Jump to content

Cleaned up viruses using Malwarebytes but can only log in using safe mode


Misty416
 Share

Recommended Posts

I was infected and downloaded Malwarebytes, cleaned up the viruses but my XP Windows Home edition laptop freezes when booting normally.  Browsing the internext I downloaded FRST.exe and ran it and also scanned services.exe so I have FRST.txt and Search.txt.  I am reviewing these files but don't know enought on what to do to do next to fix the problem.  Can anyone help? 

Here is a copy of the two files:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by SYSTEM on REATOGO on 10-12-2013 12:15:12
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

========================== Services (Whitelisted) =================

S2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [376832 2003-09-13] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [255136 2003-09-06] (Symantec Corporation)
S2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [218272 2003-09-06] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [87200 2003-09-06] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [234656 2003-09-06] (Symantec Corporation)
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S2 navapsvc; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [158376 2003-08-17] (Symantec Corporation)
S2 SAVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [193816 2003-08-10] (Symantec Corporation)
S2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [197896 2003-08-31] (Symantec Corporation)
S3 SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S3 VAIOMediaPlatform-MusicServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe [503897 2003-10-21] (Sony Corporation)
S3 VAIOMediaPlatform-MusicServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation)
S3 VAIOMediaPlatform-PhotoServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe [925696 2003-10-21] (Sony Corporation)
S3 VAIOMediaPlatform-PhotoServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation)
S3 VAIOMediaPlatform-VideoServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe [1286144 2003-10-21] (Sony Corporation)
S3 VAIOMediaPlatform-VideoServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation)
S3 VAIOMediaPlatform-MusicServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP" [x]
S3 VAIOMediaPlatform-PhotoServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP" [x]
S3 VAIOMediaPlatform-VideoServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP" [x]

