 Nebraska Preparer's - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 Preparer's - 1040 Edition (HKLM\...\TaxACT 2012 Preparer's - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2013 Alabama Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Alabama Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Arizona Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Arizona Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Arkansas Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Arkansas Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Colorado Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Colorado Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Connecticut Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Connecticut Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Delaware Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Delaware Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 District of Columbia Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 District of Columbia Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Georgia Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Georgia Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Hawaii Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Hawaii Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Idaho Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Idaho Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Illinois Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Illinois Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Indiana Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Indiana Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Iowa Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Iowa Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Kansas Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Kansas Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Kentucky Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Kentucky Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Louisiana Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Louisiana Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Maine Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Maine Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Massachusetts Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Massachusetts Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Michigan Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Michigan Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Minnesota Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Minnesota Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Mississippi Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Mississippi Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Missouri Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Missouri Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Montana Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Montana Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Nebraska Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Nebraska Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 New Hampshire Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 New Hampshire Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 New Jersey Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 New Jersey Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 New Mexico Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 New Mexico Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 North Dakota Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 North Dakota Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Oklahoma Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Oklahoma Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Pennsylvania Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Pennsylvania Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Rhode Island Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Rhode Island Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 South Carolina Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 South Carolina Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Tennessee Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Tennessee Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Utah Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Utah Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Vermont Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Vermont Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Virginia Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Virginia Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 West Virginia Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 West Virginia Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Wisconsin Preparer's - 1040 Edition (HKLM\...\TaxACT 2013 Wisconsin Preparer's - 1040 Edition) (Version:  - TaxACT, Inc.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881 - Intuit Inc.) Hidden
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328 - Intuit Inc.) Hidden
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245 - Intuit Inc.) Hidden
TurboTax 2009 wneiper (Version: 009.000.0743 - Intuit Inc.) Hidden
TurboTax 2009 wrapper (Version: 009.000.0145 - Intuit Inc.) Hidden
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wneiper (Version: 010.000.1282 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (Version: 010.000.0157 - Intuit Inc.) Hidden
TValue 5 (HKLM\...\TValue 5) (Version:  - )
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.5.1 - Tweaking.com)
Ulead DVD DiskRecorder 2.1.1 (HKLM\...\{31E1050B-F69F-4A16-8F5A-E44D31901250}) (Version:  - Ulead Systems, Inc.)
Ulead MediaStudio Pro 8.0 (HKLM\...\{A6E71574-2126-4E95-816E-32B2411C94BA}) (Version: 8.0 - Ulead Systems, Inc.)
Ulead MediaStudio Pro 8.0 Smart Compositor Designer (HKLM\...\{3AB11FF4-2841-4852-B682-9DBC872171AC}) (Version: 8.0 - )
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Updates from HP (remove only) (HKLM\...\HPOOVClient-9972322 Uninstaller) (Version:  - )
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Software Development Kit (HKLM\...\{9a2c2c20-17e6-43c4-be07-a3e0c5cea9f7}) (Version: 8.37.0 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinFF 1.4.2 (HKLM\...\WinFF_is1) (Version:  - WinFF.org)
WinHTTrack Website Copier 3.46-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

24-03-2014 01:17:33 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 21:00 - 2014-03-24 19:48 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-02-23 22:50 - 2013-10-17 10:32 - 00019448 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Ne06:.pdf
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\My Documents\Ne06:.pdf

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Intel® Pentium® D CPU 3.00GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel® Pentium® D CPU 3.00GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Wave Audio Mixer
Description: Microsoft Kernel Wave Audio Mixer
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: kmixer
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2014 03:47:02 PM) (Source: Microsoft Fax) (User: )
Description: An attempt to send the fax failed. The line is busy.
This fax will not be sent, because the maximum number of retries has been exhausted.
Sender: Marc T. Bowman.
Billing code: .
Sender company: .
Sender dept: .
Recipient name: Golda Vitamvas.
Recipient number: 1 402 595-2946.
Device name: PCI Data Fax SoftModem with SmartCP #2.

Error: (03/23/2014 11:49:33 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [pev.exe!ws!]

Error: (03/23/2014 07:57:50 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/21/2014 07:49:16 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Failed to start service

Error: (03/21/2014 07:48:31 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Failed to start service

Error: (03/18/2014 11:36:48 PM) (Source: Application Error) (User: )
Description: Fault bucket 122456084.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/18/2014 11:36:30 PM) (Source: Application Error) (User: )
Description: Faulting application mrt.exe, version 5.10.10001.0, faulting module mpengine.dll, version 1.1.10302.0, fault address 0x000c4618.
Processing media-specific event for [mrt.exe!ws!]

Error: (03/18/2014 04:13:54 PM) (Source: Application Error) (User: )
Description: Fault bucket 135361468.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/18/2014 04:13:39 PM) (Source: Application Error) (User: )
Description: Faulting application navw32.exe, version 21.1.0.18, faulting module ccscanw.dll, version 12.11.0.16, fault address 0x0010ce3b.
Processing media-specific event for [navw32.exe!ws!]

Error: (03/18/2014 04:02:41 PM) (Source: Application Error) (User: )
Description: Fault bucket 135346032.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

System errors:
=============
Error: (03/24/2014 09:25:04 PM) (Source: Service Control Manager) (User: )
Description: The Creative Service for CDROM Access service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/24/2014 09:17:45 PM) (Source: Service Control Manager) (User: )
Description: The Creative Service for CDROM Access service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/24/2014 09:17:00 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (03/24/2014 09:17:00 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (03/24/2014 09:02:35 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (03/24/2014 09:02:35 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (03/24/2014 07:59:15 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (03/24/2014 07:59:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (03/24/2014 11:15:44 AM) (Source: System Error) (User: )
Description: Error code 0000009c, parameter1 00000000, parameter2 b833c050, parameter3 b2000000, parameter4 1040080f.

Error: (03/24/2014 10:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (03/24/2014 03:47:02 PM) (Source: Microsoft Fax)(User: )
Description: Marc T. BowmanGolda Vitamvas1 402 595-2946PCI Data Fax SoftModem with SmartCP #2

Error: (03/23/2014 11:49:33 PM) (Source: Application Error)(User: )
Description: pev.exe0.0.0.0pev.exe0.0.0.00008d1c0

Error: (03/23/2014 07:57:50 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1hungapp0.0.0.000000000

Error: (03/21/2014 07:49:16 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Failed to start service

Error: (03/21/2014 07:48:31 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Failed to start service

Error: (03/18/2014 11:36:48 PM) (Source: Application Error)(User: )
Description: 122456084

Error: (03/18/2014 11:36:30 PM) (Source: Application Error)(User: )
Description: mrt.exe5.10.10001.0mpengine.dll1.1.10302.0000c4618

Error: (03/18/2014 04:13:54 PM) (Source: Application Error)(User: )
Description: 135361468

Error: (03/18/2014 04:13:39 PM) (Source: Application Error)(User: )
Description: navw32.exe21.1.0.18ccscanw.dll12.11.0.160010ce3b

Error: (03/18/2014 04:02:41 PM) (Source: Application Error)(User: )
Description: 135346032

==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 2046.41 MB
Available physical RAM: 1530.97 MB
Total Pagefile: 7074.15 MB
Available Pagefile: 6744.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.68 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:363.59 GB) (Free:150.78 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9 GB) (Free:1.86 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 373 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=9 GB) - (Type=0C)
Partition 2: (Active) - (Size=364 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Again thank you for your help. 

 

-mtbow



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:46 AM

Posted 26 March 2014 - 05:15 PM

Hi,

 

Thanks for posting those logs! :thumbup2: Now, let's get to work!

 

Regarding you having ran ComboFix, you should never run this tool unless instructed to by someone trained with it, as it can be a rather harsh cleaner that can cause some problems if used by an inexperienced user without trained supervision. However, since you've already ran it, its log file is still on your computer. Please navigate to C:\, and copy and paste ComboFix.txt into your reply.

 

Also, did you set this proxy yourself? localhost:8080

 

First, I'm going to have you uninstall some programs. Your Java, Reader and Acrobat are outdated, which also means they have many security vulnerabilities fixed in newer versions. However, I must ask, do you use these applications? Even newer versions have a fairly high security risk, so it's best to only have them installed if you absolutely must use them. If you do want to install the new versions of any of them, I will have you do so later in the cleaning process. :) Also, do you know what SecuritiesPro Series 7 is? If not, or if you know and you don't need it, please remove it along with the other programs below.

 

Uninstall Programs
 
I need you to uninstall some programs using either Add or Remove Programs or Revo Uninstaller.
 
If you want to use Add or Remove Programs:

  • Go to Start > Control Panel > Add or Remove Programs.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Acrobat 7.1.0 Professional
    Adobe Reader 7.0

    Java 7 Update 51
    by clicking Change/Remove, and follow the prompts in the uninstaller.

If you have any problems uninstalling a program using Add or Remove Programs, proceed to the below method.
 
If you want to use Revo Uninstaller (which cleans up a bit better):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Acrobat 7.1.0 Professional
    Adobe Reader 7.0
    Java 7 Update 51
  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Next, I'm going to have you clean up a few other things with FRST.

 

Farbar Recovery Scan Tool
 
I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
  • HKLM\...\Policies\Explorer: [NoCDBurning] 0
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
    SearchScopes: HKLM - DefaultScope value is missing.
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
    FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
    FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

Finally, please run another scan with FRST and post the new log. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:46 AM

Posted 30 March 2014 - 03:10 AM

Hi,

 

It's been three days since my last post, so I am bumping the topic just in case you missed my previous post. If you need more time to get back to me, please let me know, because I don't know otherwise.

 

If I still haven't heard from you in two days, this topic will be locked, so please get back to me within two days.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 mtbow

mtbow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 31 March 2014 - 07:38 PM

Gunto-

 

I apologize.  This time of year I use the Acrobat almost everyday.  So I need a replacement to scan to pdf so I have been wrestling with that.  How about I uninstall the reader, java and run the frst fix?  Also at some point I disabled the MS Kernal Wave audio mixer as windbg indicated it was a cause to bsod.  I have been stable on and off the internet since 3/24...but I have no sound.  SecuritiesPro Series 7 is an exam prep software for the Series 7 investment licensing exam.  Kaplan education developed it.  Shortly I'll post logs from removal of reader, java and FRST fix.

 

-mtbow



#7 mtbow

mtbow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 31 March 2014 - 08:12 PM

Gunto-

I did not put in the proxy. I removed reader, java and ran the FRST fix. Here are 2 combofix logs, the FRST fix log and the FRST scan.

