The How-To Geek Forums Have Migrated to Discourse


How-To Geek Forums / Windows XP

applications wont open

(37 posts)
  • Started 5 years ago by jamesaitchy1967
  • Latest reply from jamesaitchy1967
  • Topic Viewed 2181 times

jamesaitchy1967
Posts: 24

im getting this message alot - the application failed to initialize properly (0xc0000005) -
can anybody help please. Happens with tixati, windows browser, hamster soft, virgin media security. And i can seem to up date windows ither including my superantispyware

Posted 5 years ago
Top
 
AlanWade
Posts: 255

Open an elevated Command Prompt window by clicking on Start then in the search or run box type CMD. Right click on the CMD entry and choose 'Run as Administrator'.
In the window that opens type sfc /scannow and let it run. Note the space between the 'c' and the '/'.
Running that is a good start and will help us to advise you further if needed.

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

thankyou will do so directly

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

i got a pop up saying files that are required for windows to run properly must be copied to the DLL cache. INSERT YOUR WINDOWS XP HOME EDITION CD
I HAVENT GOT A CD WITH THIS COMPUTER

Posted 5 years ago
Top
 
Xhi
Posts: 6298

Is there a friend or someone that could lend you one?

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

NO IM AFRAID NOT

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

could i download any software that would do the trick

Posted 5 years ago
Top
 
Lighthouse
Posts: 13598

Nope. Check out your local area for a computer club, or ask in a friendly computer store.
Which country do you live in ?

Posted 5 years ago
Top
 
GuiltySpark
Posts: 4024

Would an sp3 disc have the necessary files ?

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

Scotland Why cant i open those links

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

would it be possible to e-mail those applications

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

found this on my computer HIJACKTHIS will send

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:38, on 08/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\Explorer.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files\Zoom Downloader\DownloadManager.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1.....1149175772
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1.....1149175772
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\hjogt\Local Settings\Application Data\vwswofdr\eakjyfmi.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (file missing)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Zoom Downloader - {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKCU\..\Run: [tixati] "C:\Program Files\tixati\tixati.exe" -startminimized -d1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EakJyfmi] C:\Documents and Settings\hjogt\Local Settings\Application Data\vwswofdr\eakjyfmi.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\hjogt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DownloadManager] "C:\Program Files\Zoom Downloader\DownloadManager.exe" /as
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/device.....tion32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co.....2524973656
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/.....ofupld.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (file missing)
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ABP_InstallCheckerService - Unknown owner - C:\DOCUME~1\hjogt\LOCALS~1\Temp\ABP_InstallChecker.exe (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServicepointService - Radialpoint SafeCare Inc. - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

--
End of file - 11041 bytes

Posted 5 years ago
Top
 
GuiltySpark
Posts: 4024

You MAY be able to run a repair with this : http://www.microsoft.com/en-us.....x?id=25129 but am not sure,others may have more input on this as I don't use XP.

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

ok thanks will see how it goes

Posted 5 years ago
Top
 
G41M
Posts: 902

I think the link is XP service pack 3 iso image and not the installer hence can not be used for repair.