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-12-08] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-12-08] (AVAST Software)
S1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-08] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-12-08] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-12-08] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-08] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-08] ()
S3 fa410; C:\Windows\System32\DRIVERS\fa410nd5.sys [24618 2001-08-17] (NETGEAR)
S3 gv3; C:\Windows\System32\DRIVERS\gv3.sys [30976 2002-11-18] (Microsoft Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-11-01] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-11-01] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
S3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [197120 2003-10-14] (Conexant Systems, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071226.003\NAVENG.SYS [81232 2007-12-26] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071226.003\NAVEX15.SYS [865904 2007-12-26] (Symantec Corporation)
S3 oibtvcom; C:\Windows\System32\Drivers\oivmvcom.sys [279680 2003-03-14] (OPEN INTERFACE.)
S3 oivmctrl; C:\Windows\System32\Drivers\oivmctrl.sys [15616 2003-01-06] (OPEN INTERFACE.)
S1 SAVRT; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS [300736 2003-08-06] (Symantec Corporation)
S1 SAVRTPEL; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS [35008 2003-08-06] (Symantec Corporation)
S4 sdeivgqh; C:\Windows\System32\Drivers\sdeivgqh.sys [403440 2013-12-08] (AVAST Software)
S3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [71961 2002-08-20] (Sony Corporation)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [10728 2003-08-31] (Symantec Corporation)
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [82136 2003-08-16] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [164552 2003-08-31] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [46376 2003-08-31] (Symantec Corporation)
S3 SYMIDSCO; C:\Windows\System32\Drivers\SYMIDSCO.SYS [123240 2003-08-31] (Symantec Corporation)
S3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [51560 2003-08-31] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [16328 2003-08-31] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [263240 2003-08-31] (Symantec Corporation)
S3 w22n51; C:\Windows\System32\DRIVERS\w22n51.sys [1987712 2003-11-26] (Intel® Corporation)
S3 WDM_YAMAHAAC97; C:\Windows\System32\drivers\yacxgc.sys [205440 2003-03-17] (YAMAHA CORPORATION)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2.sys [453120 2008-09-30] (Atheros Communications, Inc.)
S4 IntelIde; No ImagePath
S0 iunewmyi; System32\drivers\yhij.sys [x]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 10:07 - 2013-12-10 10:07 - 00000000 ____D C:\FRST
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\My Documents\My eBooks
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Local Settings\Application Data\Microsoft Help
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Local Settings\Application Data\Adobe
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010}
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\Sun
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\Mozilla
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\AdobeUM
2013-12-09 19:15 - 2013-12-10 12:45 - 00000178 ___SH C:\Documents and Settings\McKenna\ntuser.ini
2013-12-09 19:15 - 2013-12-09 19:15 - 00000000 __SHD C:\Documents and Settings\McKenna\IETldCache
2013-12-09 19:15 - 2003-01-10 16:13 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\Adobe
2013-12-09 19:15 - 2003-01-10 11:10 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\Real
2013-12-09 19:15 - 2003-01-10 09:08 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\Sony Corporation
2013-12-09 14:36 - 2013-12-09 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-12-09 13:53 - 2013-12-09 13:53 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-12-09 11:39 - 2013-12-09 11:38 - 00090112 _____ C:\Windows\Minidump\Mini120913-01.dmp
2013-12-08 23:37 - 2013-12-09 19:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-08 23:37 - 2013-12-08 23:37 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-08 23:37 - 2013-12-08 23:37 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\Malwarebytes
2013-12-08 23:37 - 2013-12-08 23:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-08 23:37 - 2013-04-04 17:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-08 23:26 - 2013-12-08 23:35 - 00000000 ____D C:\Windows\pss
2013-12-08 14:42 - 2013-12-08 14:42 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-08 14:41 - 2013-12-08 14:41 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-08 14:39 - 2013-12-08 14:39 - 00774392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00269216 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-12-08 14:39 - 2013-12-08 14:39 - 00178304 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00070384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00057672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00054832 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00049944 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-08 14:39 - 2013-12-08 14:39 - 00035656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-12-08 13:36 - 2013-12-08 13:36 - 00000000 ____D C:\Windows\System32\appmgmt
2013-12-08 12:06 - 2013-12-08 12:06 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\sdeivgqh.sys
2013-12-08 01:51 - 2013-12-08 02:10 - 00006284 _____ C:\Windows\KB2423089.log
2013-12-08 01:18 - 2013-12-08 01:22 - 00009376 _____ C:\Windows\KB2859537.log
2013-12-08 01:18 - 2013-12-08 01:22 - 00009199 _____ C:\Windows\KB2862152.log
2013-12-08 01:18 - 2013-12-08 01:22 - 00009112 _____ C:\Windows\KB2876331.log
2013-12-08 01:18 - 2013-12-08 01:22 - 00009111 _____ C:\Windows\KB2850869.log
2013-12-08 01:17 - 2013-12-08 01:22 - 00009117 _____ C:\Windows\KB2868626.log
2013-12-08 01:17 - 2013-12-08 01:22 - 00009031 _____ C:\Windows\KB2712808.log
2013-12-08 01:17 - 2013-12-08 01:22 - 00008948 _____ C:\Windows\KB2479943.log
2013-12-08 01:17 - 2013-12-08 01:22 - 00008863 _____ C:\Windows\KB2478971.log
2013-12-08 01:17 - 2013-12-08 01:22 - 00008821 _____ C:\Windows\KB2544893-v2.log
2013-12-08 01:17 - 2013-12-08 01:22 - 00008779 _____ C:\Windows\KB2758857.log
2013-12-08 01:16 - 2013-12-08 01:22 - 00008615 _____ C:\Windows\KB2345886.log
2013-12-08 01:16 - 2013-12-08 01:21 - 00008528 _____ C:\Windows\KB2585542.log
2013-12-08 01:16 - 2013-12-08 01:21 - 00008452 _____ C:\Windows\KB2631813.log
2013-12-08 01:15 - 2013-12-08 01:21 - 00008426 _____ C:\Windows\KB2691442.log
2013-12-08 01:15 - 2013-12-08 01:21 - 00008276 _____ C:\Windows\KB2847311.log
2013-12-08 01:15 - 2013-12-08 01:21 - 00008268 _____ C:\Windows\KB2115168.log
2013-12-08 01:14 - 2013-12-08 01:21 - 00008186 _____ C:\Windows\KB951978.log
2013-12-08 01:14 - 2013-12-08 01:21 - 00008109 _____ C:\Windows\KB2443105.log
2013-12-08 01:14 - 2013-12-08 01:21 - 00008027 _____ C:\Windows\KB2655992.log
2013-12-08 01:13 - 2013-12-08 01:21 - 00008047 _____ C:\Windows\KB2802968.log
2013-12-08 01:12 - 2013-12-08 01:20 - 00008807 _____ C:\Windows\KB2481109.log
2013-12-08 01:12 - 2013-12-08 01:20 - 00007774 _____ C:\Windows\KB2598479.log
2013-12-08 01:11 - 2013-12-08 01:20 - 00007657 _____ C:\Windows\KB982132.log
2013-12-08 01:11 - 2013-12-08 01:20 - 00007605 _____ C:\Windows\KB2507938.log
2013-12-08 01:11 - 2013-12-08 01:20 - 00007528 _____ C:\Windows\KB2780091.log
2013-12-08 01:11 - 2013-12-08 01:11 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\AVAST Software
2013-12-08 01:10 - 2013-12-08 01:20 - 00007525 _____ C:\Windows\KB2845187.log
2013-12-08 01:10 - 2013-12-08 01:20 - 00007296 _____ C:\Windows\KB2876217.log
2013-12-08 01:10 - 2013-12-08 01:20 - 00007225 _____ C:\Windows\KB2483185.log
2013-12-08 01:09 - 2013-12-08 01:20 - 00007215 _____ C:\Windows\KB2864063.log
2013-12-08 01:09 - 2013-12-08 01:20 - 00007114 _____ C:\Windows\KB979687.log
2013-12-08 01:08 - 2013-12-08 01:19 - 00007058 _____ C:\Windows\KB2719985.log
2013-12-08 00:35 - 2013-12-08 14:40 - 00000000 ____D C:\Program Files\Google
2013-12-08 00:35 - 2013-12-08 14:40 - 00000000 ____D C:\Documents and Settings\Colin\Local Settings\Application Data\Google
2013-12-08 00:29 - 2013-12-08 00:29 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-08 00:21 - 2013-12-08 01:18 - 00006303 _____ C:\Windows\KB2820917.log
2013-12-08 00:18 - 2013-12-08 01:18 - 00006141 _____ C:\Windows\KB2757638.log
2013-12-08 00:18 - 2013-12-08 01:18 - 00006061 _____ C:\Windows\KB2419632.log
2013-12-08 00:17 - 2013-12-08 01:18 - 00005879 _____ C:\Windows\KB2653956.log
2013-12-08 00:17 - 2013-12-08 01:17 - 00005966 _____ C:\Windows\KB2508429.log
2013-12-08 00:17 - 2013-12-08 01:17 - 00005863 _____ C:\Windows\KB2749655.log
2013-12-08 00:10 - 2013-12-08 01:20 - 00008695 _____ C:\Windows\KB971029.log
2013-12-08 00:10 - 2013-12-08 01:19 - 00082034 _____ C:\Windows\KB2506212.log
2013-12-08 00:09 - 2013-12-08 01:19 - 00005875 _____ C:\Windows\KB2619339.log
2013-12-08 00:09 - 2013-12-08 01:19 - 00005838 _____ C:\Windows\KB2705219-v2.log
2013-12-08 00:09 - 2013-12-08 01:19 - 00005707 _____ C:\Windows\KB2727528.log
2013-12-08 00:06 - 2013-12-08 01:19 - 00006230 _____ C:\Windows\KB2813345.log
2013-12-08 00:06 - 2013-12-08 01:19 - 00005304 _____ C:\Windows\KB2509553.log
2013-12-08 00:05 - 2013-12-08 01:19 - 00006707 _____ C:\Windows\KB2676562.log
2013-12-08 00:05 - 2013-12-08 01:19 - 00005109 _____ C:\Windows\KB982665.log
2013-12-08 00:04 - 2013-12-08 01:18 - 00004949 _____ C:\Windows\KB2620712.log
2013-12-08 00:02 - 2013-12-08 00:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-08 00:00 - 2013-12-08 00:08 - 00004391 _____ C:\Windows\KB2584146.log
2013-12-07 23:42 - 2013-12-07 23:42 - 00000000 _____ C:\Windows\Model.txt
2013-12-07 23:38 - 2013-12-07 23:42 - 00000100 _____ C:\Windows\Model.log
2013-12-07 22:24 - 2013-12-07 22:24 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\Easeware
2013-12-07 22:06 - 2013-12-07 22:06 - 00090112 _____ C:\Windows\Minidump\Mini120713-12.dmp
2013-12-07 22:04 - 2013-12-07 22:04 - 00090112 _____ C:\Windows\Minidump\Mini120713-11.dmp
2013-12-07 21:28 - 2013-12-07 21:28 - 00090112 _____ C:\Windows\Minidump\Mini120713-10.dmp
2013-12-07 21:27 - 2013-12-07 21:27 - 00090112 _____ C:\Windows\Minidump\Mini120713-09.dmp
2013-12-07 21:24 - 2013-12-07 21:24 - 00090112 _____ C:\Windows\Minidump\Mini120713-08.dmp
2013-12-07 21:23 - 2013-12-07 21:22 - 00090112 _____ C:\Windows\Minidump\Mini120713-07.dmp
2013-12-07 21:21 - 2013-12-07 21:21 - 00090112 _____ C:\Windows\Minidump\Mini120713-06.dmp
2013-12-07 21:19 - 2013-12-07 21:19 - 00090112 _____ C:\Windows\Minidump\Mini120713-05.dmp
2013-12-07 20:31 - 2013-12-07 20:31 - 00000187 _____ C:\Windows\spupdsvc.log.1.log