ComboFix 14-03-23.01 - HP_Administrator 03/23/2014 20:45:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.MTBNEW\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HP_Administrator.MTBNEW\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\HP_Administrator.MTBNEW\Application Data\inst.exe
c:\documents and settings\HP_Administrator.MTBNEW\g2mdlhlpx.exe
c:\documents and settings\HP_Administrator.MTBNEW\ntuser.tmp
c:\documents and settings\HP_Administrator.MTBNEW\ResourceReader.dll
c:\documents and settings\HP_Administrator.MTBNEW\zlib.dll
c:\hp\bin\cloaker.exe
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\SET11.tmp
c:\windows\UA000071.DLL
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-02-24 to 2014-03-24 )))))))))))))))))))))))))))))))
.
.
2014-03-23 22:49 . 2014-03-24 00:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-23 17:03 . 2014-03-23 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-23 17:03 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-23 16:50 . 2014-03-23 16:50 -------- d-----w- c:\program files\Tweaking.com
2014-03-22 22:08 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-22 22:08 . 2014-03-22 23:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-22 21:43 . 2014-03-22 21:43 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\WebRenderer
2014-03-22 21:43 . 2014-03-22 21:43 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\.webrenderer
2014-03-22 07:13 . 2014-03-22 14:57 -------- d-----w- C:\AdwCleaner
2014-03-21 14:20 . 2014-03-21 14:20 -------- d-----w- c:\program files\HitmanPro
2014-03-21 13:47 . 2014-03-21 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2014-03-19 08:21 . 2014-03-19 08:21 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Local Settings\Application Data\LogMeInIgnition
2014-03-19 05:47 . 2014-03-19 05:47 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\SUPERAntiSpyware.com
2014-03-19 05:47 . 2014-03-19 05:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-03-19 05:47 . 2014-03-19 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-03-17 13:31 . 2009-02-09 12:10 401408 ----a-w- c:\windows\system32\rpcss.dll
2014-03-17 11:40 . 2007-11-16 18:54 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2014-03-17 11:40 . 2007-11-16 18:54 165496 ----a-w- c:\windows\system32\dllcache\e100b325.sys
2014-03-17 04:37 . 2014-03-17 04:37 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\SystemRequirementsLab
2014-03-17 04:18 . 2014-03-17 04:18 -------- d-----w- c:\program files\Belarc
2014-03-17 04:18 . 2013-09-11 00:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2014-03-14 18:47 . 2014-03-17 08:44 -------- d-----w- c:\program files\UPHClean
2014-03-14 04:40 . 2014-03-14 04:40 -------- d-----w- c:\program files\ESET
2014-03-13 13:57 . 2014-03-13 16:05 -------- d-----w- c:\documents and settings\Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 02:44 . 2014-03-13 02:44 47360 ----a-w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\pcouffin.sys
2014-03-13 02:44 . 2014-03-13 02:44 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\Vso
2014-03-13 02:23 . 2014-03-13 02:23 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\Picturenaut
2014-03-12 20:40 . 2005-12-12 22:27 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2014-03-12 20:40 . 2014-03-12 20:40 -------- d-----w- C:\temp
2014-03-12 20:14 . 2002-11-29 21:31 36864 ------w- c:\windows\system32\KmRemove.exe
2014-03-12 14:19 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-12 14:19 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-08 05:19 . 2014-03-22 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-07 01:35 . 2014-03-07 01:35 -------- d-----w- C:\NBRT
2014-03-06 01:12 . 2013-09-12 06:17 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2014-03-06 01:12 . 2013-09-12 06:17 15693600 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-06 01:12 . 2013-09-12 06:17 209184 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-06 01:12 . 2013-09-12 06:17 144160 ----a-w- c:\windows\system32\nvcolor.exe
2014-03-06 01:12 . 2013-09-12 06:17 54272 ----a-w- c:\windows\system32\nvwddi.dll
2014-03-06 01:11 . 2013-09-12 08:42 57344 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-06 01:11 . 2014-03-06 01:11 1114168 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-03-06 01:11 . 2014-03-06 01:11 1114168 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-03-06 01:10 . 2013-06-16 12:38 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-03-06 01:10 . 2013-01-29 08:35 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-03-06 01:10 . 2013-06-16 12:38 128672 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2014-03-06 01:10 . 2013-09-12 08:42 6324224 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-06 01:10 . 2013-09-12 08:42 21372928 ----a-w- c:\windows\system32\nvoglnt.dll
2014-03-06 01:10 . 2013-09-12 08:42 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2014-03-06 01:10 . 2013-09-12 08:42 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2014-03-06 01:06 . 2014-03-06 01:11 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-03-05 20:37 . 2013-09-12 08:42 2794272 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-05 20:37 . 2013-09-12 08:42 2568704 ----a-w- c:\windows\system32\nvapi.dll
2014-03-05 20:37 . 2013-09-12 08:42 7700480 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-05 20:37 . 2013-09-12 08:42 2007328 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-05 20:37 . 2013-09-12 08:42 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-05 18:59 . 2014-03-07 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2014-03-03 20:24 . 2014-03-03 20:24 -------- d-----w- C:\spoolerlogs
2014-03-03 03:42 . 2014-03-07 23:18 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-03 03:24 . 2014-03-03 03:42 -------- d-----w- C:\NVIDIA
2014-03-03 03:06 . 2014-03-03 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2014-02-24 03:50 . 2013-10-17 15:32 19448 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2014-02-24 03:49 . 2014-02-24 22:49 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\TeamViewer
2014-02-24 03:48 . 2013-10-17 15:32 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2014-02-24 03:48 . 2014-02-24 03:48 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 13:20 . 2006-08-16 03:36 1080 ----a-w- c:\windows\AUTOLNCH.REG
2014-03-17 08:34 . 2011-11-30 17:30 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2014-03-04 03:42 . 2014-02-17 01:33 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2014-02-24 11:46 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2004-08-04 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-10 23:46 . 2014-01-10 23:46 30208 ----a-w- c:\windows\system32\PcdControlPanel.cpl
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
1999-01-15 15:51 . 2007-11-29 03:49 266 ------w- c:\program files\internet explorer\plugins\Efile.dll
2009-04-01 03:47 . 2013-12-11 01:03 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-09-12 15693600]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-12 2586912]
"NvMediaCenter"="NvMCTray.dll" [2013-09-12 209184]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\HOTSYNC.EXE -logon [2004-6-9 471040]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2005-5-3 81920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSL"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"NCO"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Twonkyvision\\MusicServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [3/3/2013 12:49 PM 102728]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10/10/2013 5:54 PM 120088]
R2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [1/24/2012 4:21 PM 21880]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/23/2014 5:49 PM 40776]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/22/2014 5:08 PM 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/22/2014 5:08 PM 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/22/2014 5:08 PM 171416]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS --> c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [?]
S3 BWPWPEDCM;BWPWPEDCM;c:\docume~1\HP_ADM~1.MTB\LOCALS~1\Temp\BWPWPEDCM.exe --> c:\docume~1\HP_ADM~1.MTB\LOCALS~1\Temp\BWPWPEDCM.exe [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 2:00 PM 220504]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\HP\Common\HPSupportSolutionsFrameworkService.exe [2/5/2014 3:39 PM 47416]
S3 NEOFLTR_730_24657;Juniper Networks TDI Filter Driver (NEOFLTR_730_24657);c:\windows\system32\drivers\NEOFLTR_730_24657.SYS [11/22/2013 10:21 PM 92264]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/7/2005 7:23 PM 21120]
S3 PORTMON;PORTMON;\??\c:\src\Utility\MS-SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS --> c:\src\Utility\MS-SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS [?]
S3 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2/23/2014 10:48 PM 4915040]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2/23/2014 10:48 PM 25088]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-12 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: target.com\rcam
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-PCDrProfiler - (no file)
c:\documents and settings\Administrator.MTBNEW\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat
c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat
Notify-AtiExtEvent - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-60042410.sys
AddRemove-Educated_Investor's_Guide_to_Mutual_Funds_1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-23 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\HP_ADM~1.MTB\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-256515322-4218147342-709000024-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-256515322-4218147342-709000024-1008\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-256515322-4218147342-709000024-1008)
@Allowed: (Read) (S-1-5-21-256515322-4218147342-709000024-1008)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2014-03-23 20:57:31
ComboFix-quarantined-files.txt 2014-03-24 01:57
.
Pre-Run: 161,680,998,400 bytes free
Post-Run: 162,001,596,416 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - A72EB2D305D3CAD7178AB9F2CDFA57A2
0AC6D996BCE152AED9600E6D6B797E2E


ComboFix 14-03-24.01 - HP_Administrator 03/24/2014 19:35:19.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1517 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.MTBNEW\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.MTBNEW\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.MTBNEW\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\LogMeInRemoteUser\WINDOWS
c:\documents and settings\mtbowman.MTBNEW\WINDOWS
c:\documents and settings\mtbowman\WINDOWS
c:\program files\Common Files\Adaptec Shared\CreatorAPI\cdMP3.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2014-02-25 to 2014-03-25 )))))))))))))))))))))))))))))))
.
.
2014-03-23 22:49 . 2014-03-24 03:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-23 16:50 . 2014-03-23 16:50 -------- d-----w- c:\program files\Tweaking.com
2014-03-22 22:08 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-22 22:08 . 2014-03-22 23:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-22 21:43 . 2014-03-22 21:43 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\WebRenderer
2014-03-22 21:43 . 2014-03-22 21:43 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\.webrenderer
2014-03-22 07:13 . 2014-03-24 05:03 -------- d-----w- C:\AdwCleaner
2014-03-21 14:20 . 2014-03-21 14:20 -------- d-----w- c:\program files\HitmanPro
2014-03-21 13:47 . 2014-03-21 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2014-03-19 08:21 . 2014-03-19 08:21 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Local Settings\Application Data\LogMeInIgnition
2014-03-19 05:47 . 2014-03-19 05:47 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\SUPERAntiSpyware.com
2014-03-19 05:47 . 2014-03-19 05:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-03-19 05:47 . 2014-03-19 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-03-17 13:31 . 2009-02-09 12:10 401408 ----a-w- c:\windows\system32\rpcss.dll
2014-03-17 11:40 . 2007-11-16 18:54 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2014-03-17 11:40 . 2007-11-16 18:54 165496 ----a-w- c:\windows\system32\dllcache\e100b325.sys
2014-03-17 04:37 . 2014-03-17 04:37 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\SystemRequirementsLab
2014-03-17 04:18 . 2014-03-17 04:18 -------- d-----w- c:\program files\Belarc
2014-03-17 04:18 . 2013-09-11 00:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2014-03-14 18:47 . 2014-03-17 08:44 -------- d-----w- c:\program files\UPHClean
2014-03-14 04:40 . 2014-03-14 04:40 -------- d-----w- c:\program files\ESET
2014-03-13 13:57 . 2014-03-13 16:05 -------- d-----w- c:\documents and settings\Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 02:44 . 2014-03-13 02:44 47360 ----a-w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\pcouffin.sys
2014-03-13 02:44 . 2014-03-13 02:44 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\Vso
2014-03-13 02:23 . 2014-03-13 02:23 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\Picturenaut
2014-03-12 20:40 . 2005-12-12 22:27 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2014-03-12 20:40 . 2014-03-12 20:40 -------- d-----w- C:\temp
2014-03-12 20:14 . 2002-11-29 21:31 36864 ------w- c:\windows\system32\KmRemove.exe
2014-03-12 14:19 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-12 14:19 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-08 05:19 . 2014-03-22 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-07 01:35 . 2014-03-07 01:35 -------- d-----w- C:\NBRT
2014-03-06 01:12 . 2013-09-12 06:17 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2014-03-06 01:12 . 2013-09-12 06:17 15693600 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-06 01:12 . 2013-09-12 06:17 209184 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-06 01:12 . 2013-09-12 06:17 144160 ----a-w- c:\windows\system32\nvcolor.exe
2014-03-06 01:12 . 2013-09-12 06:17 54272 ----a-w- c:\windows\system32\nvwddi.dll
2014-03-06 01:11 . 2013-09-12 08:42 57344 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-06 01:11 . 2014-03-06 01:11 1114168 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-03-06 01:11 . 2014-03-06 01:11 1114168 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-03-06 01:10 . 2013-06-16 12:38 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-03-06 01:10 . 2013-01-29 08:35 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-03-06 01:10 . 2013-06-16 12:38 128672 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2014-03-06 01:10 . 2013-09-12 08:42 6324224 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-06 01:10 . 2013-09-12 08:42 21372928 ----a-w- c:\windows\system32\nvoglnt.dll
2014-03-06 01:10 . 2013-09-12 08:42 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2014-03-06 01:10 . 2013-09-12 08:42 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2014-03-06 01:06 . 2014-03-06 01:11 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-03-05 20:37 . 2013-09-12 08:42 2794272 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-05 20:37 . 2013-09-12 08:42 2568704 ----a-w- c:\windows\system32\nvapi.dll
2014-03-05 20:37 . 2013-09-12 08:42 7700480 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-05 20:37 . 2013-09-12 08:42 2007328 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-05 20:37 . 2013-09-12 08:42 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-05 18:59 . 2014-03-07 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2014-03-03 20:24 . 2014-03-03 20:24 -------- d-----w- C:\spoolerlogs
2014-03-03 03:42 . 2014-03-07 23:18 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-03 03:24 . 2014-03-03 03:42 -------- d-----w- C:\NVIDIA
2014-03-03 03:06 . 2014-03-03 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2014-02-24 03:50 . 2013-10-17 15:32 19448 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2014-02-24 03:49 . 2014-02-24 22:49 -------- d-----w- c:\documents and settings\HP_Administrator.MTBNEW\Application Data\TeamViewer
2014-02-24 03:48 . 2013-10-17 15:32 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2014-02-24 03:48 . 2014-02-24 03:48 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 13:20 . 2006-08-16 03:36 1080 ----a-w- c:\windows\AUTOLNCH.REG
2014-03-17 08:34 . 2011-11-30 17:30 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2014-03-04 03:42 . 2014-02-17 01:33 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2014-02-24 11:46 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2004-08-04 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-10 23:46 . 2014-01-10 23:46 30208 ----a-w- c:\windows\system32\PcdControlPanel.cpl
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
1999-01-15 15:51 . 2007-11-29 03:49 266 ------w- c:\program files\internet explorer\plugins\Efile.dll
2009-04-01 03:47 . 2013-12-11 01:03 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-09-12 15693600]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-12 2586912]
"NvMediaCenter"="NvMCTray.dll" [2013-09-12 209184]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\HOTSYNC.EXE -logon [2004-6-9 471040]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2005-5-3 81920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSL"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"NCO"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Twonkyvision\\MusicServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [3/3/2013 12:49 PM 102728]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10/10/2013 5:54 PM 120088]
R2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [1/24/2012 4:21 PM 21880]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/22/2014 5:08 PM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/22/2014 5:08 PM 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/22/2014 5:08 PM 171416]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS --> c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [?]
S3 BWPWPEDCM;BWPWPEDCM;c:\docume~1\HP_ADM~1.MTB\LOCALS~1\Temp\BWPWPEDCM.exe --> c:\docume~1\HP_ADM~1.MTB\LOCALS~1\Temp\BWPWPEDCM.exe [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 2:00 PM 220504]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\HP\Common\HPSupportSolutionsFrameworkService.exe [2/5/2014 3:39 PM 47416]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/23/2014 5:49 PM 40776]
S3 NEOFLTR_730_24657;Juniper Networks TDI Filter Driver (NEOFLTR_730_24657);c:\windows\system32\drivers\NEOFLTR_730_24657.SYS [11/22/2013 10:21 PM 92264]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/7/2005 7:23 PM 21120]
S3 PORTMON;PORTMON;\??\c:\src\Utility\MS-SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS --> c:\src\Utility\MS-SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS [?]
S3 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2/23/2014 10:48 PM 4915040]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2/23/2014 10:48 PM 25088]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-12 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: target.com\rcam
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-24 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-256515322-4218147342-709000024-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-256515322-4218147342-709000024-1008\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-256515322-4218147342-709000024-1008)
@Allowed: (Read) (S-1-5-21-256515322-4218147342-709000024-1008)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2014-03-24 19:51:00
ComboFix-quarantined-files.txt 2014-03-25 00:50
ComboFix2.txt 2014-03-24 04:53
.
Pre-Run: 161,802,248,192 bytes free
Post-Run: 161,887,731,712 bytes free
.
- - End Of File - - CBCA2202CE36F9B0BDF7A2D46BDF7352
0AC6D996BCE152AED9600E6D6B797E2E