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 02/08/2009 17:28:38
System Uptime: 08/07/2012 11:19:03 (12 hours ago)
.
Motherboard: PACKARD BELL BV | |
Processor: Intel(R) Celeron(R) D CPU 3.33GHz | CPU 1 | 3322/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 26.92 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 76 GiB total, 0.656 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5A61&SUBSYS_21111019&REV_00\4&1CF2FBB4&0&2808
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5A61&SUBSYS_21111019&REV_00\4&1CF2FBB4&0&2808
Service:
.
==== System Restore Points ===================
.
RP506: 08/07/2012 13:19:27 - System Checkpoint
.
==== Installed Programs ======================
.
1ClickDownloader
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI Catalyst Control Center
ATI Control Panel
Babylon toolbar on IE
BabylonObjectInstaller
Bonjour
Camera RAW Plug-In for EPSON Creativity Suite
CCScore
Creative Live! Cam Optia Driver (1.00.07.00)
DivX Setup
Dropbox
EPSON Copy Utility 3
EPSON Easy Photo Print
Epson Easy Photo Print 2
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
Eraser 6.0.9.2343
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
Foxit Reader 5.1
FrostWire 5.2.3
Funmoods Web Search
GIMP 2.6.11
Google Chrome
Google Drive
Google Update Helper
Hamster Free Video Converter
Hamster Lite Archiver 2.0.1.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
IBM ViaVoice Command and Control Runtime 5.3 - UK English
ieSpell
Indeo® software
Internet Explorer (Enable DEP)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 29
Java(TM) 7 Update 5
Java(TM) SE Runtime Environment 6 Update 1
JavaFX 2.1.1
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Logitech ImageStudio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word Supplemental Templates and Wizards
MobileMe Control Panel
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Rocket
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NETGEAR WG111v2 wireless USB 2.0 adapter
OfotoXMI
OpenOffice.org 3.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
RealUpgrade 1.1
Roblox for hjogt
RPS CRT
Safari
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923789)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
staticcr
SUPERAntiSpyware
Tixati
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
VC80CRTRedist - 8.0.50727.6195
Virgin Media Service Manager 4.1.16
VLC media player 2.0.2
VPRINTOL
Windows 7 Upgrade Advisor
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
WinZip 15.5
WIRELESS
Xvid Video Codec
Zoom Downloader
ZTE_MF627_USB_MODEM_1.2059.0.4
.
==== Event Viewer Messages From Past Week ========
.
08/07/2012 12:50:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\oledb32.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\msdatt.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\msdatl3.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\msdasql.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\msdaps.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\msdaosp.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\msdaora.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msdfmap.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msdarem.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msdaprst.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadds.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadcs.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadcf.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3002.0, the version of the system file is 2.81.3002.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\directdb.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadrh15.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msador15.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.1132.0, the version of the system file is 2.81.1132.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
08/07/2012 12:50:23, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
08/07/2012 12:50:17, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\speechengines\microsoft\tts\1033\spttseng.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.4111.0, the version of the system file is 5.1.4111.0.
08/07/2012 12:50:17, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\speechengines\microsoft\spcommon.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.4111.0, the version of the system file is 5.1.4111.0.
08/07/2012 12:50:17, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\mssoap\binaries\wisc10.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 1.2.814.0, the version of the system file is 1.2.814.0.
08/07/2012 12:50:17, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\mssoap\binaries\mssoap1.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 1.2.814.0, the version of the system file is 1.2.814.0.
08/07/2012 12:50:17, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\web server extensions\40\bin\fpencode.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 1997.5.27.0, the version of the system file is 1997.5.27.0.
08/07/2012 12:50:17, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.23167, the version of the system file is 8.0.6001.23167.
08/07/2012 12:50:16, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.1.0.9246, the version of the system file is 6.1.0.9246.
08/07/2012 12:50:16, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\speech\sapisvr.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.4111.0, the version of the system file is 5.1.4111.0.
08/07/2012 12:50:16, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\speech\sapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.4111.0, the version of the system file is 5.1.4111.0.
08/07/2012 12:50:16, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\msinfo\msinfo32.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpns.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 9.0.0.4503, the version of the system file is 9.0.0.4503.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\npwmsdrm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 9.0.0.4503, the version of the system file is 9.0.0.4503.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\npdsplay.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 3.0.2.629, the version of the system file is 3.0.2.629.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\npdrmv2.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 9.0.0.4503, the version of the system file is 9.0.0.4503.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\migrate.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 9.0.0.4503, the version of the system file is 9.0.0.4503.