2013-12-07 20:28 - 2013-12-07 20:28 - 00000000 __HDC C:\Windows\$NtUninstallKB980232$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB980218$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979683$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979559$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979482$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979309$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB978706$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB978601$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978542$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978338$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978037$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB977914$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975713$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975562$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975561$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975560$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975467$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975025$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974571$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974392$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974318$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974112$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB973869$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973815$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973687$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973507$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973354$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB972270$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB971737$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971657$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971633$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971557$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971468$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB970430$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB970238$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB969059$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB968537$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB968389$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB967715$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB961501$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB961373$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB961371-v2$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB960859$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB960803$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB960225$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB959426$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB958690$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB958687$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB958644$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB957097$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB957095$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956844$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956841$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956803$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956802$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956572$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB974112_1$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB973687_1$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB955759$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB955069$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB954600$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB954211$
2013-12-07 20:18 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB952004$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951748$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951698$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951066$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB938464$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2229593$
2013-12-07 20:09 - 2013-12-07 20:09 - 00000000 ____D C:\Windows\System32\scripting
2013-12-07 20:09 - 2013-12-07 20:09 - 00000000 ____D C:\Windows\l2schemas
2013-12-07 18:57 - 2013-12-07 19:25 - 00000000 ____D C:\Windows\System32\MRT
2013-12-07 18:31 - 2013-12-07 18:32 - 00025041 _____ C:\Windows\KB982381-IE8.log
2013-12-07 18:30 - 2013-12-07 18:31 - 00308876 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-07 18:29 - 2013-12-07 20:17 - 00207906 _____ C:\Windows\KB2229593.log
2013-12-07 18:29 - 2013-12-07 18:29 - 00000000 __HDC C:\Windows\$NtUninstallKB979559_0$
2013-12-07 18:29 - 2013-12-07 18:29 - 00000000 __HDC C:\Windows\$NtUninstallKB975562_0$
2013-12-07 18:29 - 2013-12-07 18:29 - 00000000 __HDC C:\Windows\$NtUninstallKB2229593_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00015734 _____ C:\Windows\KB980195.log
2013-12-07 18:28 - 2013-12-07 18:28 - 00015215 _____ C:\Windows\KB978695.log
2013-12-07 18:28 - 2013-12-07 18:28 - 00013069 _____ C:\Windows\KB981793.log
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB981793$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB980218_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB980195$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB979482_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB978601_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB978542_0$
2013-12-07 18:27 - 2013-12-07 20:27 - 00213834 _____ C:\Windows\KB979683.log
2013-12-07 18:27 - 2013-12-07 18:28 - 00013436 _____ C:\Windows\KB979402.log
2013-12-07 18:27 - 2013-12-07 18:27 - 00015649 _____ C:\Windows\KB981332-IE8.log
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979683_0$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979402_WM9L$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979309_0$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB978338_0$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB977816$
2013-12-07 18:26 - 2013-12-07 20:28 - 00210647 _____ C:\Windows\KB980232.log
2013-12-07 18:26 - 2013-12-07 20:26 - 00209942 _____ C:\Windows\KB975561.log
2013-12-07 18:26 - 2013-12-07 20:23 - 00210066 _____ C:\Windows\KB971468.log
2013-12-07 18:26 - 2013-12-07 18:26 - 00016626 _____ C:\Windows\KB976662-IE8.log
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB980232_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978706_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB977914_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975561_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB971468_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00015851 _____ C:\Windows\KB973904.log
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB978037_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975713_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975560_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB973904$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB972270_0$
2013-12-07 18:24 - 2013-12-07 20:24 - 00396503 _____ C:\Windows\KB973687.log
2013-12-07 18:24 - 2013-12-07 20:19 - 00208542 _____ C:\Windows\KB955759.log
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB974392_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB974318_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973687_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB971737_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB970430_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB955759_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00007310 _____ C:\Windows\KB958869.log
2013-12-07 18:23 - 2013-12-07 18:23 - 00006805 _____ C:\Windows\KB954155.log
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB975467_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB975025_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB974571_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB974112_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB969059_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB958869$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB954155_WM9$
2013-12-07 18:22 - 2013-12-07 20:20 - 00200401 _____ C:\Windows\KB956844.log
2013-12-07 18:22 - 2013-12-07 18:31 - 00000000 ____D C:\Windows\ie8updates
2013-12-07 18:22 - 2013-12-07 18:23 - 00009860 _____ C:\Windows\KB971961-IE8.log
2013-12-07 18:22 - 2013-12-07 18:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956844_0$
2013-12-07 17:38 - 2010-05-06 05:41 - 00599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2013-12-07 17:38 - 2010-05-06 05:41 - 00599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2013-12-07 17:38 - 2010-05-06 05:41 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2013-12-07 17:38 - 2010-05-06 05:41 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2013-12-07 17:38 - 2010-05-06 05:41 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2013-12-07 17:38 - 2010-05-06 05:41 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 11076096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 11076096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 01985536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 01985536 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2013-12-07 17:37 - 2010-05-06 05:41 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2013-12-07 17:35 - 2010-06-14 09:31 - 00744448 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\helpsvc.exe
2013-12-07 17:35 - 2010-06-14 09:31 - 00744448 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\helpsvc.exe
2013-12-07 17:34 - 2013-12-07 20:27 - 00218634 _____ C:\Windows\KB979559.log
2013-12-07 17:34 - 2013-12-07 20:27 - 00217832 _____ C:\Windows\KB978601.log
2013-12-07 17:34 - 2013-12-07 20:27 - 00216628 _____ C:\Windows\KB979482.log
2013-12-07 17:34 - 2013-12-07 20:27 - 00216612 _____ C:\Windows\KB980218.log
2013-12-07 17:34 - 2013-12-07 20:26 - 00217181 _____ C:\Windows\KB978542.log
2013-12-07 17:34 - 2013-12-07 20:26 - 00216616 _____ C:\Windows\KB975562.log
2013-12-07 17:33 - 2013-12-07 20:27 - 00219843 _____ C:\Windows\KB979309.log
2013-12-07 17:33 - 2013-12-07 20:26 - 00217289 _____ C:\Windows\KB978338.log
2013-12-07 17:33 - 2013-12-07 18:27 - 00021139 _____ C:\Windows\KB977816.log
2013-12-07 17:33 - 2009-10-23 10:28 - 03558912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\moviemk.exe
2013-12-07 17:33 - 2009-10-23 10:28 - 03558912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\moviemk.exe
2013-12-07 17:32 - 2013-12-07 20:27 - 00215564 _____ C:\Windows\KB978706.log
2013-12-07 17:32 - 2013-12-07 20:26 - 00218236 _____ C:\Windows\KB977914.log
2013-12-07 17:32 - 2013-12-07 20:26 - 00216405 _____ C:\Windows\KB975713.log
2013-12-07 17:32 - 2013-12-07 20:26 - 00216009 _____ C:\Windows\KB978037.log
2013-12-07 17:31 - 2013-12-07 20:25 - 00215236 _____ C:\Windows\KB974318.log
2013-12-07 17:31 - 2013-12-07 20:25 - 00214895 _____ C:\Windows\KB974392.log
2013-12-07 17:31 - 2013-12-07 20:24 - 00212875 _____ C:\Windows\KB971737.log
2013-12-07 17:31 - 2013-12-07 20:23 - 00207403 _____ C:\Windows\KB969059.log
2013-12-07 17:31 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aclayers.dll
2013-12-07 17:31 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\aclayers.dll
2013-12-07 17:30 - 2013-12-07 20:25 - 00398623 _____ C:\Windows\KB974112.log
2013-12-07 17:30 - 2013-12-07 20:25 - 00210158 _____ C:\Windows\KB974571.log
2013-12-07 17:30 - 2013-12-07 20:25 - 00209748 _____ C:\Windows\KB975467.log
2013-12-07 17:30 - 2013-12-07 20:25 - 00208325 _____ C:\Windows\KB975025.log
2013-12-07 17:30 - 2009-06-21 16:44 - 00153088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\triedit.dll
2013-12-07 17:30 - 2009-06-21 16:44 - 00153088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\triedit.dll
2013-12-07 12:53 - 2013-12-07 12:53 - 00090112 _____ C:\Windows\Minidump\Mini120713-04.dmp
2013-12-07 12:50 - 2013-12-07 12:50 - 00090112 _____ C:\Windows\Minidump\Mini120713-03.dmp
2013-12-07 12:48 - 2013-12-09 11:39 - 00000000 __SHD C:\Windows\CSC
2013-12-07 12:48 - 2013-12-07 12:48 - 00090112 _____ C:\Windows\Minidump\Mini120713-02.dmp
2013-12-07 12:43 - 2013-12-07 12:43 - 00090112 _____ C:\Windows\Minidump\Mini120713-01.dmp
2013-12-07 01:54 - 2013-12-07 01:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-12-07 01:54 - 2013-12-07 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-12-07 01:04 - 2013-12-07 01:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-07 01:04 - 2013-12-07 01:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2013-12-07 00:40 - 2008-09-30 05:24 - 00453120 ____R (Atheros Communications, Inc.) C:\Windows\System32\Drivers\WN111v2.sys
2013-12-07 00:31 - 2013-12-07 00:31 - 00090112 _____ C:\Windows\Minidump\Mini120613-18.dmp
2013-12-06 23:53 - 2013-12-06 23:53 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\InterVideo
2013-12-06 23:46 - 2013-12-06 23:46 - 00090112 _____ C:\Windows\Minidump\Mini120613-17.dmp
2013-12-06 23:45 - 2013-12-06 23:45 - 00090112 _____ C:\Windows\Minidump\Mini120613-16.dmp
2013-12-06 23:43 - 2013-12-06 23:43 - 00090112 _____ C:\Windows\Minidump\Mini120613-15.dmp
2013-12-06 23:42 - 2013-12-06 23:42 - 00090112 _____ C:\Windows\Minidump\Mini120613-14.dmp
2013-12-06 23:29 - 2013-12-06 23:28 - 00090112 _____ C:\Windows\Minidump\Mini120613-13.dmp
2013-12-06 23:17 - 2013-12-06 23:17 - 00090112 _____ C:\Windows\Minidump\Mini120613-12.dmp
2013-12-06 23:15 - 2013-12-06 23:15 - 00090112 _____ C:\Windows\Minidump\Mini120613-11.dmp
2013-12-06 23:08 - 2013-12-06 23:08 - 00090112 _____ C:\Windows\Minidump\Mini120613-10.dmp
2013-12-06 23:07 - 2013-12-06 23:07 - 00090112 _____ C:\Windows\Minidump\Mini120613-09.dmp
2013-12-06 23:06 - 2013-12-06 23:06 - 00090112 _____ C:\Windows\Minidump\Mini120613-08.dmp
2013-12-06 23:04 - 2013-12-06 23:04 - 00090112 _____ C:\Windows\Minidump\Mini120613-07.dmp
2013-12-06 23:01 - 2013-12-06 23:01 - 00090112 _____ C:\Windows\Minidump\Mini120613-06.dmp
2013-12-06 23:00 - 2013-12-06 23:00 - 00090112 _____ C:\Windows\Minidump\Mini120613-05.dmp
2013-12-06 22:55 - 2013-12-06 22:55 - 00090112 _____ C:\Windows\Minidump\Mini120613-04.dmp
2013-12-06 22:49 - 2013-12-06 22:49 - 00090112 _____ C:\Windows\Minidump\Mini120613-03.dmp
2013-12-06 22:47 - 2013-12-06 22:47 - 00090112 _____ C:\Windows\Minidump\Mini120613-02.dmp
2013-12-06 22:46 - 2013-12-06 22:46 - 00090112 _____ C:\Windows\Minidump\Mini120613-01.dmp