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by HP_Administrator at 2014-03-31 19:50:22 Run:1
Running from C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => Value deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled => Moved successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Value deleted successfully.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Key not found.
HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0 => Key deleted successfully.
C:\Program Files\DivX\DivX Content Uploader\npUpload.dll not found.
HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1 => Key deleted successfully.
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ () not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by HP_Administrator (administrator) on MTBNEW on 31-03-2014 19:55:32
Running from C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
(Macrovision Europe Ltd.) C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\temp\Adobelm_Cleanup.0001
(Adobe Systems) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
(Macrovision Europe Ltd.) C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\temp\Adobelm_Cleanup.0001


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15693600 2013-09-12] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-09-12] ()
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [209184 2013-09-12] (NVIDIA Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20ACD5BE778CCE01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.unmc.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll (Microsoft Corporation)
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\WINDOWS\system32\eztoolslib2.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Mozilla\Firefox\Profiles\j6khc6sh.FF 26
FF Homepage: about:home
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://finance.yahoo.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.4.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX® Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-12]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-12]
CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-12]
CHR Extension: (AdBlock) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-16]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njgpiocdhdmnglomggfjkkonjjfahnom [2014-02-07]
CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-03-19]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-12]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
S3 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [73728 2007-08-09] (HP)
S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [67056 2007-01-18] (Ulead Systems, Inc.)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider)
S3 BWPWPEDCM; C:\DOCUME~1\HP_ADM~1.MTB\LOCALS~1\Temp\BWPWPEDCM.exe [X]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [87040 2005-08-22] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [536576 2005-08-22] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [157696 2005-08-22] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [548352 2005-08-22] (Creative Technology Ltd)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [751616 2005-08-22] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [153088 2005-08-22] (Creative Technology Ltd)
R3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [178688 2005-08-22] (Creative Technology Ltd)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-22] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-22] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-22] (HP)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-03-23] (Malwarebytes Corporation)
R0 MxEFUF; C:\WINDOWS\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [31048 2013-04-05] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NEOFLTR_730_24657; C:\WINDOWS\system32\Drivers\NEOFLTR_730_24657.SYS [92264 2013-04-15] (Juniper Networks)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2011-11-29] (PalmSource, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 ATIXPGAA; \??\C:\Program Files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [X]
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1.MTB\LOCALS~1\Temp\catchme.sys [X]
S3 COMMONFX; system32\drivers\COMMONFX.SYS [X]
S3 COMMONFX.SYS; \SystemRoot\System32\drivers\COMMONFX.SYS [X]
S3 CTAUDFX; system32\drivers\CTAUDFX.SYS [X]
S3 CTAUDFX.SYS; \SystemRoot\System32\drivers\CTAUDFX.SYS [X]
S4 ftsata2; \SystemRoot\system32\DRIVERS\ftsata2.sys [X]
S3 PCD5SRVC{085326CB-51A3560A-05010003}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PORTMON; \??\C:\SRC\Utility\MS-SysinternalsSuite\SysinternalsSuite\PORTMSYS.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 09:08 - 2014-03-29 09:09 - 08041116 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ScanTest1.tif
2014-03-29 09:07 - 2014-03-29 09:08 - 08041116 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ScanTest.tif
2014-03-24 21:44 - 2014-03-24 21:44 - 00037696 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Addition.txt
2014-03-24 21:42 - 2014-03-31 19:55 - 00020023 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.txt
2014-03-24 21:42 - 2014-03-31 19:50 - 00000000 ____D () C:\FRST
2014-03-24 21:40 - 2014-03-24 21:40 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.exe
2014-03-24 21:21 - 2014-03-24 21:21 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-03-24 19:51 - 2014-03-24 19:51 - 00018150 _____ () C:\ComboFix.txt
2014-03-24 10:52 - 2014-03-24 10:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-02.dmp
2014-03-24 08:43 - 2014-03-24 08:43 - 00005815 _____ () C:\Documents and Settings\All Users\Documents\pspbrwse.jbf
2014-03-24 08:34 - 2014-03-24 08:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-01.dmp
2014-03-23 20:57 - 2014-03-23 20:57 - 00019464 _____ () C:\ComboFix-01.txt
2014-03-23 20:18 - 2014-03-23 20:18 - 00000000 _RSHD () C:\cmdcons
2014-03-23 20:15 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-23 20:15 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-23 20:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-23 20:15 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-23 20:14 - 2014-03-24 19:51 - 00000000 ____D () C:\Qoobox
2014-03-23 20:14 - 2014-03-23 20:56 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-23 20:13 - 2014-03-23 23:34 - 05192353 ____R (Swearware) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ComboFix.exe
2014-03-23 18:08 - 2014-03-23 18:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-07.dmp
2014-03-23 17:56 - 2014-03-23 17:56 - 00003109 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_175611.txt
2014-03-23 17:49 - 2014-03-23 22:17 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-23 15:50 - 2014-03-23 15:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-06.dmp
2014-03-23 14:47 - 2014-03-23 14:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-05.dmp
2014-03-23 14:35 - 2014-03-23 14:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-04.dmp
2014-03-23 14:24 - 2014-03-23 14:24 - 00003085 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142452.txt
2014-03-23 14:24 - 2014-03-23 14:24 - 00003040 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142423.txt
2014-03-23 14:22 - 2014-03-23 14:22 - 00003006 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142203.txt
2014-03-23 14:20 - 2014-03-23 14:20 - 00002982 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142015.txt
2014-03-23 14:12 - 2014-03-23 14:12 - 00002937 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_141224.txt
2014-03-23 13:32 - 2014-03-23 13:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-03.dmp
2014-03-23 12:56 - 2014-03-23 12:56 - 00070696 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Extras.Txt
2014-03-23 12:55 - 2014-03-23 12:55 - 00143046 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.Txt
2014-03-23 12:45 - 2014-03-23 12:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.exe
2014-03-23 12:29 - 2014-03-23 12:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-02.dmp
2014-03-23 12:21 - 2014-03-23 12:21 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-01.dmp
2014-03-23 11:50 - 2014-03-23 11:50 - 00001823 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-23 08:26 - 2014-03-23 08:26 - 00005628 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal-20140322-2026.txt
2014-03-22 22:30 - 2014-03-22 22:30 - 00005628 _____ () C:\RootRepeal report 03-22-14 (22-30-23).txt
2014-03-22 22:09 - 2014-03-23 08:22 - 00000015 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\settings.dat
2014-03-22 22:08 - 2014-03-22 22:08 - 00472064 _____ ( ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal.exe
2014-03-22 21:57 - 2014-03-22 21:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-03.dmp
2014-03-22 17:08 - 2014-03-24 21:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-22 17:08 - 2014-03-24 21:21 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-22 16:44 - 2014-03-22 16:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\My Documents\Britannica_Content
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\WebRenderer
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\.webrenderer
2014-03-22 15:49 - 2014-03-22 15:49 - 40658208 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\spybot-2.2.exe
2014-03-22 10:50 - 2014-03-22 10:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-02.dmp
2014-03-22 09:54 - 2014-03-22 09:54 - 00002724 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_095429.txt
2014-03-22 02:48 - 2014-03-22 02:48 - 00008112 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro_20140322_0248.log
2014-03-22 02:13 - 2014-03-24 00:03 - 00000000 ____D () C:\AdwCleaner
2014-03-22 02:12 - 2014-03-22 02:12 - 01950720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\AdwCleaner.exe
2014-03-22 01:58 - 2014-03-22 01:53 - 101570328 _____ (Microsoft Corporation) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\msert (1).exe
2014-03-22 01:43 - 2014-03-22 01:43 - 00002691 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_014317.txt
2014-03-22 01:33 - 2014-03-22 01:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-01.dmp
2014-03-21 23:26 - 2014-03-21 23:26 - 00002896 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_232617.txt
2014-03-21 23:10 - 2014-03-21 23:10 - 00002862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_231047.txt
2014-03-21 23:08 - 2014-03-21 23:08 - 00002831 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_230826.txt
2014-03-21 23:07 - 2014-03-21 23:07 - 00002793 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_230736.txt
2014-03-21 22:58 - 2014-03-21 23:01 - 00003395 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_225816.txt
2014-03-21 22:46 - 2014-03-21 22:46 - 00003314 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_224649.txt
2014-03-21 18:12 - 2014-03-21 18:13 - 00000009 ___RH () C:\Autoexec.bat
2014-03-21 11:15 - 2014-03-21 11:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-04.dmp
2014-03-21 10:54 - 2014-03-21 10:54 - 00002849 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_105453.txt
2014-03-21 10:49 - 2014-03-21 10:49 - 00002792 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104949.txt
2014-03-21 10:47 - 2014-03-21 10:47 - 00000882 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_PR_03212014_104728.txt
2014-03-21 10:44 - 2014-03-21 10:44 - 00002906 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104411.txt
2014-03-21 10:42 - 2014-03-22 09:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RK_Quarantine
2014-03-21 10:41 - 2014-03-21 10:41 - 03943424 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RogueKiller.exe
2014-03-21 10:32 - 2014-03-21 10:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-03.dmp
2014-03-21 09:55 - 2014-03-21 09:55 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-02.dmp
2014-03-21 09:20 - 2014-03-21 09:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-21 09:15 - 2014-03-21 09:15 - 00001070 _____ () C:\WINDOWS\system32\.crusader
2014-03-21 08:47 - 2014-03-21 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-03-21 08:47 - 2014-03-21 08:47 - 09988304 _____ (SurfRight B.V.) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro.exe
2014-03-21 08:33 - 2014-03-21 08:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-21 06:30 - 2014-03-21 06:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 06:25 - 2014-03-21 06:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\uSeRiNiT.exe
2014-03-20 14:58 - 2014-03-20 14:58 - 00000756 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\GMER Log-01.log
2014-03-20 12:04 - 2014-03-20 12:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-03.dmp
2014-03-20 09:19 - 2014-03-20 09:19 - 00028621 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\attach.txt
2014-03-20 09:19 - 2014-03-20 09:19 - 00015754 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\dds.txt
2014-03-20 09:06 - 2014-03-20 09:06 - 00789444 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\census.cache
2014-03-20 09:05 - 2014-03-20 09:05 - 00315161 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\ars.cache
2014-03-20 08:31 - 2014-03-20 08:31 - 00000010 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\sponge.last.runtime.cache
2014-03-20 08:24 - 2014-03-20 08:24 - 00000036 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\housecall.guid.cache
2014-03-20 08:22 - 2014-03-20 08:22 - 00000814 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 07:23 - 2014-03-20 07:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-02.dmp
2014-03-20 07:17 - 2014-03-20 07:17 - 00000000 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\defogger_reenable
2014-03-20 07:13 - 2014-03-24 21:28 - 00005862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Rkill.txt
2014-03-20 07:11 - 2014-03-20 07:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-01.dmp
2014-03-19 21:47 - 2014-03-21 06:20 - 00002510 _____ () C:\winzip.log
2014-03-19 21:20 - 2014-03-31 19:54 - 00397621 _____ () C:\WINDOWS\pfirewall.log
2014-03-19 21:20 - 2014-03-30 07:14 - 04194441 _____ () C:\WINDOWS\pfirewall.log.old
2014-03-19 11:25 - 2014-03-19 11:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-16.dmp
2014-03-19 10:58 - 2014-03-19 10:58 - 00000957 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\MS-Autoruns.lnk
2014-03-19 10:54 - 2014-03-19 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-15.dmp
2014-03-19 10:44 - 2014-03-19 10:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-14.dmp
2014-03-19 10:29 - 2014-03-19 10:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-13.dmp
2014-03-19 10:23 - 2014-03-19 10:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-12.dmp