08/07/2012 12:39:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\custsat.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 9.0.2600.5512, the version of the system file is 9.0.2600.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wabmig.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wabimp.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wabfind.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.6040, the version of the system file is 6.0.2900.6040.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\setup50.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\oemiglib.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\oemig50.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\oeimport.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:39:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\rrcm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nmwb.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nmoldwb.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nmft.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nmcom.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nmchat.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nmasnt.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nmas.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\nac.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\mst123.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\mst120.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\h323cc.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\dcap32.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\confmrsl.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\conf.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\netmeeting\callcont.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:38:50, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2fxb.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4026.0, the version of the system file is 2.1.4026.0.
08/07/2012 12:38:50, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2fxa.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4026.0, the version of the system file is 2.1.4026.0.
08/07/2012 12:38:50, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2filt.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4026.0, the version of the system file is 2.1.4026.0.
08/07/2012 12:38:50, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2ext.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4026.0, the version of the system file is 2.1.4026.0.
08/07/2012 12:38:50, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2ae.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4026.0, the version of the system file is 2.1.4026.0.
08/07/2012 12:38:49, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\trialoc.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2600.0, the version of the system file is 6.0.2600.0.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\isignup.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2600.0, the version of the system file is 6.0.2600.0.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\inetwiz.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwutil.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwtutor.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2600.0, the version of the system file is 6.0.2600.0.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwrmind.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwhelp.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwdl.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn2.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn1.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:37:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:36:52, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\wab32.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
08/07/2012 12:36:51, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ole db\sqlxmlx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2000.85.1132.0, the version of the system file is 2000.85.1132.0.
08/07/2012 11:20:17, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
08/07/2012 11:20:17, error: Service Control Manager [7031] - The ServicepointService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/07/2012 11:20:15, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
08/07/2012 11:20:15, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
08/07/2012 11:20:15, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
08/07/2012 11:20:15, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
08/07/2012 11:20:15, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/07/2012 19:38:01, error: Service Control Manager [7000] - The NEWDRIVER service failed to start due to the following error: The system cannot find the file specified.
07/07/2012 19:38:01, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by jamesaitchy at 23:33:39 on 2012-07-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1983.1167 [GMT 1:00]
.
AV: Virgin Media Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Disabled*
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\spoolsv.exe
C:\windows\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\windows\explorer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Documents and Settings\hjogt\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
uSearch Page =
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
uInternet Settings,ProxyOverride = localhost;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\documents and settings\hjogt\local settings\application data\vwswofdr\eakjyfmi.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - c:\progra~1\funmoods\1.5.23.22\bh\escort.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Zoom Downloader: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - c:\progra~1\funmoods\1.5.23.22\escorTlbr.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - No File
uRun: [tixati] "c:\program files\tixati\tixati.exe" -startminimized -d1
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EakJyfmi] c:\documents and settings\hjogt\local settings\application data\vwswofdr\eakjyfmi.exe
uRun: [Google Update] "c:\documents and settings\hjogt\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DownloadManager] "c:\program files\zoom downloader\DownloadManager.exe" /as
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hjogt\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hjogt\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292524973656