==================== One Month Modified Files and Folders =======

2013-12-10 12:45 - 2013-12-09 19:15 - 00000178 ___SH C:\Documents and Settings\McKenna\ntuser.ini
2013-12-10 12:45 - 2007-10-30 18:45 - 01372619 _____ C:\Windows\WindowsUpdate.log
2013-12-10 12:41 - 2003-01-09 14:21 - 00001158 _____ C:\Windows\System32\wpa.dbl
2013-12-10 10:07 - 2013-12-10 10:07 - 00000000 ____D C:\FRST
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\My Documents\My eBooks
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Local Settings\Application Data\Microsoft Help
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Local Settings\Application Data\Adobe
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010}
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\Sun
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\Mozilla
2013-12-09 19:17 - 2013-12-09 19:17 - 00000000 ____D C:\Documents and Settings\McKenna\Application Data\AdobeUM
2013-12-09 19:17 - 2013-12-08 23:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-09 19:15 - 2013-12-09 19:15 - 00000000 __SHD C:\Documents and Settings\McKenna\IETldCache
2013-12-09 14:36 - 2013-12-09 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-12-09 14:17 - 2003-01-09 07:27 - 00732664 _____ C:\Windows\setupapi.log
2013-12-09 13:53 - 2013-12-09 13:53 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-12-09 13:45 - 2007-10-29 22:50 - 00000178 ___SH C:\Documents and Settings\Colin\ntuser.ini
2013-12-09 11:39 - 2013-12-07 12:48 - 00000000 __SHD C:\Windows\CSC
2013-12-09 11:38 - 2013-12-09 11:39 - 00090112 _____ C:\Windows\Minidump\Mini120913-01.dmp
2013-12-09 01:15 - 2003-01-09 14:22 - 00000211 __RSH C:\boot.ini
2013-12-09 01:15 - 2003-01-09 14:21 - 00000583 _____ C:\Windows\win.ini
2013-12-09 01:15 - 2003-01-09 14:21 - 00000227 _____ C:\Windows\system.ini
2013-12-09 00:37 - 2008-04-17 19:15 - 00000000 __HDC C:\Windows\$NtUninstallKB945553$
2013-12-09 00:36 - 2009-09-02 14:48 - 00000000 ____D C:\Program Files\Shared
2013-12-08 23:37 - 2013-12-08 23:37 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-08 23:37 - 2013-12-08 23:37 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\Malwarebytes
2013-12-08 23:37 - 2013-12-08 23:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-08 23:35 - 2013-12-08 23:26 - 00000000 ____D C:\Windows\pss
2013-12-08 15:40 - 2003-01-09 07:32 - 00000159 _____ C:\Windows\wiadebug.log
2013-12-08 15:40 - 2003-01-09 07:32 - 00000049 _____ C:\Windows\wiaservc.log
2013-12-08 14:42 - 2013-12-08 14:42 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-08 14:41 - 2013-12-08 14:41 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-08 14:40 - 2013-12-08 00:35 - 00000000 ____D C:\Program Files\Google
2013-12-08 14:40 - 2013-12-08 00:35 - 00000000 ____D C:\Documents and Settings\Colin\Local Settings\Application Data\Google
2013-12-08 14:39 - 2013-12-08 14:39 - 00774392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00269216 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-12-08 14:39 - 2013-12-08 14:39 - 00178304 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00070384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00057672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00054832 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00049944 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-12-08 14:39 - 2013-12-08 14:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-08 14:39 - 2013-12-08 14:39 - 00035656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-12-08 14:23 - 2003-01-09 15:42 - 00032610 _____ C:\Windows\SchedLgU.Txt
2013-12-08 13:36 - 2013-12-08 13:36 - 00000000 ____D C:\Windows\System32\appmgmt
2013-12-08 13:36 - 2007-11-01 21:29 - 00000000 ____D C:\Documents and Settings\Colin\Local Settings\Application Data\FolderShare
2013-12-08 13:21 - 2003-01-09 07:27 - 00224228 _____ C:\Windows\setupact.log
2013-12-08 13:16 - 2003-01-09 15:35 - 00000000 ____D C:\Windows\Registration
2013-12-08 12:06 - 2013-12-08 12:06 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\sdeivgqh.sys
2013-12-08 12:06 - 2007-10-29 23:13 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-08 11:22 - 2007-10-30 18:50 - 00000000 ___HD C:\Windows\$hf_mig$
2013-12-08 02:10 - 2013-12-08 01:51 - 00006284 _____ C:\Windows\KB2423089.log
2013-12-08 01:22 - 2013-12-08 01:18 - 00009376 _____ C:\Windows\KB2859537.log
2013-12-08 01:22 - 2013-12-08 01:18 - 00009199 _____ C:\Windows\KB2862152.log
2013-12-08 01:22 - 2013-12-08 01:18 - 00009112 _____ C:\Windows\KB2876331.log
2013-12-08 01:22 - 2013-12-08 01:18 - 00009111 _____ C:\Windows\KB2850869.log
2013-12-08 01:22 - 2013-12-08 01:17 - 00009117 _____ C:\Windows\KB2868626.log
2013-12-08 01:22 - 2013-12-08 01:17 - 00009031 _____ C:\Windows\KB2712808.log
2013-12-08 01:22 - 2013-12-08 01:17 - 00008948 _____ C:\Windows\KB2479943.log
2013-12-08 01:22 - 2013-12-08 01:17 - 00008863 _____ C:\Windows\KB2478971.log
2013-12-08 01:22 - 2013-12-08 01:17 - 00008821 _____ C:\Windows\KB2544893-v2.log
2013-12-08 01:22 - 2013-12-08 01:17 - 00008779 _____ C:\Windows\KB2758857.log
2013-12-08 01:22 - 2013-12-08 01:16 - 00008615 _____ C:\Windows\KB2345886.log
2013-12-08 01:21 - 2013-12-08 01:16 - 00008528 _____ C:\Windows\KB2585542.log
2013-12-08 01:21 - 2013-12-08 01:16 - 00008452 _____ C:\Windows\KB2631813.log
2013-12-08 01:21 - 2013-12-08 01:15 - 00008426 _____ C:\Windows\KB2691442.log
2013-12-08 01:21 - 2013-12-08 01:15 - 00008276 _____ C:\Windows\KB2847311.log
2013-12-08 01:21 - 2013-12-08 01:15 - 00008268 _____ C:\Windows\KB2115168.log
2013-12-08 01:21 - 2013-12-08 01:14 - 00008186 _____ C:\Windows\KB951978.log
2013-12-08 01:21 - 2013-12-08 01:14 - 00008109 _____ C:\Windows\KB2443105.log
2013-12-08 01:21 - 2013-12-08 01:14 - 00008027 _____ C:\Windows\KB2655992.log
2013-12-08 01:21 - 2013-12-08 01:13 - 00008047 _____ C:\Windows\KB2802968.log
2013-12-08 01:20 - 2013-12-08 01:12 - 00008807 _____ C:\Windows\KB2481109.log
2013-12-08 01:20 - 2013-12-08 01:12 - 00007774 _____ C:\Windows\KB2598479.log
2013-12-08 01:20 - 2013-12-08 01:11 - 00007657 _____ C:\Windows\KB982132.log
2013-12-08 01:20 - 2013-12-08 01:11 - 00007605 _____ C:\Windows\KB2507938.log
2013-12-08 01:20 - 2013-12-08 01:11 - 00007528 _____ C:\Windows\KB2780091.log
2013-12-08 01:20 - 2013-12-08 01:10 - 00007525 _____ C:\Windows\KB2845187.log
2013-12-08 01:20 - 2013-12-08 01:10 - 00007296 _____ C:\Windows\KB2876217.log
2013-12-08 01:20 - 2013-12-08 01:10 - 00007225 _____ C:\Windows\KB2483185.log
2013-12-08 01:20 - 2013-12-08 01:09 - 00007215 _____ C:\Windows\KB2864063.log
2013-12-08 01:20 - 2013-12-08 01:09 - 00007114 _____ C:\Windows\KB979687.log
2013-12-08 01:20 - 2013-12-08 00:10 - 00008695 _____ C:\Windows\KB971029.log
2013-12-08 01:19 - 2013-12-08 01:08 - 00007058 _____ C:\Windows\KB2719985.log
2013-12-08 01:19 - 2013-12-08 00:10 - 00082034 _____ C:\Windows\KB2506212.log
2013-12-08 01:19 - 2013-12-08 00:09 - 00005875 _____ C:\Windows\KB2619339.log
2013-12-08 01:19 - 2013-12-08 00:09 - 00005838 _____ C:\Windows\KB2705219-v2.log
2013-12-08 01:19 - 2013-12-08 00:09 - 00005707 _____ C:\Windows\KB2727528.log
2013-12-08 01:19 - 2013-12-08 00:06 - 00006230 _____ C:\Windows\KB2813345.log
2013-12-08 01:19 - 2013-12-08 00:06 - 00005304 _____ C:\Windows\KB2509553.log
2013-12-08 01:19 - 2013-12-08 00:05 - 00006707 _____ C:\Windows\KB2676562.log
2013-12-08 01:19 - 2013-12-08 00:05 - 00005109 _____ C:\Windows\KB982665.log
2013-12-08 01:18 - 2013-12-08 00:21 - 00006303 _____ C:\Windows\KB2820917.log
2013-12-08 01:18 - 2013-12-08 00:18 - 00006141 _____ C:\Windows\KB2757638.log
2013-12-08 01:18 - 2013-12-08 00:18 - 00006061 _____ C:\Windows\KB2419632.log
2013-12-08 01:18 - 2013-12-08 00:17 - 00005879 _____ C:\Windows\KB2653956.log
2013-12-08 01:18 - 2013-12-08 00:04 - 00004949 _____ C:\Windows\KB2620712.log
2013-12-08 01:17 - 2013-12-08 00:17 - 00005966 _____ C:\Windows\KB2508429.log
2013-12-08 01:17 - 2013-12-08 00:17 - 00005863 _____ C:\Windows\KB2749655.log
2013-12-08 01:11 - 2013-12-08 01:11 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\AVAST Software
2013-12-08 00:41 - 2003-01-09 15:34 - 00000000 ____D C:\Program Files\Online Services
2013-12-08 00:29 - 2013-12-08 00:29 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-08 00:08 - 2013-12-08 00:00 - 00004391 _____ C:\Windows\KB2584146.log
2013-12-08 00:03 - 2013-12-08 00:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-07 23:42 - 2013-12-07 23:42 - 00000000 _____ C:\Windows\Model.txt
2013-12-07 23:42 - 2013-12-07 23:38 - 00000100 _____ C:\Windows\Model.log
2013-12-07 22:24 - 2013-12-07 22:24 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\Easeware
2013-12-07 22:24 - 2007-10-31 10:40 - 00072608 _____ C:\Documents and Settings\Colin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-07 22:22 - 2003-01-09 07:27 - 00501648 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-07 22:22 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\Help
2013-12-07 22:06 - 2013-12-07 22:06 - 00090112 _____ C:\Windows\Minidump\Mini120713-12.dmp
2013-12-07 22:06 - 2007-10-30 19:28 - 00000000 ____D C:\Windows\Minidump
2013-12-07 22:04 - 2013-12-07 22:04 - 00090112 _____ C:\Windows\Minidump\Mini120713-11.dmp
2013-12-07 21:28 - 2013-12-07 21:28 - 00090112 _____ C:\Windows\Minidump\Mini120713-10.dmp
2013-12-07 21:27 - 2013-12-07 21:27 - 00090112 _____ C:\Windows\Minidump\Mini120713-09.dmp
2013-12-07 21:24 - 2013-12-07 21:24 - 00090112 _____ C:\Windows\Minidump\Mini120713-08.dmp
2013-12-07 21:22 - 2013-12-07 21:23 - 00090112 _____ C:\Windows\Minidump\Mini120713-07.dmp
2013-12-07 21:21 - 2013-12-07 21:21 - 00090112 _____ C:\Windows\Minidump\Mini120713-06.dmp
2013-12-07 21:19 - 2013-12-07 21:19 - 00090112 _____ C:\Windows\Minidump\Mini120713-05.dmp
2013-12-07 20:33 - 2007-10-31 10:39 - 00111094 _____ C:\Windows\spupdsvc.log
2013-12-07 20:33 - 2003-01-10 09:03 - 00316640 _____ C:\Windows\WMSysPr9.prx
2013-12-07 20:33 - 2003-01-10 09:02 - 00005501 _____ C:\Windows\wmsetup.log
2013-12-07 20:33 - 2003-01-09 07:28 - 00097457 _____ C:\Windows\tabletoc.log
2013-12-07 20:32 - 2003-01-09 15:35 - 00000967 _____ C:\Windows\DtcInstall.log
2013-12-07 20:31 - 2013-12-07 20:31 - 00000187 _____ C:\Windows\spupdsvc.log.1.log
2013-12-07 20:31 - 2007-10-31 10:39 - 00000090 _____ C:\Windows\System32\spupdwxp.log
2013-12-07 20:30 - 2003-01-09 15:34 - 00000000 ____D C:\Program Files\Messenger
2013-12-07 20:30 - 2003-01-09 07:26 - 00278944 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-07 20:28 - 2013-12-07 20:28 - 00000000 __HDC C:\Windows\$NtUninstallKB980232$
2013-12-07 20:28 - 2013-12-07 18:26 - 00210647 _____ C:\Windows\KB980232.log
2013-12-07 20:28 - 2007-10-30 20:54 - 01019061 _____ C:\Windows\svcpack.log
2013-12-07 20:28 - 2003-01-09 07:28 - 00336023 _____ C:\Windows\netfxocm.log
2013-12-07 20:28 - 2003-01-09 07:28 - 00133266 _____ C:\Windows\MedCtrOC.log
2013-12-07 20:28 - 2003-01-09 07:28 - 00078301 _____ C:\Windows\ocmsn.log
2013-12-07 20:28 - 2003-01-09 07:27 - 02133187 _____ C:\Windows\iis6.log
2013-12-07 20:28 - 2003-01-09 07:27 - 01917824 _____ C:\Windows\FaxSetup.log
2013-12-07 20:28 - 2003-01-09 07:27 - 00928343 _____ C:\Windows\ocgen.log
2013-12-07 20:28 - 2003-01-09 07:27 - 00884653 _____ C:\Windows\tsoc.log
2013-12-07 20:28 - 2003-01-09 07:27 - 00598430 _____ C:\Windows\msmqinst.log
2013-12-07 20:28 - 2003-01-09 07:27 - 00493014 _____ C:\Windows\comsetup.log
2013-12-07 20:28 - 2003-01-09 07:27 - 00298133 _____ C:\Windows\ntdtcsetup.log
2013-12-07 20:28 - 2003-01-09 07:27 - 00096106 _____ C:\Windows\msgsocm.log
2013-12-07 20:28 - 2003-01-09 07:27 - 00002675 _____ C:\Windows\imsins.log
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB980218$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979683$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979559$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979482$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979309$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB978706$
2013-12-07 20:27 - 2013-12-07 20:27 - 00000000 __HDC C:\Windows\$NtUninstallKB978601$
2013-12-07 20:27 - 2013-12-07 18:27 - 00213834 _____ C:\Windows\KB979683.log
2013-12-07 20:27 - 2013-12-07 17:34 - 00218634 _____ C:\Windows\KB979559.log
2013-12-07 20:27 - 2013-12-07 17:34 - 00217832 _____ C:\Windows\KB978601.log
2013-12-07 20:27 - 2013-12-07 17:34 - 00216628 _____ C:\Windows\KB979482.log
2013-12-07 20:27 - 2013-12-07 17:34 - 00216612 _____ C:\Windows\KB980218.log
2013-12-07 20:27 - 2013-12-07 17:33 - 00219843 _____ C:\Windows\KB979309.log
2013-12-07 20:27 - 2013-12-07 17:32 - 00215564 _____ C:\Windows\KB978706.log
2013-12-07 20:27 - 2007-10-31 10:46 - 00206813 _____ C:\Windows\updspapi.log
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978542$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978338$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978037$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB977914$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975713$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975562$
2013-12-07 20:26 - 2013-12-07 20:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975561$
2013-12-07 20:26 - 2013-12-07 18:26 - 00209942 _____ C:\Windows\KB975561.log
2013-12-07 20:26 - 2013-12-07 17:34 - 00217181 _____ C:\Windows\KB978542.log
2013-12-07 20:26 - 2013-12-07 17:34 - 00216616 _____ C:\Windows\KB975562.log
2013-12-07 20:26 - 2013-12-07 17:33 - 00217289 _____ C:\Windows\KB978338.log
2013-12-07 20:26 - 2013-12-07 17:32 - 00218236 _____ C:\Windows\KB977914.log
2013-12-07 20:26 - 2013-12-07 17:32 - 00216405 _____ C:\Windows\KB975713.log
2013-12-07 20:26 - 2013-12-07 17:32 - 00216009 _____ C:\Windows\KB978037.log
2013-12-07 20:26 - 2003-01-09 15:36 - 00000000 ____D C:\Program Files\Movie Maker
2013-12-07 20:26 - 2003-01-09 15:35 - 00000000 ____D C:\Program Files\Outlook Express
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975560$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975467$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975025$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974571$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974392$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974318$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB974112$
2013-12-07 20:25 - 2013-12-07 20:25 - 00000000 __HDC C:\Windows\$NtUninstallKB973869$
2013-12-07 20:25 - 2013-12-07 17:31 - 00215236 _____ C:\Windows\KB974318.log
2013-12-07 20:25 - 2013-12-07 17:31 - 00214895 _____ C:\Windows\KB974392.log
2013-12-07 20:25 - 2013-12-07 17:30 - 00398623 _____ C:\Windows\KB974112.log
2013-12-07 20:25 - 2013-12-07 17:30 - 00210158 _____ C:\Windows\KB974571.log
2013-12-07 20:25 - 2013-12-07 17:30 - 00209748 _____ C:\Windows\KB975467.log
2013-12-07 20:25 - 2013-12-07 17:30 - 00208325 _____ C:\Windows\KB975025.log
2013-12-07 20:25 - 2009-08-13 11:13 - 00211890 _____ C:\Windows\KB973869.log
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973815$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973687$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973507$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973354$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB972270$
2013-12-07 20:24 - 2013-12-07 20:24 - 00000000 __HDC C:\Windows\$NtUninstallKB971737$
2013-12-07 20:24 - 2013-12-07 18:24 - 00396503 _____ C:\Windows\KB973687.log
2013-12-07 20:24 - 2013-12-07 17:31 - 00212875 _____ C:\Windows\KB971737.log