2014-03-19 09:25 - 2014-03-19 09:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-11.dmp
2014-03-19 09:15 - 2006-01-12 17:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-03-19 04:59 - 2014-03-19 04:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-10.dmp
2014-03-19 04:34 - 2014-03-19 04:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-09.dmp
2014-03-19 04:22 - 2014-03-19 04:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-08.dmp
2014-03-19 03:42 - 2014-03-19 03:42 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-07.dmp
2014-03-19 03:30 - 2014-03-19 03:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-06.dmp
2014-03-19 03:26 - 2014-03-19 03:26 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-05.dmp
2014-03-19 03:21 - 2014-03-19 03:21 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\LogMeInIgnition
2014-03-19 03:19 - 2014-03-19 03:19 - 00001024 _____ () C:\.rnd
2014-03-19 03:15 - 2014-03-19 03:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-04.dmp
2014-03-19 02:52 - 2014-03-19 02:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-03.dmp
2014-03-19 02:47 - 2014-03-19 02:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-02.dmp
2014-03-19 02:43 - 2014-03-04 12:10 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140319-024357.backup
2014-03-19 01:49 - 2014-03-19 01:49 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031914-01.dmp
2014-03-19 00:47 - 2014-03-19 00:47 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SUPERAntiSpyware.com
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-03-18 23:50 - 2014-03-02 14:03 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 23:29 - 2014-03-18 23:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-13.dmp
2014-03-18 23:18 - 2014-03-18 23:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-12.dmp
2014-03-18 23:13 - 2014-03-18 23:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-11.dmp
2014-03-18 23:07 - 2014-03-18 23:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-10.dmp
2014-03-18 23:04 - 2014-03-18 23:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-09.dmp
2014-03-18 23:01 - 2014-03-18 23:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-08.dmp
2014-03-18 22:57 - 2014-03-18 22:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-07.dmp
2014-03-18 22:52 - 2014-03-18 22:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-06.dmp
2014-03-18 22:00 - 2014-03-18 22:00 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-05.dmp
2014-03-18 21:34 - 2014-03-18 21:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-04.dmp
2014-03-18 18:58 - 2014-03-18 18:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-03.dmp
2014-03-18 16:39 - 2014-03-18 16:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-02.dmp
2014-03-18 15:16 - 2014-03-18 15:16 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-01.dmp
2014-03-17 17:54 - 2014-03-17 17:54 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-06.dmp
2014-03-17 17:16 - 2014-03-17 17:15 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-05.dmp
2014-03-17 14:06 - 2014-03-17 14:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-04.dmp
2014-03-17 13:34 - 2014-03-17 13:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-03.dmp
2014-03-17 08:31 - 2009-02-09 07:10 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2014-03-17 06:40 - 2007-11-16 13:54 - 00165496 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e100b325.sys
2014-03-17 06:40 - 2007-11-16 13:54 - 00165496 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\e100b325.sys
2014-03-17 04:42 - 2014-03-17 04:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-02.dmp
2014-03-17 01:53 - 2014-03-17 01:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-01.dmp
2014-03-17 01:38 - 2014-03-17 01:38 - 00377329 ____S () C:\WINDOWS\system32\szesmpk.jhe.bak
2014-03-17 01:23 - 2014-03-17 01:23 - 00000181 _____ () C:\WINDOWS\system32\WINS.txt
2014-03-17 01:23 - 2014-03-17 01:23 - 00000126 _____ () C:\WINDOWS\system32\StaticIP.txt
2014-03-16 23:37 - 2014-03-16 23:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SystemRequirementsLab
2014-03-16 23:18 - 2014-03-16 23:18 - 00001778 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00001772 _____ () C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00000000 ____D () C:\Program Files\Belarc
2014-03-16 23:18 - 2013-09-10 19:25 - 00003840 _____ () C:\WINDOWS\system32\Drivers\BANTExt.sys
2014-03-16 22:02 - 2014-03-16 22:02 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031614-01.dmp
2014-03-16 17:21 - 2014-03-16 17:21 - 00000000 _____ () C:\WINDOWS\system32\default_user_class.dat
2014-03-16 13:39 - 2014-03-16 13:39 - 00124327 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Laptop-ServiceList.txt
2014-03-16 13:15 - 2014-03-16 13:19 - 00139889 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\mtbnew-ServiceList2.txt
2014-03-16 12:31 - 2014-03-16 12:29 - 00067720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\LaptopServiceList.txt
2014-03-16 11:58 - 2014-03-16 11:58 - 00046352 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\MTBNEW-ServiceList.txt
2014-03-15 23:45 - 2014-03-15 23:45 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-07.dmp
2014-03-15 23:20 - 2014-03-15 23:19 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-06.dmp
2014-03-15 16:14 - 2014-03-15 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-05.dmp
2014-03-15 16:12 - 2014-03-15 16:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-04.dmp
2014-03-15 08:03 - 2014-03-15 08:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-03.dmp
2014-03-15 07:36 - 2014-03-15 07:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-02.dmp
2014-03-15 06:58 - 2014-03-15 06:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-01.dmp
2014-03-14 13:47 - 2014-03-17 03:44 - 00000000 ____D () C:\Program Files\UPHClean
2014-03-14 13:28 - 2014-03-14 13:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-07.dmp
2014-03-14 13:22 - 2014-03-14 13:22 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-06.dmp
2014-03-14 13:07 - 2014-03-14 13:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-05.dmp
2014-03-14 13:05 - 2014-03-14 13:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-04.dmp
2014-03-14 12:53 - 2014-03-14 12:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-03.dmp
2014-03-14 12:44 - 2014-03-14 12:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-02.dmp
2014-03-14 12:37 - 2014-03-14 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-01.dmp
2014-03-14 07:13 - 2014-03-14 07:13 - 00003552 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats2.txt
2014-03-13 23:40 - 2014-03-13 23:40 - 00000000 ____D () C:\Program Files\ESET
2014-03-13 23:35 - 2014-03-13 23:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-06.dmp
2014-03-13 22:56 - 2014-03-13 22:55 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-05.dmp
2014-03-13 22:17 - 2014-03-13 22:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-04.dmp
2014-03-13 08:57 - 2014-03-13 11:05 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 08:41 - 2014-03-13 08:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-03.dmp
2014-03-13 07:30 - 2014-03-13 07:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-02.dmp
2014-03-13 00:34 - 2014-03-13 00:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-01.dmp
2014-03-12 23:52 - 2014-03-12 23:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-21.dmp
2014-03-12 21:44 - 2014-03-12 21:44 - 00047360 _____ (VSO Software) C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.sys
2014-03-12 21:44 - 2014-03-12 21:44 - 00007887 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.cat
2014-03-12 21:44 - 2014-03-12 21:44 - 00000055 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.log
2014-03-12 21:44 - 2014-03-12 21:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Vso
2014-03-12 21:23 - 2014-03-12 21:23 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Picturenaut
2014-03-12 18:29 - 2014-03-12 18:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-20.dmp
2014-03-12 17:25 - 2014-03-12 17:25 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-19.dmp
2014-03-12 17:15 - 2014-03-12 17:15 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-18.dmp
2014-03-12 17:08 - 2014-03-12 17:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-17.dmp
2014-03-12 17:04 - 2014-03-12 17:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-16.dmp
2014-03-12 16:56 - 2014-03-12 16:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-15.dmp
2014-03-12 16:45 - 2014-03-12 16:45 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-14.dmp
2014-03-12 16:41 - 2014-03-12 16:41 - 00000000 _____ () C:\WINDOWS\Minidump\Mini031214-13.dmp
2014-03-12 16:28 - 2014-03-12 16:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-12.dmp
2014-03-12 16:11 - 2014-03-12 16:11 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-11.dmp
2014-03-12 15:53 - 2014-03-12 15:53 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-10.dmp
2014-03-12 15:40 - 2005-12-12 17:27 - 00019072 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\PS2.sys
2014-03-12 15:14 - 2002-11-29 16:31 - 00036864 ____N () C:\WINDOWS\system32\KmRemove.exe
2014-03-12 14:52 - 2014-03-12 14:52 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-09.dmp
2014-03-12 14:36 - 2014-03-12 14:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-08.dmp
2014-03-12 14:03 - 2014-03-12 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-07.dmp
2014-03-12 13:51 - 2014-03-12 13:51 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-06.dmp
2014-03-12 13:38 - 2014-03-12 13:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-05.dmp
2014-03-12 11:48 - 2014-03-12 11:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-04.dmp
2014-03-12 09:53 - 2014-03-12 09:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-03.dmp
2014-03-12 09:26 - 2014-03-23 21:29 - 00237086 _____ () C:\WINDOWS\setupapi.log
2014-03-12 09:26 - 2014-03-12 09:25 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-02.dmp
2014-03-12 09:23 - 2014-03-12 09:26 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 09:20 - 2014-03-12 09:21 - 00013471 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 09:19 - 2014-03-12 09:20 - 00004907 _____ () C:\WINDOWS\KB2934207.log
2014-03-12 09:19 - 2014-03-12 09:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-12 09:19 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-12 09:19 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-12 08:56 - 2014-03-12 09:20 - 00015220 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 08:56 - 2014-03-12 09:20 - 00013692 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 08:11 - 2014-03-12 08:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-01.dmp
2014-03-08 21:20 - 2014-03-08 21:19 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-08.dmp
2014-03-08 17:40 - 2014-03-08 17:40 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-07.dmp
2014-03-08 17:23 - 2014-03-08 17:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-06.dmp
2014-03-08 16:03 - 2014-03-08 16:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-05.dmp
2014-03-08 15:57 - 2014-03-08 15:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-04.dmp
2014-03-08 15:39 - 2014-03-08 15:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-03.dmp
2014-03-08 14:03 - 2014-03-08 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-02.dmp
2014-03-08 05:15 - 2014-03-08 05:15 - 00000283 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats.txt
2014-03-08 01:15 - 2014-03-08 01:14 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-08 00:40 - 2014-03-08 00:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-09.dmp
2014-03-08 00:19 - 2014-03-21 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-08 00:18 - 2014-03-21 19:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbar
2014-03-08 00:02 - 2014-03-08 00:02 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-08.dmp
2014-03-07 23:20 - 2014-03-07 23:20 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-07.dmp
2014-03-07 20:52 - 2014-03-07 20:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-06.dmp
2014-03-07 20:27 - 2014-03-07 20:27 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-05.dmp
2014-03-07 20:10 - 2014-03-07 20:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-04.dmp
2014-03-07 19:11 - 2014-03-07 19:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-03.dmp
2014-03-07 18:08 - 2014-03-07 18:08 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-02.dmp
2014-03-07 16:56 - 2014-03-07 16:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-01.dmp
2014-03-06 21:44 - 2014-03-06 21:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-02.dmp
2014-03-06 20:35 - 2014-03-06 20:35 - 00000000 ____D () C:\NBRT
2014-03-06 09:01 - 2014-03-06 09:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-01.dmp
2014-03-05 22:21 - 2014-03-05 22:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-08.dmp
2014-03-05 21:36 - 2014-03-05 21:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-07.dmp
2014-03-05 21:10 - 2014-03-05 21:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-06.dmp
2014-03-05 20:12 - 2013-09-12 01:17 - 15693600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-03-05 20:12 - 2013-09-12 01:17 - 00209184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-03-05 20:12 - 2013-09-12 01:17 - 00156960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
2014-03-05 20:12 - 2013-09-12 01:17 - 00144160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcolor.exe
2014-03-05 20:12 - 2013-09-12 01:17 - 00054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwddi.dll
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-03-05 20:11 - 2013-09-12 03:42 - 00057344 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 21372928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglnt.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 06324224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 01049376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3232723.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 00893728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3232723.dll
2014-03-05 20:10 - 2013-09-12 03:42 - 00018300 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-03-05 20:10 - 2013-06-16 07:38 - 00128672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda32.sys
2014-03-05 20:10 - 2013-06-16 07:38 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap32.dll
2014-03-05 20:10 - 2013-01-29 03:35 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103.dll