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8F07A39E-D7C0-42CB-BEB1-29965657BFAF} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hjogt\application data\mozilla\firefox\profiles\mcj9zmmb.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\hjogt\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\hjogt\local settings\application data\robloxversions\version-b0b74ccbad4f4893\NPRobloxProxy.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010712_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 801c34950000000000000019210ca862
FF - user.js: extensions.BabylonToolbar_i.hardId - 801c34950000000000000019210ca862
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:17:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772&q=
FF - user.js: extensions.funmoods.id - 0019210CA8623495
FF - user.js: extensions.funmoods.instlDay - 15529
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:29:38
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
FF - user.js: security.csp.enable - false
.
FF - user.js: extensions.autoDisableScopes - 14//iBryte
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2012-7-7 10310968]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2012-6-29 341072]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\hjogt\locals~1\temp\lolqycfu.sys --> c:\docume~1\hjogt\locals~1\temp\lolqycfu.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 NEWDRIVER;NEWDRIVER;\??\c:\windows\system32\winvdedrv6.sys --> c:\windows\system32\WinVDEdrv6.sys [?]
S3 ABP_InstallCheckerService;ABP_InstallCheckerService;c:\docume~1\hjogt\locals~1\temp\abp_installchecker.exe --> c:\docume~1\hjogt\locals~1\temp\ABP_InstallChecker.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 cpuz135;cpuz135;\??\c:\docume~1\hjogt\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\hjogt\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-21 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-10-21 18432]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [2006-9-13 221152]
S3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [2006-6-20 6912]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\secunia\psi\psia.exe" --start-service --> c:\program files\secunia\psi\PSIA.exe [?]
S4 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
.
=============== Created Last 30 ================
.
2012-07-08 22:31:58 -------- d-----w- c:\program files\Dropbox
2012-07-08 19:40:02 -------- d-----w- c:\program files\1ClickDownload
2012-07-08 10:30:55 -------- d-----w- c:\documents and settings\hjogt\local settings\application data\Zoom_Downloader
2012-07-08 10:30:13 -------- d-----w- c:\program files\Zoom Downloader
2012-07-08 10:30:10 -------- d-----w- c:\documents and settings\hjogt\local settings\application data\DownloadManager
2012-07-08 10:29:40 -------- d-----w- c:\program files\Funmoods
2012-07-08 10:21:59 1363760 ---ha-w- c:\documents and settings\hjogt\hAom36n
2012-07-07 21:29:55 37568 -c--a-w- c:\windows\system32\dllcache\avmwan.sys
2012-07-07 21:25:29 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-07-07 21:24:52 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-07-07 20:31:14 236096 ---ha-w- c:\windows\opj6e1hJq
2012-07-07 19:14:08 -------- d-----w- c:\program files\Virgin Media
2012-07-07 17:02:18 124704 ---ha-w- c:\documents and settings\hjogt\1wwbt23
2012-07-07 16:46:47 -------- d-----w- c:\documents and settings\hjogt\.mp3rocket
2012-07-07 15:49:23 236096 ---ha-w- c:\program files\opj6e1hJq
2012-07-07 15:49:22 236096 -c-ha-w- C:\opj6e1hJq
2012-07-07 10:00:13 108640 ---ha-w- c:\documents and settings\hjogt\YKbw923
2012-07-07 09:15:52 104160 ---ha-w- c:\documents and settings\hjogt\En05iDjHo
2012-07-06 15:15:08 -------- d-----w- c:\documents and settings\hjogt\local settings\application data\HamsterVideoConverter
2012-07-06 15:14:56 -------- d-----w- c:\documents and settings\hjogt\application data\HamsterSoft
2012-07-06 13:02:19 -------- d-----w- c:\documents and settings\hjogt\application data\OpenCandy
2012-07-06 06:50:37 -------- d-----w- c:\program files\Oracle
2012-07-06 06:50:18 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 23:14:21 -------- d-----w- c:\documents and settings\all users.windows\application data\Tarma Installer
2012-07-05 10:41:05 -------- d-----w- c:\windows\ServicePackFiles
2012-07-05 10:37:47 -------- d-----w- c:\windows\EHome
2012-07-05 10:17:37 -------- d-----w- c:\documents and settings\hjogt\local settings\application data\Mozilla
2012-07-05 10:13:59 -------- d-----w- c:\documents and settings\hjogt\application data\BabylonToolbar
2012-07-05 10:13:56 -------- d-----w- c:\program files\BabylonToolbar
2012-07-05 10:13:41 -------- d-----w- c:\documents and settings\hjogt\application data\Babylon
2012-07-05 10:13:41 -------- d-----w- c:\documents and settings\all users.windows\application data\Babylon
2012-07-04 22:17:53 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-04 22:17:53 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-04 22:14:00 104528 ---ha-w- c:\windows\system32\gKAfXK3
2012-07-04 22:06:20 236096 ---ha-w- c:\documents and settings\hjogt\opj6e1hJq
2012-07-04 21:13:34 108576 ---ha-w- c:\windows\system32\N6w67br
2012-07-04 20:52:24 104544 ---ha-w- c:\documents and settings\hjogt\N6w67br
2012-07-04 18:49:10 -------- d-----w- c:\program files\iPod
2012-07-04 18:48:59 -------- d-----w- c:\program files\iTunes
2012-07-04 16:40:41 100432 ---ha-w- c:\documents and settings\hjogt\gKAfXK3
2012-07-03 20:21:43 -------- d-----w- c:\documents and settings\hjogt\local settings\application data\APN
2012-07-03 15:38:25 -------- dc----w- C:\temp
2012-06-29 10:47:10 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2012-06-28 20:23:56 -------- d-----w- c:\documents and settings\hjogt\application data\{{userdatapath.company}}
2012-06-28 20:18:34 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-06-28 20:18:26 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-06-28 20:18:26 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-06-28 20:18:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-19 18:29:55 -------- d-----w- c:\documents and settings\hjogt\local settings\application data\vwswofdr
2012-06-19 18:29:54 91992 ----a-w- c:\documents and settings\hjogt.8928591322764649.exe
2012-06-19 18:29:36 -------- d-----w- c:\documents and settings\hjogt\local settings\application data\Sun
2012-06-13 04:28:25 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-09 16:33:14 -------- d-----w- c:\documents and settings\hjogt\application data\Dropbox
.
==================== Find3M ====================
.
2012-06-28 16:36:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 16:36:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-26 21:03:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-26 21:03:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 18:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 18:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 23:36:03.51 ===============