2013-12-07 20:24 - 2009-08-13 11:12 - 00210949 _____ C:\Windows\KB973354.log
2013-12-07 20:24 - 2009-08-12 22:00 - 00218112 _____ C:\Windows\KB971657.log
2013-12-07 20:24 - 2009-08-12 21:58 - 00217583 _____ C:\Windows\KB973507.log
2013-12-07 20:24 - 2009-08-12 21:47 - 00221103 _____ C:\Windows\KB973815.log
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971657$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971633$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971557$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB971468$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB970430$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB970238$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB969059$
2013-12-07 20:23 - 2013-12-07 20:23 - 00000000 __HDC C:\Windows\$NtUninstallKB968537$
2013-12-07 20:23 - 2013-12-07 18:26 - 00210066 _____ C:\Windows\KB971468.log
2013-12-07 20:23 - 2013-12-07 17:31 - 00207403 _____ C:\Windows\KB969059.log
2013-12-07 20:23 - 2009-08-12 22:00 - 00217300 _____ C:\Windows\KB971557.log
2013-12-07 20:23 - 2009-08-12 21:52 - 00222148 _____ C:\Windows\KB971633.log
2013-12-07 20:23 - 2009-08-12 21:49 - 00222207 _____ C:\Windows\KB970238.log
2013-12-07 20:23 - 2009-08-12 21:46 - 00220029 _____ C:\Windows\KB968537.log
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB968389$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB967715$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB961501$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB961373$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB961371-v2$
2013-12-07 20:22 - 2013-12-07 20:22 - 00000000 __HDC C:\Windows\$NtUninstallKB960859$
2013-12-07 20:22 - 2009-12-16 14:13 - 00212918 _____ C:\Windows\KB968389.log
2013-12-07 20:22 - 2009-08-12 22:02 - 00219104 _____ C:\Windows\KB960859.log
2013-12-07 20:22 - 2009-08-12 22:01 - 00219275 _____ C:\Windows\KB961371-v2.log
2013-12-07 20:22 - 2009-08-12 21:52 - 00220873 _____ C:\Windows\KB961501.log
2013-12-07 20:22 - 2009-06-07 09:26 - 00215163 _____ C:\Windows\KB961373.log
2013-12-07 20:22 - 2009-06-07 09:23 - 00212096 _____ C:\Windows\KB960803.log
2013-12-07 20:22 - 2009-06-07 09:22 - 00025582 _____ C:\Windows\KB963027.log
2013-12-07 20:22 - 2009-03-13 08:28 - 00208015 _____ C:\Windows\KB967715.log
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB960803$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB960225$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB959426$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB958690$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB958687$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB958644$
2013-12-07 20:21 - 2013-12-07 20:21 - 00000000 __HDC C:\Windows\$NtUninstallKB957097$
2013-12-07 20:21 - 2009-06-07 09:26 - 00217937 _____ C:\Windows\KB959426.log
2013-12-07 20:21 - 2009-03-13 10:14 - 00018281 _____ C:\Windows\KB958215.log
2013-12-07 20:21 - 2009-03-13 10:12 - 00011750 _____ C:\Windows\KB960714.log
2013-12-07 20:21 - 2009-03-13 10:11 - 00201231 _____ C:\Windows\KB957097.log
2013-12-07 20:21 - 2009-03-13 10:11 - 00201081 _____ C:\Windows\KB958687.log
2013-12-07 20:21 - 2009-03-13 08:32 - 00206588 _____ C:\Windows\KB960225.log
2013-12-07 20:21 - 2008-10-24 11:11 - 00206642 _____ C:\Windows\KB958644.log
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB957095$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956844$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956841$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956803$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956802$
2013-12-07 20:20 - 2013-12-07 20:20 - 00000000 __HDC C:\Windows\$NtUninstallKB956572$
2013-12-07 20:20 - 2013-12-07 18:22 - 00200401 _____ C:\Windows\KB956844.log
2013-12-07 20:20 - 2009-08-12 21:39 - 00221331 _____ C:\Windows\KB956572.log
2013-12-07 20:20 - 2009-03-13 08:27 - 00205397 _____ C:\Windows\KB956802.log
2013-12-07 20:20 - 2008-10-16 05:12 - 00204327 _____ C:\Windows\KB956803.log
2013-12-07 20:20 - 2008-10-16 05:11 - 00204330 _____ C:\Windows\KB957095.log
2013-12-07 20:20 - 2008-10-16 05:08 - 00204522 _____ C:\Windows\KB956841.log
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB974112_1$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB973687_1$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB955759$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB955069$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB954600$
2013-12-07 20:19 - 2013-12-07 20:19 - 00000000 __HDC C:\Windows\$NtUninstallKB954211$
2013-12-07 20:19 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2013-12-07 20:19 - 2013-12-07 18:24 - 00208542 _____ C:\Windows\KB955759.log
2013-12-07 20:19 - 2009-03-13 10:10 - 00199767 _____ C:\Windows\KB955069.log
2013-12-07 20:19 - 2009-03-13 08:40 - 00033748 _____ C:\Windows\KB955839.log
2013-12-07 20:19 - 2008-10-16 05:08 - 00202604 _____ C:\Windows\KB954211.log
2013-12-07 20:19 - 2008-08-13 17:55 - 00208225 _____ C:\Windows\KB952954.log
2013-12-07 20:19 - 2008-08-13 17:51 - 00022105 _____ C:\Windows\KB953838.log
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB952004$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951748$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951698$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-12-07 20:18 - 2013-12-07 20:18 - 00000000 __HDC C:\Windows\$NtUninstallKB951066$
2013-12-07 20:18 - 2009-06-07 09:24 - 00213800 _____ C:\Windows\KB952004.log
2013-12-07 20:18 - 2008-08-13 18:03 - 00201408 _____ C:\Windows\KB952287.log
2013-12-07 20:18 - 2008-08-13 18:02 - 00201365 _____ C:\Windows\KB951066.log
2013-12-07 20:18 - 2008-08-13 17:54 - 00207666 _____ C:\Windows\KB950974.log
2013-12-07 20:18 - 2008-08-13 17:52 - 00031141 _____ C:\Windows\KB951072-v2.log
2013-12-07 20:18 - 2008-07-23 18:18 - 00215338 _____ C:\Windows\KB951748.log
2013-12-07 20:18 - 2008-07-21 08:54 - 00204411 _____ C:\Windows\KB951376-v2.log
2013-12-07 20:18 - 2008-07-20 18:22 - 00208340 _____ C:\Windows\KB951698.log
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB938464$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2013-12-07 20:17 - 2013-12-07 20:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2229593$
2013-12-07 20:17 - 2013-12-07 18:29 - 00207906 _____ C:\Windows\KB2229593.log
2013-12-07 20:17 - 2009-06-07 09:25 - 00201092 _____ C:\Windows\KB923561.log
2013-12-07 20:17 - 2008-10-16 05:04 - 00200283 _____ C:\Windows\KB938464.log
2013-12-07 20:17 - 2008-08-13 18:05 - 00202226 _____ C:\Windows\KB946648.log
2013-12-07 20:17 - 2008-07-21 08:53 - 00204369 _____ C:\Windows\KB950762.log
2013-12-07 20:17 - 2008-07-20 18:22 - 00023534 _____ C:\Windows\KB950759.log
2013-12-07 20:15 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\security
2013-12-07 20:11 - 2007-10-30 21:10 - 00000373 _____ C:\Windows\cmsetacl.log
2013-12-07 20:11 - 2003-01-09 15:35 - 00005090 _____ C:\Windows\sessmgr.setup.log
2013-12-07 20:09 - 2013-12-07 20:09 - 00000000 ____D C:\Windows\System32\scripting
2013-12-07 20:09 - 2013-12-07 20:09 - 00000000 ____D C:\Windows\l2schemas
2013-12-07 20:09 - 2007-10-30 21:09 - 00000000 ____D C:\Windows\peernet
2013-12-07 20:09 - 2007-10-30 18:50 - 00000000 ____D C:\Windows\System32\bits
2013-12-07 20:09 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\System32\usmt
2013-12-07 20:09 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\System32\inetsrv
2013-12-07 20:09 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\ime
2013-12-07 20:04 - 2003-01-09 15:36 - 00000000 ____D C:\Windows\srchasst
2013-12-07 20:04 - 2003-01-09 15:35 - 00000000 ____D C:\Windows\System32\Restore
2013-12-07 20:04 - 2003-01-09 15:35 - 00000000 ____D C:\Program Files\NetMeeting
2013-12-07 20:04 - 2003-01-09 15:35 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-07 20:04 - 2003-01-09 15:34 - 00000000 ____D C:\Windows\System32\Com
2013-12-07 20:04 - 2003-01-09 15:34 - 00000000 ____D C:\Program Files\Windows NT
2013-12-07 20:04 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\System32\npp
2013-12-07 20:04 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\mui
2013-12-07 20:04 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\msagent
2013-12-07 20:03 - 2003-01-09 07:24 - 00000000 ____D C:\Windows\system
2013-12-07 20:00 - 2003-01-09 14:21 - 00250048 __RSH C:\ntldr
2013-12-07 19:59 - 2007-10-30 21:00 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-12-07 19:59 - 2007-10-30 20:57 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2013-12-07 19:25 - 2013-12-07 18:57 - 00000000 ____D C:\Windows\System32\MRT
2013-12-07 19:01 - 2009-12-31 10:47 - 00000000 ____D C:\Documents and Settings\Colin\Local Settings\Application Data\wdtlnp
2013-12-07 18:52 - 2007-10-31 19:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-07 18:45 - 2007-10-29 23:21 - 00000000 ____D C:\Program Files\Microsoft Works
2013-12-07 18:45 - 2003-01-09 07:27 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-07 18:37 - 2007-10-29 23:12 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-07 18:32 - 2013-12-07 18:31 - 00025041 _____ C:\Windows\KB982381-IE8.log
2013-12-07 18:31 - 2013-12-07 18:30 - 00308876 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-12-07 18:31 - 2013-12-07 18:22 - 00000000 ____D C:\Windows\ie8updates
2013-12-07 18:29 - 2013-12-07 18:29 - 00000000 __HDC C:\Windows\$NtUninstallKB979559_0$
2013-12-07 18:29 - 2013-12-07 18:29 - 00000000 __HDC C:\Windows\$NtUninstallKB975562_0$
2013-12-07 18:29 - 2013-12-07 18:29 - 00000000 __HDC C:\Windows\$NtUninstallKB2229593_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00015734 _____ C:\Windows\KB980195.log
2013-12-07 18:28 - 2013-12-07 18:28 - 00015215 _____ C:\Windows\KB978695.log
2013-12-07 18:28 - 2013-12-07 18:28 - 00013069 _____ C:\Windows\KB981793.log
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB981793$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB980218_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB980195$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB979482_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB978601_0$
2013-12-07 18:28 - 2013-12-07 18:28 - 00000000 __HDC C:\Windows\$NtUninstallKB978542_0$
2013-12-07 18:28 - 2013-12-07 18:27 - 00013436 _____ C:\Windows\KB979402.log
2013-12-07 18:28 - 2007-10-31 10:48 - 00721970 _____ C:\Windows\System32\TZLog.log
2013-12-07 18:27 - 2013-12-07 18:27 - 00015649 _____ C:\Windows\KB981332-IE8.log
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979683_0$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979402_WM9L$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB979309_0$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB978338_0$
2013-12-07 18:27 - 2013-12-07 18:27 - 00000000 __HDC C:\Windows\$NtUninstallKB977816$
2013-12-07 18:27 - 2013-12-07 17:33 - 00021139 _____ C:\Windows\KB977816.log
2013-12-07 18:26 - 2013-12-07 18:26 - 00016626 _____ C:\Windows\KB976662-IE8.log
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB980232_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB978706_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB977914_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB975561_0$
2013-12-07 18:26 - 2013-12-07 18:26 - 00000000 __HDC C:\Windows\$NtUninstallKB971468_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00015851 _____ C:\Windows\KB973904.log
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB978037_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975713_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB975560_0$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB973904$
2013-12-07 18:25 - 2013-12-07 18:25 - 00000000 __HDC C:\Windows\$NtUninstallKB972270_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB974392_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB974318_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB973687_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB971737_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB970430_0$
2013-12-07 18:24 - 2013-12-07 18:24 - 00000000 __HDC C:\Windows\$NtUninstallKB955759_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00007310 _____ C:\Windows\KB958869.log
2013-12-07 18:23 - 2013-12-07 18:23 - 00006805 _____ C:\Windows\KB954155.log
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB975467_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB975025_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB974571_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB974112_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB969059_0$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB958869$
2013-12-07 18:23 - 2013-12-07 18:23 - 00000000 __HDC C:\Windows\$NtUninstallKB954155_WM9$
2013-12-07 18:23 - 2013-12-07 18:22 - 00009860 _____ C:\Windows\KB971961-IE8.log
2013-12-07 18:22 - 2013-12-07 18:22 - 00000000 __HDC C:\Windows\$NtUninstallKB956844_0$
2013-12-07 12:53 - 2013-12-07 12:53 - 00090112 _____ C:\Windows\Minidump\Mini120713-04.dmp
2013-12-07 12:50 - 2013-12-07 12:50 - 00090112 _____ C:\Windows\Minidump\Mini120713-03.dmp
2013-12-07 12:48 - 2013-12-07 12:48 - 00090112 _____ C:\Windows\Minidump\Mini120713-02.dmp
2013-12-07 12:43 - 2013-12-07 12:43 - 00090112 _____ C:\Windows\Minidump\Mini120713-01.dmp
2013-12-07 01:54 - 2013-12-07 01:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-12-07 01:54 - 2013-12-07 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-12-07 01:49 - 2007-11-01 13:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-07 01:04 - 2013-12-07 01:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-07 01:04 - 2013-12-07 01:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2013-12-07 01:04 - 2007-11-01 13:12 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-07 00:31 - 2013-12-07 00:31 - 00090112 _____ C:\Windows\Minidump\Mini120613-18.dmp
2013-12-06 23:53 - 2013-12-06 23:53 - 00000000 ____D C:\Documents and Settings\Colin\Application Data\InterVideo
2013-12-06 23:46 - 2013-12-06 23:46 - 00090112 _____ C:\Windows\Minidump\Mini120613-17.dmp
2013-12-06 23:45 - 2013-12-06 23:45 - 00090112 _____ C:\Windows\Minidump\Mini120613-16.dmp
2013-12-06 23:43 - 2013-12-06 23:43 - 00090112 _____ C:\Windows\Minidump\Mini120613-15.dmp
2013-12-06 23:42 - 2013-12-06 23:42 - 00090112 _____ C:\Windows\Minidump\Mini120613-14.dmp
2013-12-06 23:28 - 2013-12-06 23:29 - 00090112 _____ C:\Windows\Minidump\Mini120613-13.dmp
2013-12-06 23:17 - 2013-12-06 23:17 - 00090112 _____ C:\Windows\Minidump\Mini120613-12.dmp
2013-12-06 23:15 - 2013-12-06 23:15 - 00090112 _____ C:\Windows\Minidump\Mini120613-11.dmp
2013-12-06 23:08 - 2013-12-06 23:08 - 00090112 _____ C:\Windows\Minidump\Mini120613-10.dmp
2013-12-06 23:07 - 2013-12-06 23:07 - 00090112 _____ C:\Windows\Minidump\Mini120613-09.dmp
2013-12-06 23:06 - 2013-12-06 23:06 - 00090112 _____ C:\Windows\Minidump\Mini120613-08.dmp
2013-12-06 23:04 - 2013-12-06 23:04 - 00090112 _____ C:\Windows\Minidump\Mini120613-07.dmp
2013-12-06 23:01 - 2013-12-06 23:01 - 00090112 _____ C:\Windows\Minidump\Mini120613-06.dmp
2013-12-06 23:00 - 2013-12-06 23:00 - 00090112 _____ C:\Windows\Minidump\Mini120613-05.dmp
2013-12-06 22:55 - 2013-12-06 22:55 - 00090112 _____ C:\Windows\Minidump\Mini120613-04.dmp
2013-12-06 22:49 - 2013-12-06 22:49 - 00090112 _____ C:\Windows\Minidump\Mini120613-03.dmp
2013-12-06 22:47 - 2013-12-06 22:47 - 00090112 _____ C:\Windows\Minidump\Mini120613-02.dmp
2013-12-06 22:46 - 2013-12-06 22:46 - 00090112 _____ C:\Windows\Minidump\Mini120613-01.dmp