2014-03-05 20:06 - 2014-03-05 20:11 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-03-05 20:02 - 2014-03-31 19:53 - 00003946 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-05 19:32 - 2014-03-05 19:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-05.dmp
2014-03-05 16:07 - 2014-03-05 16:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-04.dmp
2014-03-05 15:37 - 2013-09-12 03:42 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 07700480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 02794272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 02568704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi.dll
2014-03-05 15:37 - 2013-09-12 03:42 - 02313192 _____ () C:\WINDOWS\system32\nvdata.data
2014-03-05 15:37 - 2013-09-12 03:42 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-03-05 14:48 - 2014-03-05 14:48 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-03.dmp
2014-03-05 14:13 - 2014-03-05 14:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-02.dmp
2014-03-05 13:59 - 2014-03-07 18:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2014-03-05 08:30 - 2014-03-05 08:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-04 22:34 - 2014-03-04 22:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-06.dmp
2014-03-04 12:17 - 2014-03-04 12:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-05.dmp
2014-03-04 12:08 - 2013-04-24 06:24 - 00447138 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140304.backup
2014-03-04 11:47 - 2014-03-04 11:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-04.dmp
2014-03-04 10:47 - 2014-03-04 10:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-03.dmp
2014-03-04 04:36 - 2014-03-04 04:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-02.dmp
2014-03-04 01:51 - 2014-03-04 01:50 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-01.dmp
2014-03-03 22:57 - 2014-03-23 20:18 - 00000310 __RSH () C:\boot.ini
2014-03-03 22:43 - 2014-03-30 07:34 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-03-03 22:43 - 2014-03-30 07:34 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-03-03 22:42 - 2014-03-19 04:11 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.CDF
2014-03-03 22:42 - 2014-03-19 04:11 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.BAK
2014-03-03 19:39 - 2014-03-03 19:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-20.dmp
2014-03-03 19:30 - 2014-03-03 19:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-19.dmp
2014-03-03 18:56 - 2014-03-03 18:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-18.dmp
2014-03-03 16:21 - 2014-03-03 16:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-17.dmp
2014-03-03 16:17 - 2014-03-03 16:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-16.dmp
2014-03-03 16:14 - 2014-03-03 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-15.dmp
2014-03-03 15:58 - 2014-03-03 15:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-14.dmp
2014-03-03 15:32 - 2014-03-03 15:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-13.dmp
2014-03-03 15:12 - 2014-03-03 15:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-12.dmp
2014-03-03 15:10 - 2014-03-03 15:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-11.dmp
2014-03-03 15:01 - 2014-03-03 15:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-10.dmp
2014-03-03 12:37 - 2014-03-03 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-09.dmp
2014-03-03 12:23 - 2014-03-03 12:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-08.dmp
2014-03-03 12:18 - 2014-03-03 12:18 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-07.dmp
2014-03-03 12:09 - 2014-03-03 12:08 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-06.dmp
2014-03-03 11:31 - 2014-03-03 11:31 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-05.dmp
2014-03-03 03:05 - 2014-03-03 03:05 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-04.dmp
2014-03-03 01:37 - 2014-03-03 01:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-03.dmp
2014-03-03 01:28 - 2014-03-03 01:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 01:23 - 2014-03-03 01:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-03 00:44 - 2014-03-03 00:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-06.dmp
2014-03-03 00:36 - 2014-03-03 00:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-05.dmp
2014-03-03 00:24 - 2014-03-03 00:24 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-04.dmp
2014-03-03 00:21 - 2014-03-03 00:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-03.dmp
2014-03-03 00:12 - 2014-03-03 00:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-02.dmp
2014-03-02 22:42 - 2014-03-07 18:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-02 22:32 - 2014-03-02 22:32 - 00018638 _____ () C:\WINDOWS\system32\CCCInstall_201403022132137187.log
2014-03-02 22:24 - 2014-03-02 22:42 - 00000000 ____D () C:\NVIDIA
2014-03-02 22:06 - 2014-03-02 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA
2014-03-02 17:16 - 2014-03-02 17:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-31 19:55 - 2014-03-24 21:42 - 00020023 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.txt
2014-03-31 19:54 - 2014-03-19 21:20 - 00397621 _____ () C:\WINDOWS\pfirewall.log
2014-03-31 19:53 - 2014-03-05 20:02 - 00003946 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-31 19:50 - 2014-03-24 21:42 - 00000000 ____D () C:\FRST
2014-03-31 19:45 - 2006-02-28 20:20 - 00000000 ____D () C:\Program Files\Java
2014-03-31 19:45 - 2006-02-28 20:20 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-31 19:45 - 2005-07-02 05:21 - 01302733 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-31 07:23 - 2012-03-07 21:45 - 00000084 _____ () C:\WINDOWS\TaxACT11.ini
2014-03-31 07:20 - 2013-01-29 22:36 - 00000084 _____ () C:\WINDOWS\TaxACT12.ini
2014-03-31 05:55 - 2011-11-30 01:26 - 00000098 _____ () C:\WINDOWS\10-key.ini
2014-03-30 17:56 - 2004-11-13 05:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-30 17:56 - 2004-11-13 05:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-30 08:39 - 2014-01-08 23:54 - 00000084 _____ () C:\WINDOWS\TaxACT13.ini
2014-03-30 07:35 - 2005-07-02 05:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-30 07:35 - 2005-07-02 05:11 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-30 07:34 - 2014-03-03 22:43 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-03-30 07:34 - 2014-03-03 22:43 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-03-30 07:33 - 2012-01-30 03:05 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-03-30 07:33 - 2011-10-30 20:26 - 00000278 ___SH () C:\Documents and Settings\HP_Administrator.MTBNEW\ntuser.ini
2014-03-30 07:33 - 2005-07-02 05:21 - 00032414 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-30 07:14 - 2014-03-19 21:20 - 04194441 _____ () C:\WINDOWS\pfirewall.log.old
2014-03-29 09:11 - 2006-08-16 00:48 - 00000000 ____D () C:\Program Files\Paint Shop Pro 6
2014-03-29 09:09 - 2014-03-29 09:08 - 08041116 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ScanTest1.tif
2014-03-29 09:08 - 2014-03-29 09:07 - 08041116 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ScanTest.tif
2014-03-29 09:00 - 2006-08-15 22:36 - 00001080 _____ () C:\WINDOWS\AUTOLNCH.REG
2014-03-27 07:58 - 2011-11-30 01:29 - 00001413 _____ () C:\WINDOWS\system32\msxkwn.vxp
2014-03-25 22:42 - 2013-03-05 08:20 - 00002353 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2014-03-25 21:21 - 2008-09-24 23:26 - 00000000 ____D () C:\Program Files\NetworkView
2014-03-24 21:44 - 2014-03-24 21:44 - 00037696 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Addition.txt
2014-03-24 21:40 - 2014-03-24 21:40 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\FRST.exe
2014-03-24 21:28 - 2014-03-20 07:13 - 00005862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Rkill.txt
2014-03-24 21:23 - 2014-03-22 17:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-24 21:21 - 2014-03-24 21:21 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-03-24 21:21 - 2014-03-22 17:08 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-24 19:51 - 2014-03-24 19:51 - 00018150 _____ () C:\ComboFix.txt
2014-03-24 19:51 - 2014-03-23 20:14 - 00000000 ____D () C:\Qoobox
2014-03-24 19:48 - 2004-11-13 05:42 - 00000365 _____ () C:\WINDOWS\system.ini
2014-03-24 19:47 - 2012-10-12 01:30 - 00000000 ____D () C:\Documents and Settings\mtbowman.MTBNEW
2014-03-24 19:47 - 2012-08-10 07:01 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW
2014-03-24 19:47 - 2011-10-30 20:26 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW
2014-03-24 19:47 - 2008-11-30 10:44 - 00000000 ____D () C:\Documents and Settings\mtbowman
2014-03-24 19:47 - 2006-03-06 01:20 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
2014-03-24 19:30 - 2006-02-28 20:39 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-03-24 13:37 - 2012-11-23 00:39 - 00000000 ____D () C:\Program Files\Debugging Tools for Windows (x86)
2014-03-24 10:52 - 2014-03-24 10:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-02.dmp
2014-03-24 10:52 - 2007-09-18 05:30 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-24 08:43 - 2014-03-24 08:43 - 00005815 _____ () C:\Documents and Settings\All Users\Documents\pspbrwse.jbf
2014-03-24 08:38 - 2008-12-13 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\GloriaBoysPhotos
2014-03-24 08:34 - 2014-03-24 08:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032414-01.dmp
2014-03-24 00:03 - 2014-03-22 02:13 - 00000000 ____D () C:\AdwCleaner
2014-03-23 23:34 - 2014-03-23 20:13 - 05192353 ____R (Swearware) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\ComboFix.exe
2014-03-23 22:17 - 2014-03-23 17:49 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-23 21:29 - 2014-03-12 09:26 - 00237086 _____ () C:\WINDOWS\setupapi.log
2014-03-23 20:57 - 2014-03-23 20:57 - 00019464 _____ () C:\ComboFix-01.txt
2014-03-23 20:57 - 2006-02-28 20:14 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-23 20:56 - 2014-03-23 20:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-23 20:18 - 2014-03-23 20:18 - 00000000 _RSHD () C:\cmdcons
2014-03-23 20:18 - 2014-03-03 22:57 - 00000310 __RSH () C:\boot.ini
2014-03-23 20:17 - 2005-07-15 12:14 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-23 18:08 - 2014-03-23 18:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-07.dmp
2014-03-23 17:56 - 2014-03-23 17:56 - 00003109 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_175611.txt
2014-03-23 15:50 - 2014-03-23 15:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-06.dmp
2014-03-23 14:47 - 2014-03-23 14:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-05.dmp
2014-03-23 14:35 - 2014-03-23 14:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-04.dmp
2014-03-23 14:24 - 2014-03-23 14:24 - 00003085 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142452.txt
2014-03-23 14:24 - 2014-03-23 14:24 - 00003040 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142423.txt
2014-03-23 14:22 - 2014-03-23 14:22 - 00003006 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_142203.txt
2014-03-23 14:20 - 2014-03-23 14:20 - 00002982 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03232014_142015.txt
2014-03-23 14:12 - 2014-03-23 14:12 - 00002937 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03232014_141224.txt
2014-03-23 13:32 - 2014-03-23 13:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-03.dmp
2014-03-23 12:56 - 2014-03-23 12:56 - 00070696 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Extras.Txt
2014-03-23 12:55 - 2014-03-23 12:55 - 00143046 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.Txt
2014-03-23 12:45 - 2014-03-23 12:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\OTL.exe
2014-03-23 12:29 - 2014-03-23 12:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-02.dmp
2014-03-23 12:21 - 2014-03-23 12:21 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032314-01.dmp
2014-03-23 11:50 - 2014-03-23 11:50 - 00001823 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-23 11:50 - 2014-03-23 11:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-23 08:26 - 2014-03-23 08:26 - 00005628 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal-20140322-2026.txt
2014-03-23 08:22 - 2014-03-22 22:09 - 00000015 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\settings.dat
2014-03-22 22:30 - 2014-03-22 22:30 - 00005628 _____ () C:\RootRepeal report 03-22-14 (22-30-23).txt
2014-03-22 22:08 - 2014-03-22 22:08 - 00472064 _____ ( ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RootRepeal.exe
2014-03-22 21:57 - 2014-03-22 21:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-03.dmp
2014-03-22 18:05 - 2007-01-13 06:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-22 17:03 - 2011-12-05 10:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\vlc
2014-03-22 16:54 - 2010-02-23 10:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-99-Miscellaneous
2014-03-22 16:44 - 2014-03-22 16:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\My Documents\Britannica_Content
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\WebRenderer
2014-03-22 16:43 - 2014-03-22 16:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\.webrenderer
2014-03-22 16:35 - 2013-08-29 20:59 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\AnvSoft
2014-03-22 16:35 - 2013-08-29 20:58 - 00000000 ____D () C:\Program Files\AnvSoft
2014-03-22 16:26 - 2011-11-06 09:29 - 00141824 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-22 15:49 - 2014-03-22 15:49 - 40658208 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\spybot-2.2.exe
2014-03-22 10:50 - 2014-03-22 10:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-02.dmp
2014-03-22 09:54 - 2014-03-22 09:54 - 00002724 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_095429.txt
2014-03-22 09:52 - 2014-03-21 10:42 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RK_Quarantine
2014-03-22 02:48 - 2014-03-22 02:48 - 00008112 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro_20140322_0248.log
2014-03-22 02:12 - 2014-03-22 02:12 - 01950720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\AdwCleaner.exe
2014-03-22 01:53 - 2014-03-22 01:58 - 101570328 _____ (Microsoft Corporation) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\msert (1).exe
2014-03-22 01:43 - 2014-03-22 01:43 - 00002691 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03222014_014317.txt
2014-03-22 01:33 - 2014-03-22 01:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032214-01.dmp
2014-03-21 23:26 - 2014-03-21 23:26 - 00002896 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_232617.txt
2014-03-21 23:10 - 2014-03-21 23:10 - 00002862 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_231047.txt
2014-03-21 23:08 - 2014-03-21 23:08 - 00002831 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_230826.txt
2014-03-21 23:07 - 2014-03-21 23:07 - 00002793 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_230736.txt