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

got a fresh pop up there The c:\boot.ini file can not be opened

Posted 5 years ago
Top
 
GuiltySpark
Posts: 4024

Don't know if you can at this point but when all is well or you are able to get rid of Babylon products and anything to do with Funmoods.

Posted 5 years ago
Top
 
vistamike
Posts: 10945

Babylon and Funmoods could point to useless stuff 'packaged with some downloads. Usually they are pretty useless and affect your browsing habits.

Could you post a screenshot of your Programs and Features in control panel?

That will show what programs might be associated.

Virgin Media security is supplied by RadialPoint but has become a Kasperskpy variant. I would uninstall this (I am on VM as well) and prefer to run http://windows.microsoft.com/e.....essentials

I would disable hamster soft as well (if not uninstall)

Mike

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

Have deleted all of above Babylon, Funmoods, Virgin media Security and Hamster Soft. Whats VM.
How do you post a screenshot of your Programs and Features in control panel.
Tryed to download this but cant http://windows.microsoft.com/e.....essentials
had it on my computer at one point dont know what happened to it

Posted 5 years ago
Top
 
vistamike
Posts: 10945

VM = Virgin Media. After uninstalling VM A/v install this (free); http://windows.microsoft.com/e.....essentials

https://www.howtogeek.com/forum/topic/tutorial-step-by-step-guide-how-to-use-photobucket?replies=8

Basically, register, upload your screenshot.

In XP just press the PRTSC button on you keyboard (once)

Open paint, press the CTRL key and V together and the image will be seen, save as (name) upload image to Photobucket. Hover over the image and click the img code (copied) then post that code in the thread with a right click. Click send post, image displayed.

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

sorry but i can get into microsoft at all.
cant open paint ither not being much help sorry its not letting me do some things on here

Posted 5 years ago
Top
 
GuiltySpark
Posts: 4024

james ,

Can you try linking to this site with your 'problem' computer : http://www.pandasecurity.com/u.....ctivescan/

Run the online scan BUT!!! Make sure you turn off your AV first.

Edit : Make sure you do this in Safe mode with Networking!!!!

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24
 
jamesaitchy1967
Posts: 24
 
jamesaitchy1967
Posts: 24
 
jamesaitchy1967
Posts: 24
 
jamesaitchy1967
Posts: 24

hope ive done this right

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

tryed opening that last link u sent with no joy just the usuall cant reach server

Posted 5 years ago
Top
 
vistamike
Posts: 10945

what server are you trying to reach?

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

Unable to connect
Firefox can't establish a connection to the server at windows.microsoft.com.

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

Unable to connect
Firefox can't establish a connection to the server at www.pandasecurity.com.

this is what i get most of the time more so on web sites like these one update sites antivirus sites

Posted 5 years ago
Top
 
GuiltySpark
Posts: 4024

Try this from a working computer : https://www.howtogeek.com/howto/38889/how-to-use-the-avira-rescue-cd-to-clean-your-infected-pc/

Posted 5 years ago
Top
 
G41M
Posts: 902

A bit suspicious of these entries in your registry:
Winlogon autorun-

"F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\hjogt\Local Settings\Application Data\vwswofdr\eakjyfmi.exe"

and

registry Run key-

"O4 - HKCU\..\Run: [EakJyfmi] C:\Documents and Settings\hjogt\Local Settings\Application Data\vwswofdr\eakjyfmi.exe"

You can try renaming the file in non-windows environment, then cleaning the registry of the entries.