Files to move or delete:
====================
C:\Documents and Settings\Colin\jagex_runescape_preferences.dat


Some content of TEMP:
====================
C:\Documents and Settings\Colin\Local Settings\Temp\GLF26.EXE
C:\Documents and Settings\Colin\Local Settings\Temp\LRPatch.exe
C:\Documents and Settings\Colin\Local Settings\Temp\LRSetup.exe
C:\Documents and Settings\Colin\Local Settings\Temp\ose00000.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-12-08 14:39 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP123

RP: -> 2013-12-08 14:34 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP122

RP: -> 2013-12-08 13:36 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP121

RP: -> 2013-12-08 13:15 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP120

RP: -> 2013-12-08 12:26 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP119

RP: -> 2013-12-08 12:08 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP118

RP: -> 2013-12-08 12:07 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP117

RP: -> 2013-12-08 11:21 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP116

RP: -> 2013-12-08 11:10 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP115

RP: -> 2013-12-08 01:45 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP114

RP: -> 2013-12-08 00:33 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP113

RP: -> 2013-12-08 00:29 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP112

RP: -> 2013-12-08 00:09 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP111

RP: -> 2013-12-08 00:07 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP110

RP: -> 2013-12-07 19:44 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP109

RP: -> 2013-12-07 18:21 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP108

RP: -> 2013-12-06 23:11 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP107

RP: -> 2013-12-06 22:51 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP106

RP: -> 2013-11-27 10:14 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP105

RP: -> 2013-11-23 13:53 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP104

RP: -> 2013-09-25 13:52 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP103

RP: -> 2013-09-23 16:30 - 028672 _restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP102


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 1022.98 MB
Available physical RAM: 795.46 MB
Total Pagefile: 906.5 MB
Available Pagefile: 818.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.8 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:60 GB) (Free:39.21 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:51.78 GB) (Free:51.59 GB) NTFS
Drive e: (TRAVELDRIVE) (Removable) (Total:7.2 GB) (Free:0.09 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 1A56973F)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=52 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Search.txt:

 

Farbar Recovery Scan Tool (x86) Version: 09-12-2013
Ran by SYSTEM at 2013-12-10 12:18:22
Running from E:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2003-01-09 14:21] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\system32\dllcache\services.exe
[2009-06-07 09:25] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2008-07-30 18:09] - [2008-04-13 19:12] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\ServicePackFiles\i386\services.exe
[2007-10-30 21:06] - [2008-04-13 19:12] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009-08-12 21:40] - [2004-08-04 03:56] - 0108032 ____C (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2013-12-07 20:20] - [2008-04-13 19:12] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2013-12-07 19:54] - [2009-02-06 12:14] - 0110592 ____C (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-06-07 09:25] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-06-07 09:25] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-06-07 09:25] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd

X:\I386\SYSTEM32\SERVICES.EXE
[2004-08-03 20:07] - [2004-08-03 20:07] - 0108032 ____R (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

=== End Of Search ===

 

Link to post
Share on other sites

  • Staff

Hello Misty416

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 S0 iunewmyi; System32\drivers\yhij.sys [x]2013-12-08 12:06 - 2013-12-08 12:06 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\sdeivgqh.sysC:\Documents and Settings\Colin\Local Settings\Temp\GLF26.EXEC:\Documents and Settings\Colin\Local Settings\Temp\LRPatch.exeC:\Documents and Settings\Colin\Local Settings\Temp\LRSetup.exeC:\Documents and Settings\Colin\Local Settings\Temp\ose00000.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

Link to post
Share on other sites

Hello Gringo!

 

Thank you for helping me with this issue!  I did as you instructed and all went smoothly however the laptop is still freezing at the "Windows is starting up...." when I boot it normally.  Here is the log that was generated when I ran FRST using fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-12-2013 02
Ran by Colin at 2013-12-16 13:53:19 Run:1
Running from F:\
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************

S0 iunewmyi; System32\drivers\yhij.sys [x]
2013-12-08 12:06 - 2013-12-08 12:06 - 00403440 _____ (AVAST Software) C:\Windows\System32\Drivers\sdeivgqh.sys
C:\Documents and Settings\Colin\Local Settings\Temp\GLF26.EXE
C:\Documents and Settings\Colin\Local Settings\Temp\LRPatch.exe
C:\Documents and Settings\Colin\Local Settings\Temp\LRSetup.exe
C:\Documents and Settings\Colin\Local Settings\Temp\ose00000.exe
*****************

iunewmyi => Service deleted successfully.
C:\Windows\System32\Drivers\sdeivgqh.sys => Moved successfully.
C:\Documents and Settings\Colin\Local Settings\Temp\GLF26.EXE => Moved successfully.
C:\Documents and Settings\Colin\Local Settings\Temp\LRPatch.exe => Moved successfully.
C:\Documents and Settings\Colin\Local Settings\Temp\LRSetup.exe => Moved successfully.
C:\Documents and Settings\Colin\Local Settings\Temp\ose00000.exe => Moved successfully.

==== End of Fixlog ====

 

Are there additional steps I could do?

Misty

Link to post
Share on other sites

  • Staff

Hello Misty416

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hi Gringo,

 

I followed your instructions without any issues.  Unfortunately the computer still won't boot in normal mode and is still frozen on the screen "Windows is starting up...".

I performed these steps in Safemode with Networking so no security software was running.  Here is the Combofix log:

 

ComboFix 13-12-18.01 - Colin 12/18/2013   9:13.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.820 [GMT -8:00]
Running from: F:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Shared
c:\windows\dasetup.log
c:\windows\help\wmplayer.bak
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\MUI\0416\tourstart.exe
c:\windows\system32\MUI\0C0A\tourstart.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-18 to 2013-12-18  )))))))))))))))))))))))))))))))
.
.
2013-12-10 23:27 . 2013-12-10 23:27    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2013-12-10 23:26 . 2013-12-16 21:52    --------    d-----w-    c:\documents and settings\Colin\Local Settings\Application Data\LogMeIn Rescue Applet
2013-12-10 23:14 . 2013-12-10 23:14    --------    d-----w-    c:\documents and settings\Colin\Application Data\ParetoLogic
2013-12-10 23:14 . 2013-12-10 23:14    --------    d-----w-    c:\documents and settings\Colin\Application Data\DriverCure
2013-12-10 23:13 . 2013-12-10 23:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\ParetoLogic
2013-12-10 20:08 . 2013-12-10 20:08    --------    d-----w-    c:\program files\Common Files\ParetoLogic
2013-12-10 20:08 . 2013-12-10 20:08    --------    d-----w-    c:\program files\ParetoLogic
2013-12-10 15:07 . 2013-12-16 21:52    --------    d-----w-    C:\FRST
2013-12-10 00:15 . 2013-12-10 00:16    --------    d-----w-    c:\documents and settings\McKenna
2013-12-09 19:36 . 2013-12-09 19:36    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-12-09 18:53 . 2013-12-09 18:53    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2013-12-09 04:37 . 2013-12-09 04:37    --------    d-----w-    c:\documents and settings\Colin\Application Data\Malwarebytes
2013-12-09 04:37 . 2013-12-09 04:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-12-09 04:37 . 2013-12-10 00:17    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-12-09 04:37 . 2013-04-04 22:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-12-08 19:39 . 2013-12-08 19:39    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-12-08 19:39 . 2013-12-08 19:39    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-08 19:39 . 2013-12-08 19:39    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-08 19:39 . 2013-12-08 19:39    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-08 19:39 . 2013-12-08 19:39    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-08 19:39 . 2013-12-08 19:39    403440    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-12-08 19:39 . 2013-12-08 19:39    35656    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-12-08 19:39 . 2013-12-08 19:39    54832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-12-08 19:39 . 2013-12-08 19:39    269216    ----a-w-    c:\windows\system32\aswBoot.exe
2013-12-08 19:39 . 2013-12-08 19:39    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-08 18:16 . 2013-12-08 18:16    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-12-08 06:11 . 2013-12-08 06:11    --------    d-----w-    c:\documents and settings\Colin\Application Data\AVAST Software
2013-12-08 05:35 . 2013-12-08 19:40    --------    d-----w-    c:\program files\Google
2013-12-08 05:35 . 2013-12-08 19:40    --------    d-----w-    c:\documents and settings\Colin\Local Settings\Application Data\Google
2013-12-08 05:29 . 2013-12-08 05:29    --------    d-----w-    c:\program files\AVAST Software
2013-12-08 05:02 . 2013-12-08 05:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVAST Software
2013-12-08 03:24 . 2013-12-08 03:24    --------    d-----w-    c:\documents and settings\Colin\Application Data\Easeware
2013-12-08 01:31 . 2013-12-08 01:31    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2013-12-08 01:09 . 2013-12-08 01:09    --------    d-----w-    c:\windows\system32\scripting
2013-12-08 01:09 . 2013-12-08 01:09    --------    d-----w-    c:\windows\l2schemas
2013-12-08 01:09 . 2013-12-08 01:09    --------    d-----w-    c:\windows\system32\en
2013-12-07 23:57 . 2013-12-08 00:25    --------    d-----w-    c:\windows\system32\MRT
2013-12-07 23:22 . 2013-12-07 23:31    --------    d-----w-    c:\windows\ie8updates
2013-12-07 22:38 . 2010-05-06 10:41    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2013-12-07 22:38 . 2010-05-06 10:41    599040    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2013-12-07 22:38 . 2010-05-06 10:41    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2013-12-07 22:37 . 2010-05-06 10:41    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2013-12-07 22:37 . 2010-05-06 10:41    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2013-12-07 22:37 . 2010-05-06 10:41    1985536    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2013-12-07 22:37 . 2010-05-06 10:41    11076096    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2013-12-07 22:35 . 2010-06-14 14:31    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2013-12-07 22:33 . 2009-10-23 15:28    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2013-12-07 22:31 . 2009-11-21 15:51    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2013-12-07 22:30 . 2009-06-21 21:44    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2013-12-07 06:54 . 2013-12-07 06:54    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-07 06:54 . 2013-12-07 06:54    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-07 05:40 . 2008-09-30 10:24    453120    ----a-r-    c:\windows\system32\drivers\WN111v2.sys
2013-12-07 04:53 . 2013-12-07 04:53    --------    d-----w-    c:\documents and settings\Colin\Application Data\InterVideo
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-08 19:39    321752    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk
backup=c:\windows\pss\PowerPanel.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-09-19 21:35    114688    ----a-w-    c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-05 00:24    28672    ----a-w-    c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-09-13 05:10    335872    ----a-w-    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2013-12-08 19:39    3568312    ----a-w-    c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2003-09-06 07:20    70816    ----a-w-    c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29    40960    ----a-w-    c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
2003-08-14 18:00    90112    ----a-w-    c:\program files\Sony\HotKey Utility\HKServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2003-01-10 16:04    77824    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2003-01-15 20:07    217088    ----a-w-    c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
2003-09-06 23:36    70840    ----a-w-    c:\program files\Norton Internet Security\UrlLstCk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08    28672    ----a-w-    c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2003-06-24 00:32    1409024    ----a-w-    c:\program files\support.com\client\bin\tgcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [1/9/2003 11:22 AM 71961]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12/8/2013 11:39 AM 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12/8/2013 11:39 AM 178304]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/8/2013 11:39 AM 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2013 11:39 AM 403440]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/8/2013 11:39 AM 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/8/2013 11:39 AM 70384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/8/2013 8:37 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2013 8:37 PM 701512]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [8/19/2009 4:56 PM 29184]
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;c:\windows\system32\drivers\fa410nd5.sys [1/9/2003 4:31 AM 24618]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2013 8:37 PM 22856]
S3 oibtvcom;Bluetooth Virtual COM Port;c:\windows\system32\drivers\oivmvcom.sys [1/10/2003 3:54 AM 279680]
S3 oivmctrl;VCOMM Device Controller;c:\windows\system32\drivers\oivmctrl.sys [1/10/2003 3:54 AM 15616]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [12/6/2013 9:40 PM 453120]
S4 sdeivgqh;sdeivgqh; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-08 19:41    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 06:54]
.
2013-12-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-08 19:39]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-08 19:40]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-08 19:40]
.
2009-09-01 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-17 23:34]
.
2013-12-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2013-09-30 18:24]
.
2013-12-10 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24]
.
2013-12-10 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24]
.
2013-12-10 c:\windows\Tasks\RegCure Pro Startup.job
- c:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-09-30 18:24]
.
2013-12-10 c:\windows\Tasks\RegCure Pro.job
- c:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-09-30 18:24]
.
2007-10-30 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-01-09 00:12]
.
2007-10-30 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-01-09 00:12]
.
2007-10-31 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-10-30 02:38]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1


FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\8q1ftnch.default\

FF - ExtSQL: 2013-12-08 11:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Mouse Suite 98 Daemon - ICO.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-18 09:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-12-18  09:27:19
ComboFix-quarantined-files.txt  2013-12-18 17:27
.
Pre-Run: 42,975,326,208 bytes free
Post-Run: 43,194,753,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 4F4E2B50E34EF5A03AEBD5B07F3FF344
8F558EB6672622401DA993E1E865C861
 

Is there more that can be done?  This laptop is older and might be at the end of it's life.  What do you think?