2014-03-21 23:01 - 2014-03-21 22:58 - 00003395 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_225816.txt
2014-03-21 22:46 - 2014-03-21 22:46 - 00003314 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_224649.txt
2014-03-21 19:43 - 2014-03-08 00:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-21 19:43 - 2014-03-08 00:18 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbar
2014-03-21 18:13 - 2014-03-21 18:12 - 00000009 ___RH () C:\Autoexec.bat
2014-03-21 11:15 - 2014-03-21 11:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-04.dmp
2014-03-21 10:54 - 2014-03-21 10:54 - 00002849 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_D_03212014_105453.txt
2014-03-21 10:49 - 2014-03-21 10:49 - 00002792 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104949.txt
2014-03-21 10:47 - 2014-03-21 10:47 - 00000882 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_PR_03212014_104728.txt
2014-03-21 10:44 - 2014-03-21 10:44 - 00002906 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RKreport[0]_S_03212014_104411.txt
2014-03-21 10:41 - 2014-03-21 10:41 - 03943424 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RogueKiller.exe
2014-03-21 10:32 - 2014-03-21 10:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-03.dmp
2014-03-21 09:55 - 2014-03-21 09:55 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-02.dmp
2014-03-21 09:20 - 2014-03-21 09:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-21 09:15 - 2014-03-21 09:15 - 00001070 _____ () C:\WINDOWS\system32\.crusader
2014-03-21 09:15 - 2014-03-21 08:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-03-21 09:15 - 2006-05-02 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\StartupStop
2014-03-21 08:47 - 2014-03-21 08:47 - 09988304 _____ (SurfRight B.V.) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\HitmanPro.exe
2014-03-21 08:33 - 2014-03-21 08:33 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-21 08:33 - 2008-02-24 06:13 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-21 06:31 - 2014-03-21 06:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 06:25 - 2014-03-21 06:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\uSeRiNiT.exe
2014-03-21 06:22 - 2004-11-13 13:51 - 00000915 _____ () C:\WINDOWS\win.ini
2014-03-21 06:20 - 2014-03-19 21:47 - 00002510 _____ () C:\winzip.log
2014-03-20 14:58 - 2014-03-20 14:58 - 00000756 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\GMER Log-01.log
2014-03-20 12:03 - 2014-03-20 12:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-03.dmp
2014-03-20 09:25 - 2006-03-06 01:54 - 00000265 _____ () C:\Boot.bak
2014-03-20 09:19 - 2014-03-20 09:19 - 00028621 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\attach.txt
2014-03-20 09:19 - 2014-03-20 09:19 - 00015754 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\dds.txt
2014-03-20 09:09 - 2010-02-23 10:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-71-Utilities
2014-03-20 09:06 - 2014-03-20 09:06 - 00789444 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\census.cache
2014-03-20 09:05 - 2014-03-20 09:05 - 00315161 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\ars.cache
2014-03-20 08:31 - 2014-03-20 08:31 - 00000010 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\sponge.last.runtime.cache
2014-03-20 08:24 - 2014-03-20 08:24 - 00000036 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\housecall.guid.cache
2014-03-20 08:22 - 2014-03-20 08:22 - 00000814 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 08:22 - 2005-07-02 05:12 - 00632308 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-20 08:22 - 2004-11-13 13:54 - 00840989 _____ () C:\WINDOWS\tsoc.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00602082 _____ () C:\WINDOWS\comsetup.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00372441 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00136149 _____ () C:\WINDOWS\iis6.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00099646 _____ () C:\WINDOWS\ocmsn.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00087597 _____ () C:\WINDOWS\tabletoc.log
2014-03-20 08:22 - 2004-11-13 13:54 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-03-20 08:22 - 2004-11-13 13:49 - 01791052 _____ () C:\WINDOWS\FaxSetup.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00929945 _____ () C:\WINDOWS\ocgen.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00313271 _____ () C:\WINDOWS\netfxocm.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00127120 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-20 08:22 - 2004-11-13 13:49 - 00091340 _____ () C:\WINDOWS\msgsocm.log
2014-03-20 08:22 - 2004-11-13 13:48 - 00587978 _____ () C:\WINDOWS\msmqinst.log
2014-03-20 07:23 - 2014-03-20 07:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-02.dmp
2014-03-20 07:17 - 2014-03-20 07:17 - 00000000 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\defogger_reenable
2014-03-20 07:11 - 2014-03-20 07:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032014-01.dmp
2014-03-19 11:25 - 2014-03-19 11:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-16.dmp
2014-03-19 10:58 - 2014-03-19 10:58 - 00000957 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\MS-Autoruns.lnk
2014-03-19 10:54 - 2014-03-19 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-15.dmp
2014-03-19 10:44 - 2014-03-19 10:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-14.dmp
2014-03-19 10:29 - 2014-03-19 10:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-13.dmp
2014-03-19 10:23 - 2014-03-19 10:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-12.dmp
2014-03-19 10:16 - 2006-10-01 00:25 - 00000000 ____D () C:\Program Files\DivX
2014-03-19 10:13 - 2007-04-10 21:16 - 00000000 ____D () C:\Program Files\Citrix
2014-03-19 10:12 - 2010-02-23 10:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Multimedia-Video
2014-03-19 10:11 - 2004-11-13 13:54 - 00004566 _____ () C:\WINDOWS\imsins.BAK
2014-03-19 09:32 - 2010-02-23 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-05-Browsers
2014-03-19 09:25 - 2014-03-19 09:25 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-11.dmp
2014-03-19 09:15 - 2012-03-03 09:33 - 00000000 ____D () C:\Program Files\Intel
2014-03-19 04:58 - 2014-03-19 04:59 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-10.dmp
2014-03-19 04:35 - 2012-08-10 07:01 - 00000178 ___SH () C:\Documents and Settings\Administrator.MTBNEW\ntuser.ini
2014-03-19 04:33 - 2014-03-19 04:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-09.dmp
2014-03-19 04:22 - 2014-03-19 04:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-08.dmp
2014-03-19 04:11 - 2014-03-03 22:42 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.CDF
2014-03-19 04:11 - 2014-03-03 22:42 - 04958726 _____ () C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10221102}.BAK
2014-03-19 04:11 - 2006-03-06 01:08 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2014-03-19 04:04 - 2012-12-27 00:53 - 00018200 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\reset.log
2014-03-19 03:56 - 2009-12-23 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-03-19 03:50 - 2011-11-01 12:14 - 00057269 _____ () C:\WINDOWS\spupdsvc.log
2014-03-19 03:48 - 2011-11-13 13:52 - 00022265 _____ () C:\WINDOWS\KB956572.log
2014-03-19 03:48 - 2006-02-28 20:26 - 00248739 _____ () C:\WINDOWS\updspapi.log
2014-03-19 03:42 - 2014-03-19 03:42 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-07.dmp
2014-03-19 03:30 - 2014-03-19 03:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-06.dmp
2014-03-19 03:26 - 2014-03-19 03:26 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-05.dmp
2014-03-19 03:21 - 2014-03-19 03:21 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\LogMeInIgnition
2014-03-19 03:19 - 2014-03-19 03:19 - 00001024 _____ () C:\.rnd
2014-03-19 03:15 - 2014-03-19 03:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-04.dmp
2014-03-19 03:07 - 2013-01-13 18:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-03-19 02:52 - 2014-03-19 02:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-03.dmp
2014-03-19 02:50 - 2006-02-28 21:18 - 00000000 ____D () C:\Program Files\Google
2014-03-19 02:47 - 2014-03-19 02:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031914-02.dmp
2014-03-19 02:35 - 2006-02-28 20:40 - 00003320 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-03-19 02:32 - 2013-05-15 15:48 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\Citrix
2014-03-19 01:49 - 2014-03-19 01:49 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031914-01.dmp
2014-03-19 00:47 - 2014-03-19 00:47 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SUPERAntiSpyware.com
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-03-19 00:47 - 2014-03-19 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-03-18 23:29 - 2014-03-18 23:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-13.dmp
2014-03-18 23:17 - 2014-03-18 23:18 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-12.dmp
2014-03-18 23:13 - 2014-03-18 23:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-11.dmp
2014-03-18 23:07 - 2014-03-18 23:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-10.dmp
2014-03-18 23:04 - 2014-03-18 23:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-09.dmp
2014-03-18 23:01 - 2014-03-18 23:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-08.dmp
2014-03-18 22:57 - 2014-03-18 22:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-07.dmp
2014-03-18 22:52 - 2014-03-18 22:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-06.dmp
2014-03-18 22:00 - 2014-03-18 22:00 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-05.dmp
2014-03-18 21:34 - 2014-03-18 21:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031814-04.dmp
2014-03-18 18:58 - 2014-03-18 18:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-03.dmp
2014-03-18 18:17 - 2011-12-28 08:24 - 00002644 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-18 16:39 - 2014-03-18 16:39 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-02.dmp
2014-03-18 15:16 - 2014-03-18 15:16 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031814-01.dmp
2014-03-17 17:54 - 2014-03-17 17:54 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-06.dmp
2014-03-17 17:15 - 2014-03-17 17:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-05.dmp
2014-03-17 15:38 - 2005-07-15 12:14 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-03-17 15:24 - 2011-11-01 10:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\U3
2014-03-17 14:15 - 2004-11-13 13:54 - 02021613 _____ () C:\WINDOWS\iis6.BAK
2014-03-17 14:06 - 2014-03-17 14:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-04.dmp
2014-03-17 13:34 - 2014-03-17 13:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-03.dmp
2014-03-17 06:27 - 2005-07-15 12:01 - 00000000 ____D () C:\WINDOWS\security
2014-03-17 06:26 - 2008-05-30 06:51 - 00000000 ____D () C:\WINDOWS\pss
2014-03-17 04:41 - 2014-03-17 04:42 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031714-02.dmp
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\WindowsShell.Manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\wuaucpl.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\sapi.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\nwc.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\ncpa.cpl.manifest
2014-03-17 04:38 - 2004-11-13 13:50 - 00000749 ___RH () C:\WINDOWS\system32\cdplayer.exe.manifest
2014-03-17 04:07 - 2011-12-18 12:13 - 00045056 ___SH () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\Thumbs.db
2014-03-17 03:44 - 2014-03-14 13:47 - 00000000 ____D () C:\Program Files\UPHClean
2014-03-17 03:44 - 2009-10-24 13:33 - 00000000 ____D () C:\Program Files\Palm
2014-03-17 03:44 - 2006-02-28 21:12 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows
2014-03-17 03:44 - 2005-07-15 12:02 - 00000000 ____D () C:\WINDOWS\system
2014-03-17 03:34 - 2011-11-30 12:30 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll.000.bak
2014-03-17 03:29 - 2004-11-13 13:54 - 00419840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 01:52 - 2014-03-17 01:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031714-01.dmp
2014-03-17 01:38 - 2014-03-17 01:38 - 00377329 ____S () C:\WINDOWS\system32\szesmpk.jhe.bak
2014-03-17 01:23 - 2014-03-17 01:23 - 00000181 _____ () C:\WINDOWS\system32\WINS.txt
2014-03-17 01:23 - 2014-03-17 01:23 - 00000126 _____ () C:\WINDOWS\system32\StaticIP.txt
2014-03-17 01:23 - 2012-11-20 20:01 - 00002730 _____ () C:\WINDOWS\system32\WmiConf.txt
2014-03-16 23:39 - 2013-08-15 18:08 - 00001100 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-03-16 23:37 - 2014-03-16 23:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\SystemRequirementsLab
2014-03-16 23:18 - 2014-03-16 23:18 - 00001778 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00001772 _____ () C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
2014-03-16 23:18 - 2014-03-16 23:18 - 00000000 ____D () C:\Program Files\Belarc
2014-03-16 22:22 - 2005-07-15 11:47 - 00000000 ____D () C:\WINDOWS\Help
2014-03-16 22:02 - 2014-03-16 22:02 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031614-01.dmp
2014-03-16 17:21 - 2014-03-16 17:21 - 00000000 _____ () C:\WINDOWS\system32\default_user_class.dat
2014-03-16 13:39 - 2014-03-16 13:39 - 00124327 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Laptop-ServiceList.txt
2014-03-16 13:19 - 2014-03-16 13:15 - 00139889 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\mtbnew-ServiceList2.txt
2014-03-16 12:29 - 2014-03-16 12:31 - 00067720 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\LaptopServiceList.txt
2014-03-16 11:58 - 2014-03-16 11:58 - 00046352 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\MTBNEW-ServiceList.txt
2014-03-16 09:15 - 2005-07-15 12:01 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-15 23:45 - 2014-03-15 23:45 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-07.dmp
2014-03-15 23:19 - 2014-03-15 23:20 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-06.dmp
2014-03-15 16:23 - 2006-02-28 20:39 - 00065536 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-03-15 16:14 - 2014-03-15 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-05.dmp
2014-03-15 16:12 - 2014-03-15 16:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-04.dmp
2014-03-15 09:02 - 2011-07-31 15:38 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\AllUsersShortcuts
2014-03-15 08:03 - 2014-03-15 08:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-03.dmp
2014-03-15 07:36 - 2014-03-15 07:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-02.dmp
2014-03-15 06:58 - 2014-03-15 06:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031514-01.dmp