But best is to try GS's suggestion. It might pick up other malwares in your system.

Posted 5 years ago
Top
 
jamesaitchy1967
Posts: 24

this is the latest from combofix but it couldent install the recovery console i got a pop up saying c:/boot.ini is not correctly formated

ComboFix 12-07-10.01 - jamesaitchy 10/07/2012 13:16:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1983.1557 [GMT 1:00]
Running from: c:\documents and settings\hjogt\Desktop\ComboFix.exe
AV: Virgin Media Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\hjogt\Application Data\Toolbar4
c:\documents and settings\hjogt\En05iDjHo
c:\documents and settings\hjogt\GjNgmpcW4
c:\documents and settings\hjogt\gKAfXK3
c:\documents and settings\hjogt\Local Settings\Application Data\fenbahre.log
c:\documents and settings\hjogt\Local Settings\Application Data\guroveye.log
c:\documents and settings\hjogt\Local Settings\Application Data\hrkhqlcu.log
c:\documents and settings\hjogt\Local Settings\Application Data\jbolrffj.log
c:\documents and settings\hjogt\Local Settings\Application Data\kniycaiy.log
c:\documents and settings\hjogt\Local Settings\Application Data\rtoftwdu.log
c:\documents and settings\hjogt\Local Settings\Application Data\tmfcgvhx.log
c:\documents and settings\hjogt\Local Settings\Application Data\vwswofdr\eakjyfmi.exe
c:\documents and settings\hjogt\Local Settings\Application Data\xbxrifev.log
c:\documents and settings\hjogt\N6w67br
c:\documents and settings\hjogt\opj6e1hJq
c:\documents and settings\hjogt\vmS7X8B
c:\documents and settings\hjogt\zZUSwZqQX
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-09 20:53 . 2012-07-10 08:13 -------- d-----w- c:\documents and settings\hjogt\Application Data\tixati
2012-07-09 17:12 . 2012-07-09 17:12 -------- d-----w- c:\documents and settings\hjogt\Application Data\ImgBurn
2012-07-09 17:09 . 2012-07-09 17:09 -------- d-----w- c:\program files\ImgBurn
2012-07-09 15:39 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 15:39 . 2012-07-09 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-09 12:49 . 2012-07-09 12:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2012-07-09 10:30 . 2012-07-09 12:30 2508 ----a-w- c:\windows\system32\ASOROSet.bin
2012-07-09 10:26 . 2012-07-09 10:31 -------- d-----w- c:\documents and settings\hjogt\Application Data\Systweak
2012-07-09 10:22 . 2012-07-09 12:11 -------- d-----w- c:\program files\Iminent
2012-07-09 10:21 . 2012-07-09 10:21 -------- d-----w- c:\program files\WonderFox Soft
2012-07-08 22:31 . 2012-07-08 23:57 -------- d-----w- c:\program files\Dropbox
2012-07-08 19:40 . 2012-07-09 12:56 -------- d-----w- c:\program files\1ClickDownload
2012-07-08 10:30 . 2012-07-08 10:30 -------- d-----w- c:\documents and settings\hjogt\Local Settings\Application Data\Zoom_Downloader
2012-07-07 21:29 . 2001-08-17 11:13 37568 -c--a-w- c:\windows\system32\dllcache\avmwan.sys
2012-07-07 21:25 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-07-07 20:31 . 2012-07-07 21:32 236096 ---ha-w- c:\windows\opj6e1hJq
2012-07-07 16:46 . 2012-07-07 16:49 -------- d-----w- c:\documents and settings\hjogt\.mp3rocket
2012-07-07 15:49 . 2012-07-07 15:56 236096 ---ha-w- c:\program files\opj6e1hJq
2012-07-07 15:49 . 2012-07-09 14:09 236096 -c-ha-w- C:\opj6e1hJq
2012-07-06 15:15 . 2012-07-06 19:22 -------- d-----w- c:\documents and settings\hjogt\Local Settings\Application Data\HamsterVideoConverter
2012-07-06 15:14 . 2012-07-06 15:15 -------- d-----w- c:\documents and settings\hjogt\Application Data\HamsterSoft
2012-07-06 13:02 . 2012-07-06 13:02 -------- d-----w- c:\documents and settings\hjogt\Application Data\OpenCandy
2012-07-06 06:50 . 2012-07-06 06:50 -------- d-----w- c:\program files\Oracle
2012-07-06 06:50 . 2012-07-06 06:50 -------- d-----w- c:\documents and settings\hjogt\Application Data\Oracle
2012-07-06 06:50 . 2012-05-04 18:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 23:14 . 2012-07-09 14:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
2012-07-05 10:41 . 2012-07-05 10:41 -------- d-----w- c:\windows\ServicePackFiles
2012-07-05 10:37 . 2012-07-05 10:37 -------- d-----w- c:\windows\EHome
2012-07-05 10:17 . 2012-07-05 10:17 -------- d-----w- c:\documents and settings\hjogt\Local Settings\Application Data\Mozilla
2012-07-05 10:13 . 2012-07-05 10:17 1776 -c--a-w- C:\user.js
2012-07-05 10:13 . 2012-07-05 10:13 -------- d-----w- c:\documents and settings\hjogt\Application Data\Babylon
2012-07-05 10:13 . 2012-07-05 10:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Babylon