With appreciation,

Misty

Link to post
Share on other sites

  • Staff

Hello Misty416

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::Folder::c:\documents and settings\Colin\Application Data\ParetoLogicc:\documents and settings\Colin\Application Data\DriverCurec:\documents and settings\All Users\Application Data\ParetoLogicc:\program files\Common Files\ParetoLogicc:\program files\ParetoLogicDriver::sdeivgqh 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Gringo,

 

Again, all ran smoothly today but unfortunately, no change with the computer, it still freezes at the "Windows is starting up..." screen.  It's too bad I can't attach a file to this post as the log is faily long but here it is:

 

  ComboFix 13-12-18.01 - Colin 12/19/2013   8:47.2.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.691 [GMT -8:00]
Running from: c:\documents and settings\Colin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Colin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\documents and settings\All Users\Application Data\ParetoLogic\RegCure Pro\compid.rdat
c:\documents and settings\All Users\Application Data\ParetoLogic\RegCure Pro\dc_db.db
c:\documents and settings\All Users\Application Data\ParetoLogic\RegCure Pro\license.dat
c:\documents and settings\All Users\Application Data\ParetoLogic\RegCure Pro\License.rdat
c:\documents and settings\All Users\Application Data\ParetoLogic\RegCure Pro\License_Time.rdat
c:\documents and settings\All Users\Application Data\ParetoLogic\RegCure Pro\RB.rdat
c:\documents and settings\All Users\Application Data\ParetoLogic\RegCure Pro\tfn.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS3\Master.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS3\Patch.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS3\RegCure Pro\database.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS3\RegCure Pro\Master.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS3\RegCure Pro\Patch.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS3\RegCure Pro\Update.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS3\Update.xml
c:\documents and settings\Colin\Application Data\DriverCure
c:\documents and settings\Colin\Application Data\DriverCure\LogFile.txt
c:\documents and settings\Colin\Application Data\ParetoLogic
c:\program files\Common Files\ParetoLogic
c:\program files\Common Files\ParetoLogic\UUS3\Images\ad_generic.jpg
c:\program files\Common Files\ParetoLogic\UUS3\Images\close.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_md.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_mo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_pu.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_pu_md.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_pu_mo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\Logo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\min.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\min_md.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\min_mo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\progress_glow.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\topbar_gradient.png
c:\program files\Common Files\ParetoLogic\UUS3\LiteUnzip.dll
c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
c:\program files\Common Files\ParetoLogic\UUS3\settings.xml
c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll
c:\program files\ParetoLogic
c:\program files\ParetoLogic\RegCure Pro\7ZipDLL.dll
c:\program files\ParetoLogic\RegCure Pro\colors.xml
c:\program files\ParetoLogic\RegCure Pro\CommonLoggingExtension.pxt
c:\program files\ParetoLogic\RegCure Pro\CommonSpecialist.pxt
c:\program files\ParetoLogic\RegCure Pro\ExtensionManager.dll
c:\program files\ParetoLogic\RegCure Pro\filecachedb.xml
c:\program files\ParetoLogic\RegCure Pro\HandleUpdate.dll
c:\program files\ParetoLogic\RegCure Pro\html\0_days.htm
c:\program files\ParetoLogic\RegCure Pro\html\1_days.htm
c:\program files\ParetoLogic\RegCure Pro\html\15_days.htm
c:\program files\ParetoLogic\RegCure Pro\html\2_days.htm
c:\program files\ParetoLogic\RegCure Pro\html\30_days.htm
c:\program files\ParetoLogic\RegCure Pro\html\5_days.htm
c:\program files\ParetoLogic\RegCure Pro\html\container_content_bkimg.gif
c:\program files\ParetoLogic\RegCure Pro\html\container_content_leftimg.gif
c:\program files\ParetoLogic\RegCure Pro\html\container_content_rightimg.gif
c:\program files\ParetoLogic\RegCure Pro\html\error_connect.html
c:\program files\ParetoLogic\RegCure Pro\html\images\10x10.gif
c:\program files\ParetoLogic\RegCure Pro\html\images\10x10tile.gif
c:\program files\ParetoLogic\RegCure Pro\html\images\background.jpg
c:\program files\ParetoLogic\RegCure Pro\html\images\contentwrapper.gif
c:\program files\ParetoLogic\RegCure Pro\html\images\error_internet.jpg
c:\program files\ParetoLogic\RegCure Pro\html\images\footerbarfill.gif
c:\program files\ParetoLogic\RegCure Pro\html\images\info_bubble.jpg
c:\program files\ParetoLogic\RegCure Pro\html\images\tile_footerbarbase.jpg
c:\program files\ParetoLogic\RegCure Pro\html\images\tile_subheadbarbase.jpg
c:\program files\ParetoLogic\RegCure Pro\html\images\tile_titlebarbase.jpg
c:\program files\ParetoLogic\RegCure Pro\html\main.css
c:\program files\ParetoLogic\RegCure Pro\html\main_error.css
c:\program files\ParetoLogic\RegCure Pro\html\package_titlebar_bkimg.jpg
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\btn.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\btn_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_bho.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_defrag.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_file.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_generalsettings.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_ignore.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_junk.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_privacy.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_process.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_registry.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_schedule.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\button_startup.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\offeraction.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\offeraction_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\register.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\register_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\register_over_small.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\register_small.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\renew.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\renew_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\settings_button.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\settings_button_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\start.png
c:\program files\ParetoLogic\RegCure Pro\Images\buttons\start_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\defrag\c_empty.png
c:\program files\ParetoLogic\RegCure Pro\Images\defrag\c_frag.png
c:\program files\ParetoLogic\RegCure Pro\Images\defrag\c_unfrag.png
c:\program files\ParetoLogic\RegCure Pro\Images\defrag\c_unknown.png
c:\program files\ParetoLogic\RegCure Pro\Images\defrag\c_unmove.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\bottom_logo.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\close.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\dlg_title.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\logo.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\max.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\min.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\register.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\register_close.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\register_close_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\register_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\renew.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\renew_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\restore.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\tab_bg.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\tabactive_bg.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\tabover_bg.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\tfn_bg.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\tfn_logo.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\title_bar.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\top_logo.png
c:\program files\ParetoLogic\RegCure Pro\Images\Frame\upper_divider.png
c:\program files\ParetoLogic\RegCure Pro\Images\general\collapse.png
c:\program files\ParetoLogic\RegCure Pro\Images\general\delete.png
c:\program files\ParetoLogic\RegCure Pro\Images\general\driverbg.png
c:\program files\ParetoLogic\RegCure Pro\Images\general\expand.png
c:\program files\ParetoLogic\RegCure Pro\Images\general\progress_glow.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\bho.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\dup_audio.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\dup_doc.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\dup_image.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\dup_other.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\dup_video.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\ig_drivers.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\ig_proc.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\ig_reg.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\junk.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_3rd.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_browser.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_email.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_fs.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_im.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_multi.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_office.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_other.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\priv_windows.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_apppath.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_com.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_dll.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_empty.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_extensions.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_filepath.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_font.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_help.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_shortcut.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_startup.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\reg_uninstall.png
c:\program files\ParetoLogic\RegCure Pro\Images\group\startup.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_about.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_bho.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_clean.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_defrag.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_driver.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_file.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_junk.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_junk_settings.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_malware.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_performance.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_privacy.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_process.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_registry.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_restore.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_settings.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_startup.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\header_tools.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\settings_general.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\settings_ignore.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\settings_privacy.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\settings_registry.png
c:\program files\ParetoLogic\RegCure Pro\Images\headers\settings_schedule.png
c:\program files\ParetoLogic\RegCure Pro\Images\Icons\cleaned.png
c:\program files\ParetoLogic\RegCure Pro\Images\Icons\info.png
c:\program files\ParetoLogic\RegCure Pro\Images\Icons\warning.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\cd.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\cpu.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\disk.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\display.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\driver_outdated.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\driver_uptodate.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\floppy.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\mouse_key.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\other.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\outdated.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\power.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\printer.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\software.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\system.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\uptodate.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\drivers\usb.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\other.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\process\bho.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\process\process.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\process\startup.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_malware16.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_malware24.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_malware32.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_system16.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_system24.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_system32.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unknown16.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unknown24.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unknown32.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unwanted16.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unwanted24.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_unwanted32.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_userapp16.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_userapp24.png
c:\program files\ParetoLogic\RegCure Pro\Images\list\recommendations\rec_userapp32.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\011.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\012.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\01.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\02.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\03.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\04.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\05.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\06.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\07.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\08.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\animation\09.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\check.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\damage1.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\damage2.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\damage3.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\damage4.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\damage5.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\damage6.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_1.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_10.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_11.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_12.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_13.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_14.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_15.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_16.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_17.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_18.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_19.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_2.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_20.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_21.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_22.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_3.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_4.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_5.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_6.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_7.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_8.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\driver_animation\ani_9.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\error.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\error_large.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\Fix.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\Fix_over.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\junk.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\malware.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\md5.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\privacy.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\process-animation.gif
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_h.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_h_scan.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_l.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_l_scan.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_m.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_m_scan.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_mh.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_mh_scan.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_ml.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\rating_ml_scan.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\registry.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\security_high.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\security_low.png
c:\program files\ParetoLogic\RegCure Pro\Images\Scan\warning.png
c:\program files\ParetoLogic\RegCure Pro\Images\Tabs\drivers.png
c:\program files\ParetoLogic\RegCure Pro\Images\Tabs\overview.png
c:\program files\ParetoLogic\RegCure Pro\Images\Tabs\restore.png
c:\program files\ParetoLogic\RegCure Pro\Images\Tabs\scan.png
c:\program files\ParetoLogic\RegCure Pro\Images\Tabs\settings.png
c:\program files\ParetoLogic\RegCure Pro\Images\Tabs\tools.png
c:\program files\ParetoLogic\RegCure Pro\License_Time.rdat
c:\program files\ParetoLogic\RegCure Pro\LiteUnzip.dll
c:\program files\ParetoLogic\RegCure Pro\LiteZip.dll
c:\program files\ParetoLogic\RegCure Pro\LogSettings.xml
c:\program files\ParetoLogic\RegCure Pro\MyResources.dll
c:\program files\ParetoLogic\RegCure Pro\privacy.db
c:\program files\ParetoLogic\RegCure Pro\RB.rdat
c:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe
c:\program files\ParetoLogic\RegCure Pro\RegHookSpecialist.pxt
c:\program files\ParetoLogic\RegCure Pro\SandBoxer.dll
c:\program files\ParetoLogic\RegCure Pro\settings.xml
c:\program files\ParetoLogic\RegCure Pro\sqlite3.dll
c:\program files\ParetoLogic\RegCure Pro\uninstall.exe
c:\program files\ParetoLogic\RegCure Pro\UNS.xml
c:\program files\ParetoLogic\RegCure Pro\Utility.pxt
c:\program files\ParetoLogic\RegCure Pro\whitelist.dat
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SDEIVGQH
-------\Service_sdeivgqh
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-19 to 2013-12-19  )))))))))))))))))))))))))))))))
.
.
2013-12-10 23:27 . 2013-12-10 23:27    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2013-12-10 23:26 . 2013-12-16 21:52    --------    d-----w-    c:\documents and settings\Colin\Local Settings\Application Data\LogMeIn Rescue Applet
2013-12-10 15:07 . 2013-12-16 21:52    --------    d-----w-    C:\FRST
2013-12-10 00:15 . 2013-12-10 00:16    --------    d-----w-    c:\documents and settings\McKenna
2013-12-09 19:36 . 2013-12-09 19:36    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-12-09 18:53 . 2013-12-09 18:53    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2013-12-09 04:37 . 2013-12-09 04:37    --------    d-----w-    c:\documents and settings\Colin\Application Data\Malwarebytes
2013-12-09 04:37 . 2013-12-09 04:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-12-09 04:37 . 2013-12-10 00:17    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-12-09 04:37 . 2013-04-04 22:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-12-08 19:39 . 2013-12-08 19:39    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-12-08 19:39 . 2013-12-08 19:39    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-08 19:39 . 2013-12-08 19:39    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-08 19:39 . 2013-12-08 19:39    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-08 19:39 . 2013-12-08 19:39    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-08 19:39 . 2013-12-08 19:39    403440    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-12-08 19:39 . 2013-12-08 19:39    35656    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-12-08 19:39 . 2013-12-08 19:39    54832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-12-08 19:39 . 2013-12-08 19:39    269216    ----a-w-    c:\windows\system32\aswBoot.exe
2013-12-08 19:39 . 2013-12-08 19:39    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-08 18:16 . 2013-12-08 18:16    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-12-08 06:11 . 2013-12-08 06:11    --------    d-----w-    c:\documents and settings\Colin\Application Data\AVAST Software
2013-12-08 05:35 . 2013-12-08 19:40    --------    d-----w-    c:\program files\Google
2013-12-08 05:35 . 2013-12-08 19:40    --------    d-----w-    c:\documents and settings\Colin\Local Settings\Application Data\Google
2013-12-08 05:29 . 2013-12-08 05:29    --------    d-----w-    c:\program files\AVAST Software
2013-12-08 05:02 . 2013-12-08 05:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVAST Software
2013-12-08 03:24 . 2013-12-08 03:24    --------    d-----w-    c:\documents and settings\Colin\Application Data\Easeware
2013-12-08 01:31 . 2013-12-08 01:31    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2013-12-08 01:09 . 2013-12-08 01:09    --------    d-----w-    c:\windows\system32\scripting
2013-12-08 01:09 . 2013-12-08 01:09    --------    d-----w-    c:\windows\l2schemas
2013-12-08 01:09 . 2013-12-08 01:09    --------    d-----w-    c:\windows\system32\en
2013-12-07 23:57 . 2013-12-08 00:25    --------    d-----w-    c:\windows\system32\MRT
2013-12-07 23:22 . 2013-12-07 23:31    --------    d-----w-    c:\windows\ie8updates
2013-12-07 22:38 . 2010-05-06 10:41    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2013-12-07 22:38 . 2010-05-06 10:41    599040    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2013-12-07 22:38 . 2010-05-06 10:41    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2013-12-07 22:37 . 2010-05-06 10:41    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2013-12-07 22:37 . 2010-05-06 10:41    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2013-12-07 22:37 . 2010-05-06 10:41    1985536    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2013-12-07 22:37 . 2010-05-06 10:41    11076096    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2013-12-07 22:35 . 2010-06-14 14:31    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2013-12-07 22:33 . 2009-10-23 15:28    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2013-12-07 22:31 . 2009-11-21 15:51    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2013-12-07 22:30 . 2009-06-21 21:44    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2013-12-07 06:54 . 2013-12-07 06:54    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-07 06:54 . 2013-12-07 06:54    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-07 05:40 . 2008-09-30 10:24    453120    ----a-r-    c:\windows\system32\drivers\WN111v2.sys
2013-12-07 04:53 . 2013-12-07 04:53    --------    d-----w-    c:\documents and settings\Colin\Application Data\InterVideo
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-08 19:39    321752    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk
backup=c:\windows\pss\PowerPanel.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-09-19 21:35    114688    ----a-w-    c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-05 00:24    28672    ----a-w-    c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-09-13 05:10    335872    ----a-w-    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2013-12-08 19:39    3568312    ----a-w-    c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2003-09-06 07:20    70816    ----a-w-    c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29    40960    ----a-w-    c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
2003-08-14 18:00    90112    ----a-w-    c:\program files\Sony\HotKey Utility\HKServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2003-01-10 16:04    77824    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2003-01-15 20:07    217088    ----a-w-    c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
2003-09-06 23:36    70840    ----a-w-    c:\program files\Norton Internet Security\UrlLstCk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08    28672    ----a-w-    c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2003-06-24 00:32    1409024    ----a-w-    c:\program files\support.com\client\bin\tgcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [1/9/2003 11:22 AM 71961]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12/8/2013 11:39 AM 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12/8/2013 11:39 AM 178304]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/8/2013 11:39 AM 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2013 11:39 AM 403440]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/8/2013 11:39 AM 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/8/2013 11:39 AM 70384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/8/2013 8:37 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/8/2013 8:37 PM 701512]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [8/19/2009 4:56 PM 29184]
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;c:\windows\system32\drivers\fa410nd5.sys [1/9/2003 4:31 AM 24618]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/8/2013 8:37 PM 22856]
S3 oibtvcom;Bluetooth Virtual COM Port;c:\windows\system32\drivers\oivmvcom.sys [1/10/2003 3:54 AM 279680]
S3 oivmctrl;VCOMM Device Controller;c:\windows\system32\drivers\oivmctrl.sys [1/10/2003 3:54 AM 15616]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [12/6/2013 9:40 PM 453120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-08 19:41    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 06:54]
.
2013-12-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-08 19:39]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-08 19:40]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-08 19:40]
.
2009-09-01 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-17 23:34]
.
2007-10-30 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-01-09 00:12]
.
2007-10-30 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-01-09 00:12]
.
2007-10-31 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-10-30 02:38]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1


FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\8q1ftnch.default\

FF - ExtSQL: 2013-12-08 11:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-19 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
.
Completion time: 2013-12-19  09:50:28 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-19 17:50
ComboFix2.txt  2013-12-18 17:27
.
Pre-Run: 43,205,906,432 bytes free
Post-Run: 43,099,271,168 bytes free
.
- - End Of File - - 5E8223AA46FC07753B5016AC35556E1A
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

  • Staff

Hello

I have attached a zip file to this email, The file inside the zip file will delay Malwarebytes Antimalware during the startup for 60 seconds. --> MBAM Startup Delay 1 Minute.zip

I want you to download the zip file to the computer. To the desktop is best.

Double click on the zip file and a window will open up that will show the file inside.

Left click and hold down the left mouse button and drag the file to the desktop (**NOTE - the file has to be on the desktop for it to run correctly)

Once the file is on the desktop I want you to right click on the file and select "Run AS Administrator"

A red window will flash (this is normal) and Notepad will open

Copy the contents to your reply here for me

Link to post
Share on other sites

Gringo,

 

I did as instructed with one issue:  when I right clicked MBAM on the desktop there was no option to "Run as Administrator"  however I was logged on to an account with adminstrator rights.  I ran it anyway with the following results:

 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware
    delayguistart    REG_DWORD    0x3c

 

The computer still freezes at the "Windows is starting up..." screen.

Misty

 

Link to post
Share on other sites

  • Staff

Hello Misty416

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access

    •Windows Update

    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo

When you are complete please send me both reports

Gringo

Link to post
Share on other sites

Gringo,

 

Mbar found no malware so there was no cleanup to be done.  The log is as follows:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.687000 GHz
Memory total: 1072676864, free: 856846336

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.687000 GHz
Memory total: 1072676864, free: 867008512

Downloaded database version: v2013.12.23.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     12/22/2013 19:57:54
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\e100b325.sys
\SystemRoot\System32\DRIVERS\w22n51.sys
\SystemRoot\System32\DRIVERS\SonyPI.sys
\SystemRoot\System32\Drivers\SonyNC.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\Apfiltr.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff86b39ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff86b34308
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86f3dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff86f77940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86f3dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f709c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86f3dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f8f9e8, DeviceName: \Device\00000086\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86f77940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A56973F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 125837082
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 125837145  Numsec = 108599400

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86b39ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b051f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86b39ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86b34308, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064  Numsec = 15114368

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 7742685184 bytes
Sector size: 512 bytes

Done!
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\netshell.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\netshell.dll.000" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826942$\xpsp2res.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB824141$\user32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\hh.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\html32.cnv" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\itircl.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\itss.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\locator.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\magnify.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\narrator.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\newdev.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\ole32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\shell32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\srv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\user32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 

____________________________________________________________________________________________________

 

I did get two reports from RogueKiller but neither were named RKreport[2] so I will post both.

 

The first was called RKreport[0] _D_12222013_214340 and contained the following:

 

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Colin [Admin rights]
Mode : Remove -- Date : 12/22/2013 21:43:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> DELETED
[RUN][sUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\Colin\Desktop\mbar\mbar.exe" /rdv /s [7]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9120822A +++++
--- User ---
[MBR] 19862dbee685341d8e44e5f1f8c9a4af
[bSP] 4477cf15701f264a638558d581f363ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61443 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 125837145 | Size: 53027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12222013_214340.txt >>
RKreport[0]_S_12222013_211815.txt

__________________________________________________________________________________________________

The second was called RKreport[0]_S_12222013_211815 and contained the following:

 

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Colin [Admin rights]
Mode : Scan -- Date : 12/22/2013 21:18:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\Colin\Desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9120822A +++++
--- User ---
[MBR] 19862dbee685341d8e44e5f1f8c9a4af
[bSP] 4477cf15701f264a638558d581f363ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61443 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 125837145 | Size: 53027 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12222013_211815.txt >>

 

I rebooted the system after all of this and it still froze at the Windows is starting... screen.

 

Misty





 

Link to post
Share on other sites

Gringo,

 

Unfortunately the computer still froze after removing Malwarebytes but your suggestion caused me to to think about deleting the other anti-virus program that I recently installed.  Avast!  I went into the control panel and attempted to remove it but the uninstall procedure failed.  I therefore called Avast support and they took control of my computer and used their tools to remove it and tah-dah!  The computer booted up in normal mode!  Thank you Gringo!  You guided me to the correct resolution!

 

I do want to let you know that Avast told me that it was Norton Security that caused the conflict with their software and is causing issues with other programs as well.  Norton is installed on this computer but is not active.  The rep tried to get me to purchase support from them to remove it and I declined.  I then tried to remove it myself through the control panel but that failed so I called Norton support.  They too said I would have to purchase their removal software to uninstall it from this computer.  I was floored and angry that they would charge to remove their software!  I have been very impressed by you and thought I would ask for your opinion on this.  The computer is now working fine for how it is used but I tend to like cleaning things up.  Do you have any suggestions on how to remove Norton or shall I just leave it be?  Also, at this point I do not have an active anti-software program running and I do not want Norton.  Do you suggest I reload Malwarebytes?

 

All in all, I can't thank you enough Gringo for all your help!  Your efforts have provided a wonderful Christmas gift and I hope this success brings you some happiness as well.  Hoping your holidays are off to a wonderful start!

Misty

Link to post
Share on other sites

  • Staff

Hello Misty416

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Gringo,

Here is the report when I performed the step you requested:

 

Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Reader 8.1.1
AOL Setup
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
BlueSpace NE
Bluetooth Virtual COM Port
Business Contact Manager for Outlook 2003
CC_ccProxyMSI
CC_ccStart
ccCommon
Compatibility Pack for the 2007 Office system
DVgate Plus
Google Chrome
Google Update Helper
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
HotKey Utility
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
Java 2 Runtime Environment, SE v1.4.2_01
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft Works 7.0
MoodLogic
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Visualizer Library 1.4.00
Netscape (7.02)
Network Smart Capture
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security (Symantec Corporation)
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
PowerPanel
Quicken 2004
QuickTime
RealOne Player
RegCure Pro
Screenblast ACID 4.0
Screenblast Sound Forge 1.1
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SoftV92 Data Fax Modem
SonicStage 1.6.00
SonicStage Mastering Studio 1.1
SonicStage Mastering Studio Plugins 1.0
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony Notebook Setup
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Edit Components
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Support
VAIO Survey Standalone
Viewpoint Media Player (Remove Only)
WebFldrs XP
Welcome to VAIO life
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
Wireless Switch Setting Utility

 

Misty
 

Link to post
Share on other sites

  • Staff

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Adobe Reader 8.1.1

      Java 2 Runtime Environment, SE v1.4.2_01

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html

    After installing the latest Adobe Reader, uninstall all previous versions.

    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.