2014-03-14 13:33 - 2006-02-28 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
2014-03-14 13:28 - 2014-03-14 13:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-07.dmp
2014-03-14 13:22 - 2014-03-14 13:22 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-06.dmp
2014-03-14 13:07 - 2014-03-14 13:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-05.dmp
2014-03-14 13:04 - 2014-03-14 13:05 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-04.dmp
2014-03-14 12:53 - 2014-03-14 12:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-03.dmp
2014-03-14 12:44 - 2014-03-14 12:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-02.dmp
2014-03-14 12:37 - 2014-03-14 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031414-01.dmp
2014-03-14 07:13 - 2014-03-14 07:13 - 00003552 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats2.txt
2014-03-13 23:40 - 2014-03-13 23:40 - 00000000 ____D () C:\Program Files\ESET
2014-03-13 23:35 - 2014-03-13 23:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-06.dmp
2014-03-13 22:55 - 2014-03-13 22:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-05.dmp
2014-03-13 22:17 - 2014-03-13 22:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-04.dmp
2014-03-13 15:03 - 2012-01-30 04:10 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 11:05 - 2014-03-13 08:57 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW\Local Settings\Application Data\NPE
2014-03-13 08:40 - 2014-03-13 08:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-03.dmp
2014-03-13 07:29 - 2014-03-13 07:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031314-02.dmp
2014-03-13 00:33 - 2014-03-13 00:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031314-01.dmp
2014-03-12 23:51 - 2014-03-12 23:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-21.dmp
2014-03-12 22:13 - 2006-02-28 20:56 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-03-12 22:13 - 2006-02-28 20:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-12 21:44 - 2014-03-12 21:44 - 00047360 _____ (VSO Software) C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.sys
2014-03-12 21:44 - 2014-03-12 21:44 - 00007887 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.cat
2014-03-12 21:44 - 2014-03-12 21:44 - 00000055 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\pcouffin.log
2014-03-12 21:44 - 2014-03-12 21:44 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Vso
2014-03-12 21:33 - 2008-01-18 22:45 - 00000000 ____D () C:\SRC
2014-03-12 21:23 - 2014-03-12 21:23 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Application Data\Picturenaut
2014-03-12 18:29 - 2014-03-12 18:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini031214-20.dmp
2014-03-12 17:25 - 2014-03-12 17:25 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-19.dmp
2014-03-12 17:15 - 2014-03-12 17:15 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-18.dmp
2014-03-12 17:08 - 2014-03-12 17:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-17.dmp
2014-03-12 17:07 - 2014-01-02 16:55 - 00000000 ____D () C:\WINDOWS\FullMemDump
2014-03-12 17:04 - 2014-03-12 17:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-16.dmp
2014-03-12 16:56 - 2014-03-12 16:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-15.dmp
2014-03-12 16:45 - 2014-03-12 16:45 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-14.dmp
2014-03-12 16:41 - 2014-03-12 16:41 - 00000000 _____ () C:\WINDOWS\Minidump\Mini031214-13.dmp
2014-03-12 16:28 - 2014-03-12 16:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-12.dmp
2014-03-12 16:11 - 2014-03-12 16:11 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-11.dmp
2014-03-12 15:53 - 2014-03-12 15:53 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-10.dmp
2014-03-12 15:43 - 2004-11-13 13:54 - 00228507 _____ () C:\WINDOWS\setupact.log
2014-03-12 15:40 - 2005-07-15 11:44 - 00000000 ____D () C:\hp
2014-03-12 15:09 - 2010-02-23 11:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Apps-95-Hardware
2014-03-12 14:52 - 2014-03-12 14:52 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-09.dmp
2014-03-12 14:36 - 2014-03-12 14:36 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031214-08.dmp
2014-03-12 14:03 - 2014-03-12 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-07.dmp
2014-03-12 13:51 - 2014-03-12 13:51 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-06.dmp
2014-03-12 13:37 - 2014-03-12 13:38 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-05.dmp
2014-03-12 11:47 - 2014-03-12 11:48 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-04.dmp
2014-03-12 11:40 - 2010-12-14 21:29 - 00057344 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\My Documents\CashFlowPlan.xls
2014-03-12 09:53 - 2014-03-12 09:53 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-03.dmp
2014-03-12 09:53 - 2008-02-28 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 09:49 - 2013-09-29 04:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-12 09:48 - 2010-06-04 03:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-12 09:26 - 2014-03-12 09:23 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 09:25 - 2014-03-12 09:26 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-02.dmp
2014-03-12 09:21 - 2014-03-12 09:20 - 00013471 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 09:20 - 2014-03-12 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 09:20 - 2014-03-12 09:19 - 00004907 _____ () C:\WINDOWS\KB2934207.log
2014-03-12 09:20 - 2014-03-12 08:56 - 00015220 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 09:20 - 2014-03-12 08:56 - 00013692 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 09:19 - 2014-03-12 09:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-12 08:24 - 2013-11-19 03:51 - 01166432 _____ () C:\WINDOWS\setupapi.log.4.old
2014-03-12 08:11 - 2014-03-12 08:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini031214-01.dmp
2014-03-10 22:47 - 2012-08-10 07:01 - 00000000 ____D () C:\Documents and Settings\Administrator.MTBNEW\Local Settings\Application Data\Google
2014-03-10 22:36 - 2006-04-02 17:32 - 00000000 ____D () C:\Data
2014-03-10 11:13 - 2008-01-09 23:06 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\My Documents\WorkFiles
2014-03-08 21:19 - 2014-03-08 21:20 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-08.dmp
2014-03-08 17:40 - 2014-03-08 17:40 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-07.dmp
2014-03-08 17:23 - 2014-03-08 17:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-06.dmp
2014-03-08 16:03 - 2014-03-08 16:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-05.dmp
2014-03-08 15:57 - 2014-03-08 15:57 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-04.dmp
2014-03-08 15:39 - 2014-03-08 15:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-03.dmp
2014-03-08 14:03 - 2014-03-08 14:03 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030814-02.dmp
2014-03-08 05:15 - 2014-03-08 05:15 - 00000283 _____ () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\eset threats.txt
2014-03-08 01:27 - 2014-01-24 02:44 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-03-08 01:27 - 2010-02-23 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Multimedia-Audio
2014-03-08 01:14 - 2014-03-08 01:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-08 00:40 - 2014-03-08 00:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-09.dmp
2014-03-08 00:02 - 2014-03-08 00:02 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-08.dmp
2014-03-07 23:38 - 2011-11-06 09:18 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.MTBNEW\Desktop\RegistryEditFiles
2014-03-07 23:20 - 2014-03-07 23:20 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030714-07.dmp
2014-03-07 20:52 - 2014-03-07 20:52 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-06.dmp
2014-03-07 20:27 - 2014-03-07 20:27 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-05.dmp
2014-03-07 20:10 - 2014-03-07 20:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-04.dmp
2014-03-07 19:11 - 2014-03-07 19:11 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-03.dmp
2014-03-07 18:18 - 2014-03-05 13:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2014-03-07 18:18 - 2014-03-02 22:42 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-07 18:08 - 2014-03-07 18:08 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-02.dmp
2014-03-07 16:56 - 2014-03-07 16:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030714-01.dmp
2014-03-06 21:44 - 2014-03-06 21:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-02.dmp
2014-03-06 20:38 - 2006-02-28 20:14 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-06 20:35 - 2014-03-06 20:35 - 00000000 ____D () C:\NBRT
2014-03-06 09:01 - 2014-03-06 09:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030614-01.dmp
2014-03-05 22:21 - 2014-03-05 22:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-08.dmp
2014-03-05 21:36 - 2014-03-05 21:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-07.dmp
2014-03-05 21:10 - 2014-03-05 21:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-06.dmp
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 01114168 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-03-05 20:11 - 2014-03-05 20:11 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-03-05 20:11 - 2014-03-05 20:06 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-03-05 19:32 - 2014-03-05 19:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-05.dmp
2014-03-05 16:07 - 2014-03-05 16:07 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-04.dmp
2014-03-05 14:48 - 2014-03-05 14:48 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-03.dmp
2014-03-05 14:13 - 2014-03-05 14:13 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-02.dmp
2014-03-05 08:30 - 2014-03-05 08:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-04 22:34 - 2014-03-04 22:34 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-06.dmp
2014-03-04 12:17 - 2014-03-04 12:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-05.dmp
2014-03-04 12:10 - 2014-03-19 02:43 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140319-024357.backup
2014-03-04 11:47 - 2014-03-04 11:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-04.dmp
2014-03-04 10:47 - 2014-03-04 10:47 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-03.dmp
2014-03-04 04:36 - 2014-03-04 04:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-02.dmp
2014-03-04 02:30 - 2004-11-13 13:55 - 00105889 _____ () C:\WINDOWS\wmsetup.log
2014-03-04 01:50 - 2014-03-04 01:51 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030414-01.dmp
2014-03-03 22:42 - 2014-02-16 20:33 - 00081920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\OpenAL32.dll
2014-03-03 22:42 - 2006-02-28 20:36 - 00000000 ____D () C:\WINDOWS\system32\Defaults
2014-03-03 22:41 - 2013-03-17 01:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2014-03-03 22:40 - 2006-04-04 03:27 - 00000419 _____ () C:\WINDOWS\CTWave32.INI
2014-03-03 19:39 - 2014-03-03 19:39 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-20.dmp
2014-03-03 19:30 - 2014-03-03 19:30 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-19.dmp
2014-03-03 18:56 - 2014-03-03 18:56 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-18.dmp
2014-03-03 16:21 - 2014-03-03 16:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-17.dmp
2014-03-03 16:16 - 2014-03-03 16:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-16.dmp
2014-03-03 16:14 - 2014-03-03 16:14 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-15.dmp
2014-03-03 15:58 - 2014-03-03 15:58 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-14.dmp
2014-03-03 15:32 - 2014-03-03 15:32 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-13.dmp
2014-03-03 15:12 - 2014-03-03 15:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-12.dmp
2014-03-03 15:10 - 2014-03-03 15:10 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-11.dmp
2014-03-03 15:01 - 2014-03-03 15:01 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-10.dmp
2014-03-03 12:37 - 2014-03-03 12:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-09.dmp
2014-03-03 12:23 - 2014-03-03 12:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-08.dmp
2014-03-03 12:18 - 2014-03-03 12:18 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-07.dmp
2014-03-03 12:08 - 2014-03-03 12:09 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-06.dmp
2014-03-03 11:31 - 2014-03-03 11:31 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-05.dmp
2014-03-03 03:05 - 2014-03-03 03:05 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-04.dmp
2014-03-03 01:37 - 2014-03-03 01:37 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-03.dmp
2014-03-03 01:28 - 2014-03-03 01:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 01:23 - 2014-03-03 01:23 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-03 00:44 - 2014-03-03 00:44 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-06.dmp
2014-03-03 00:36 - 2014-03-03 00:36 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-05.dmp
2014-03-03 00:24 - 2014-03-03 00:24 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-04.dmp
2014-03-03 00:21 - 2014-03-03 00:21 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-03.dmp
2014-03-03 00:12 - 2014-03-03 00:12 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-02.dmp
2014-03-02 22:42 - 2014-03-02 22:24 - 00000000 ____D () C:\NVIDIA
2014-03-02 22:32 - 2014-03-02 22:32 - 00018638 _____ () C:\WINDOWS\system32\CCCInstall_201403022132137187.log
2014-03-02 22:06 - 2014-03-02 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA
2014-03-02 17:16 - 2014-03-02 17:16 - 00094208 _____ () C:\WINDOWS\Minidump\Mini030214-01.dmp
2014-03-02 14:03 - 2014-03-18 23:50 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\Documents and Settings\HP_Administrator.MTBNEW\Dscan16.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\en_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\es_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\fr_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\grm_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\HPAsset.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\hpmonZ.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\it_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\jp_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\mfc80u.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\msvcr80.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\PCPE Setup.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\pt_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\ru_res.dll
C:\Documents and Settings\HP_Administrator.MTBNEW\shortcut.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\Smstub16.exe
C:\Documents and Settings\HP_Administrator.MTBNEW\zh_res.dll


Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\temp\AdobeUpdater12345.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\jre-6u26-windows-i586-iftw-rv_e9f0d688.exe
C:\Documents and Settings\HP_Administrator\Local Settings\temp\siw_sdk.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\uninst.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

-mtbow

#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:46 AM

Posted 02 April 2014 - 06:27 AM

Hi,

 

No worries about Acrobat for now. I usually have people uninstall programs before updating them, but in your case, I'll just have you update it with the old version still installed later on. :)

 

Awesome work on finding out that the Audio Mixer is the problem. :thumbup2: I'm gonna have you check out the driver file that the service uses to see if something's wrong with it.

 

VirusTotal

I need you to scan a suspicious file with VirusTotal.

  • Visit VirusTotal, and click Choose File. Navigate to the following file and choose it:
    C:\WINDOWS\system32\drivers\kmixer.sys
  • Click Scan it! after choosing your file. If you receive a message telling you the file has already been scanned, please scan it again anyway.
  • Once VirusTotal is done scanning the file, copy and paste the URL of the scan results into your reply.

By the way, you mentioned earlier that you have Norton installed. However, I see practically no signs of it in your logs. Are you sure that you didn't uninstall it? If you did, we'll need to get you a new antivirus program.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 mtbow

mtbow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 02 April 2014 - 03:59 PM

Gunto-

Here's the link:
https://www.virustotal.com/en/file/1a99dee83ffaf64e73067fc049c0a4ce07d94e4ae31efa17b38cefa9e41d67dc/analysis/1396466443/


I have always used Norton, but I just removed it and ran the removal tool as part of the troubleshooting process, especially since malwarebytes rootkit found the zeroaccess. I also did this as a concern that it was conflicting with Malwarebytes. I had an incident report logged with Norton, and they finally called back after 3 weeks on Monday. They ran some items, installed one thing. It did not like FRST.exe, however we did not remove it. The goal was to get their bootable removal tool to complete a scan. It still does not. It also has a power eraser tool as part of the bootable dvd. It is supposed to make a wired network connection running in a type of Win PE mode so it can update the "power eraser". It apparently is not making the connection as it is "grayed out" and cannot be selected to run. The other tool that can never complete a scan seems to find a w32.tiot infection that is considered rare and dangerous.

So here's an update.

-No I don't have an anti-virus running
-I have windows firewall running with "no exceptions" option checked
-3/8/14-is when the mbar found the backdoor zero access and removed
-3/22/14-3/24/14 I was getting serious and agressive (11 0x9c bsod's)
-That's when I found windbg probable cause of intelppm.sys and kmixer.sys
-That's when the 2 combofix's were run
-3/24/14-Is my last 2 bsod's. One referenced the mouclass.sys driver as probable cause, I think that's when I switched to the keyboard and mouse that came with the machine, previously I was running a memorex office keyboard (lots of extra buttons and an old microsoft mouse)The driver was mentioned as problematic in some Bluescreen View reports
-Super Anti Spyware is the only malware detector that is "installed", spybot was creating some system events and could not complete a scan, and malwarebytes kept closing during a scan.
-Lastly I have been operating on 2gb (2 sticks) of my ram instead of the 4gb(4 sticks) I have.

I still think something is not right since a complete virus scan can never finish and the norton bootable keeps reporting the w32.tiot. 2 or 3 years ago I tried the microsoft security essentials (removing norton because it kept getting corrupt);however it could not complete a full scan either without a bsod. I still have my Norton license, it just seemed like I needed to get a clean system before reinstalling.

Thank you again, and let me know what's next.

-mtbow

#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:46 AM

Posted 04 April 2014 - 11:26 AM

Hi,

 

Thanks for getting back to me, that file looks good. :)

 

However, since you mentioned Norton helping you alongside me, I'll have to ask you to decide which one of us you'd like to help you. Here at BC, we don't like to work with users who are receiving help from other sources due to the possible conflicts between us, which is why I mentioned in my first post to notify me if anyone else was assisting you. I'm more than willing to continue fixing your machine, I only ask that you tell Norton you're getting help elsewhere so that they can leave the rest up to me. Please let me know what you decide to do.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 mtbow

mtbow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 04 April 2014 - 01:55 PM

Gunto-

I would like stick with you as I believe we are making progress. I entertained Norton as being specific to their bootable removal tool not working, but it still isn't and I'm still somewhat leary since I have been running their product and still was infected. System wise nothing has changed since last post.

-mtbow

#12 mtbow

mtbow
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 05 April 2014 - 09:04 AM

Gunto-

 

This time of year I scan a lot of files to pdf so acrobat pro is pretty important.  I also annotate and password protect the files so I would need a replacement if you have any ideas.  My system has been stable, however I noticed sqlservr.exe running in processes yesterday/today and it had the highest memory usage at 240k  I do use MS Outlook 2003 with business contact manager.  I just confirmed that ms outlook is starting the sqlservr.exe.  I believe I shut my outlook down last night and the sql was still running.  I tried a logoff and logon, it was still running.  So I did a restart and I received the ......system's Registry data had to be recovered by use of a log or alternate copy.  The recovery was successful.  Maybe sqlservr was hung and did not shut down properly and causes this error, or something else.  As a result, looking at msconfig, now Adobe Acrobat Speed Launcher is in my startup, but it was not there before.  I do know that periodically when I open Acrobat it will launch into setup because I'm assuming it knows it's configuration is not right.  It did this, perhaps after the reader was removed.  My point is I'll remove it if I have a replacement, but also the registry being restored from a log or alternate copy is concerning.

 

One other clue to instability is this:  On my start menu in recently used programs is 1) Windows SDK 7.1 Command Prompt and 2) Diskeeper Lite.  The command prompt is running SetEnv.cmd.  I believe this was installed as part of the windows debugging and is probably ok,

 

However, the Diskeeper Lite I have not run.  I did install this way back.  Perhaps it runs in the background?  It is running through mmc.exe according to the "Find Target" button in the properties window.  I never see the diskeeper service in processes, it is not in startup under msconfig.  Perhaps it shows up as it replaced the default xp defrag and is loaded as part of the dmboot or dmload system files.

 

Thanks again.

 

-mtbow



#13 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:46 AM

Posted 06 April 2014 - 10:53 AM

Hi,

 

Glad to see you chose me to help you. :thumbup2:

 

Although Norton is unable to complete a scan, I would like for you to install it again. You don't have to run any scans with it at the moment, but simply having it protecting you will be vital to your security, even while I'm helping you to fix things. :)

 

A completely free alternative to Acrobat is OpenOffice, which not only processes .pdf files with this extension, but plenty of other formats as well, so you can even replace Microsoft Office with it. If you decide to use it, please let me know, and I'd like you to remove Acrobat if you do (you can also remove MS Office, but you don't have to).

 

A registry restore is... rather unexpected. :o Since there have been modifications to your system, I'd like you to get a fresh FRST log for me and post it in your next response. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:46 AM

Posted 09 April 2014 - 02:23 PM

Hi,

 

It's been three days since my last post, so I am bumping the topic just in case you missed my previous post. If you need more time to get back to me, please let me know, because I don't know otherwise.

 

If I still haven't heard from you in two days, this topic will be locked, so please get back to me within two days.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:46 PM

Posted 12 April 2014 - 01:56 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users