2012-07-04 22:17 . 2012-07-04 22:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-04 22:14 . 2012-07-09 14:06 104528 ---ha-w- c:\windows\system32\gKAfXK3
2012-07-04 21:13 . 2012-07-04 22:40 108576 ---ha-w- c:\windows\system32\N6w67br
2012-07-04 18:49 . 2012-07-04 18:49 -------- d-----w- c:\program files\iPod
2012-07-04 18:48 . 2012-07-04 18:51 -------- d-----w- c:\program files\iTunes
2012-07-03 20:21 . 2012-07-03 20:21 -------- d-----w- c:\documents and settings\hjogt\Local Settings\Application Data\APN
2012-07-03 15:38 . 2012-07-03 15:38 -------- dc----w- C:\temp
2012-06-29 10:47 . 2010-09-17 21:14 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2012-06-28 20:23 . 2012-06-28 20:23 -------- d-----w- c:\documents and settings\hjogt\Application Data\{{userdatapath.company}}
2012-06-28 20:19 . 2012-06-28 20:19 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Trend Micro
2012-06-28 20:18 . 2010-09-17 21:14 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-06-28 20:18 . 2010-09-17 21:14 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-06-28 20:18 . 2010-09-17 21:14 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-06-28 20:18 . 2010-09-17 21:14 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-19 18:29 . 2012-07-10 12:30 -------- d-----w- c:\documents and settings\hjogt\Local Settings\Application Data\vwswofdr
2012-06-19 18:29 . 2012-06-19 18:29 -------- d-----w- c:\documents and settings\hjogt\Local Settings\Application Data\Sun
2012-06-13 04:28 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-10 12:33 . 2012-07-10 12:29 110512 ---ha-w- c:\documents and settings\hjogt\zZUSwZqQX
2012-06-28 16:36 . 2012-03-30 14:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 16:36 . 2011-07-05 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 14:19 . 2008-10-16 13:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2009-08-02 16:22 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2009-08-02 16:22 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2009-08-02 16:22 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2009-08-02 16:22 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2009-08-02 16:22 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2008-10-16 13:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2008-10-16 13:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2009-08-02 16:22 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2009-08-02 16:22 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2009-08-03 13:10 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2009-08-03 13:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 14:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-26 21:03 . 2012-05-26 21:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-26 21:03 . 2012-05-26 21:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 18:29 . 2009-08-05 14:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 18:29 . 2010-12-16 18:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12 . 2008-04-14 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-08-02 16:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-14 22:20 . 2012-07-05 10:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 188416 ----a-w- c:\documents and settings\hjogt\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 188416 ----a-w- c:\documents and settings\hjogt\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 188416 ----a-w- c:\documents and settings\hjogt\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 188416 ----a-w- c:\documents and settings\hjogt\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 18:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 18:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 18:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 18:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EakJyfmi"="c:\documents and settings\hjogt\Local Settings\Application Data\vwswofdr\eakjyfmi.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 397824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\hjogt\Local Settings\Application Data\vwswofdr\eakjyfmi.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^hjogt^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\hjogt\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 00:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 19:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 13:43 45056 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-02-12 20:05 434176 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2011-11-05 12:17 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 18:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 17:32 245760 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 17:31 155648 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 16:54 127022 -c--a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 19:56 516096 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-26 21:03 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServicepointService"=2 (0x2)
"HsdService"=2 (0x2)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\docume~1\hjogt\LOCALS~1\Temp\E_S1A.tmp" /EF "HKCU"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\documents and settings\All Users.WINDOWS\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"V0270Mon.exe"=c:\windows\V0270Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\hjogt\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\tixati\\tixati.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [29/06/2012 11:47 341072]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\hjogt\LOCALS~1\Temp\lolqycfu.sys --> c:\docume~1\hjogt\LOCALS~1\Temp\lolqycfu.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 NEWDRIVER;NEWDRIVER;\??\c:\windows\system32\WinVDEdrv6.sys --> c:\windows\system32\WinVDEdrv6.sys [?]
S3 ABP_InstallCheckerService;ABP_InstallCheckerService;c:\docume~1\hjogt\LOCALS~1\Temp\ABP_InstallChecker.exe --> c:\docume~1\hjogt\LOCALS~1\Temp\ABP_InstallChecker.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 15:48 250056]
S3 cpuz135;cpuz135;\??\c:\docume~1\hjogt\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\hjogt\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21/10/2009 21:36 36608]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 15:01 6656]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/09/2009 15:55 7680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/07/2012 11:15 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [21/10/2011 15:30 18432]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 09:30 15544]
S3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [13/09/2006 01:00 221152]
S3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [20/06/2006 01:05 6912]
S4 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\Secunia\PSI\PSIA.exe" --start-service --> c:\program files\Secunia\PSI\PSIA.exe [?]
S4 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:36]
.
2012-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-07-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1580818891-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1580818891-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-07-10 c:\windows\Tasks\User_Feed_Synchronization-{9C1272E1-716D-40BA-9741-B54E54B0AF33}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2012-07-09 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2008-04-14 12:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
uInternet Settings,ProxyOverride = localhost;*.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\hjogt\Application Data\Mozilla\Firefox\Profiles\mcj9zmmb.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://gameknot.com/play-chess.pl?iu=jamesaitchy1967&rnd=71916
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010712_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 801c34950000000000000019210ca862
FF - user.js: extensions.BabylonToolbar_i.hardId - 801c34950000000000000019210ca862
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtD0C0AzzyCtBtAyEzyyDtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1149175772&q=
FF - user.js: extensions.funmoods.id - 0019210CA8623495
FF - user.js: extensions.funmoods.instlDay - 15529
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:29
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-A8473BEFA4682908A6602CCCB417304CBD200653 - c:\documents and settings\hjogt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
MSConfigStartUp-HFALoader - c:\program files\Hamster Soft\Hamster Lite Archiver\HamsterArc.exe
MSConfigStartUp-ServiceManager - c:\program files\Virgin Media\Service Manager\ServiceManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-10 13:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\hjogt\Start Menu\Programs\Startup\eakjyfmi.exe 91992 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3628)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-07-10 13:38:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 12:38
ComboFix2.txt 2012-07-09 06:47
.
Pre-Run: 27,319,730,176 bytes free
Post-Run: 27,501,711,360 bytes free
.
- - End Of File - - 4CEFF1FE6E4C1FD503CAEF0DB2DB7554

Posted 5 years ago
Top
 



Topic Closed

This topic has been closed to new replies.