Author Topic: [Resolved]File Recovery virus (Read 1691 times)

Chromed Shoes · « **on:** July 18, 2012, 04:04:56 PM »

Howdy.
Um... a few days ago my computer displayed some really weird warnings about having hard drive errors and corrupt boot sectors. However none of these claims were legit as they were all part of a rouge software called File Recovery. After running a scan with Malwarebytes Anti-Malware I stopped receiving these false warnings and thought I was home free until I noticed my browser kept getting redirected. In addition whenever I tried running D.D.S the program runs for a long while without ever producing a log

Bear · « **Reply #1 on:** July 18, 2012, 04:43:15 PM »

Hi Chrome

Please go to this link and follow the instructions. Once you have posted the two DDS files (post, do not attach), one of us will get right to you.

Chromed Shoes · « **Reply #2 on:** July 18, 2012, 05:08:02 PM »

Sure thing but... I tried running DDS and it just freezes up

Bear · « **Reply #3 on:** July 18, 2012, 05:12:55 PM »

Hi Chrome

Ok, let me give you some general directions first, then some specifics. For the general:

I go by Bear, and I will be helping you with your problem. I understand that having malware on your system is disruptive, annoying and can even be frightening. I also understand the urgency of getting your computer functioning again. Working as a team, you and I will be able to confront this problem and hopefully bring it to a successful conclusion. But you need to do a few things to help me understand your situation.

First, tell me everything and anything that you have already tried to fix this problem.

Second, tell me the symptoms that of infection that you are seeing in your computer and when you first notice them. If the symptoms were progressive, let me know that.

Third, please only use one forum to help resolve your problem. Posting on more than one forum or trying other things in between our procedures will confuse and lengthen the process and may even make a positive solution impossible.

Fourth, please follow my instructions exactly. If you cannot follow them or don't understand something, let me know immediately and do NOTHING until you hear from me. If for any reason you have deviated from my instructions, PLEASE let me know at once.

Fifth, Understand that malware gets into your computer system very easily but can be very, very difficult to remove. It could take a while and we may have to try several processes to fix the problem. So please "keep the faith". I will do all I can to get your computer operating properly, and if I can't fix it we have many very bright individuals here who will help us.

Sixth, do not send anything to me as an attachment unless I specifically ask for it. Please copy and paste all of your responses to me by replying to my post on this forum. If the response is too long (the forum has size limits), please send it in portions, sequentially.

Seventh let me know of any software you have running that encrypts your hard drive, such as Windows BitLocker or any others.

Eighth If your PC is set to automatically update, DISABLE, this function and do not update until we have disinfected your PC.

And lastly, before we do anything else, please back up you data, if possible on an external media such as DVD's, CD's, memory sticks or external hard drives.

I will post further instructions, so we can begin

Bear · « **Reply #4 on:** July 18, 2012, 05:25:43 PM »

Hi Chrome

The fact that you could not run DDS indicates a fairly resistant problem, so this could take a while. Hang in, we'll get it.

If you have the log from Malwarebytes' (MBAM) please post it to me.

Also please let me know what OS you are running.

1. Note: If your security software warns about Rkill, ignore & allow the download to continue.
Download Rkill and save it to your Desktop.
Alternate download links:
Two
Three
Four

2. Double click on Rkill.
A command window will open then disappear upon completion, this is normal. If this does not happen then delete the file and download and use the next link provided above. Repeat if necessary until you get the command window. If no version will run, stop here and let me know by replying to my post.

3. When the program finishes, Notepad will open with a log file, automatically saved at C:\rkill.log.

Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.

After running RKill, it is important that you do not reboot your PC.

4. Download OTL from any of the following links and save to your Desktop.
OTL1
OTL2
OTL3

Rename the program google.exe.

5. Disable all of your Anti-Virus, Anti-Spyware programs. If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

6. Double click on the google.exe icon to run it (Vista and Windows 7 users right click and select Run as Administrator). Make sure all other windows are closed and to let it run uninterrupted.

7. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked. Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]

 netsvcs
drivers32
CREATERESTOREPOINT 
msconfig
%systemroot%\*. /rp /s

8. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please always check to be sure Word Wrap is NOT turned on in any Notepad files you post. This is done by opening the Notepad file and clicking on Format to be sure Word Wrap is not checked.

Note: This site has size limits on posts. Please be sure to check that all the data you entered was posted. If not, use multiple posts.

Now please post the following to me as a reply to this post:
rkill.log
OTL.Txt
Extras.Txt
Let me know how your computer and browser are operating
Let me know if you can connect to the internet
If you have any questions or problems, let me know that as well

Chromed Shoes · « **Reply #5 on:** July 18, 2012, 06:48:45 PM »

Okay in addition to the three logs I've included the entry from Malwarebytes. As for computer and browser status, my OS is Windows XP and the only noticeable problem is that my browser keeps getting redirected.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.12

Windows XP Service Pack 2 x86 FAT32 (Safe Mode/Networking)
Internet Explorer 6.0.2900.2180
cfjasdhfhsdjklsdnhvk :: ACER [administrator]

7/17/2012 8:36:42 AM
mbam-log-2012-07-17 (08-36-42).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386080
Time elapsed: 21 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Avenger\jBqthUnXGgKIJF.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

(end)

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/18/2012 at 18:01:44.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
c:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

Rkill completed on 07/18/2012 at 18:03:00.

OTL logfile created on: 7/18/2012 6:15:49 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 675.35 Mb Available Physical Memory | 66.05% Memory free
2.31 Gb Paging File | 2.13 Gb Available in Paging File | 92.15% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.31 Gb Total Space | 27.25 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
Drive D: | 120.09 Gb Total Space | 97.85 Gb Free Space | 81.48% Space Free | Partition Type: FAT32
Drive F: | 27.84 Gb Total Space | 12.42 Gb Free Space | 44.62% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: cfjasdhfhsdjklsdnhvk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 18:04:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\google.exe.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtlisten)
SRV - File not found [Auto | Stopped] -- -- (nmservice)
SRV - File not found [Auto | Stopped] -- -- (LinksysUpdater)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (CDVDService)
SRV - [2012/02/29 17:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/18 12:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/11/30 11:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/02/25 16:52:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2004/10/29 02:20:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/10/29 02:18:24 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\SynasUSB.sys -- (SynasUSB)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\dysplr.sys -- (rlqra)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CFJASD~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/05/18 12:12:07 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/22 10:34:00 | 003,727,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/07/29 11:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 11:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/13 12:08:20 | 000,033,890 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/29 13:00:00 | 000,247,296 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2004/01/14 13:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=14196&l=dis
IE - HKCU\..\SearchScopes,DefaultScope = {3D1C0D1B-BB80-4BE1-ACC8-10F266830714}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US
IE - HKCU\..\SearchScopes\{3D1C0D1B-BB80-4BE1-ACC8-10F266830714}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADSA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Tunes install\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\RobloxVersions\version-eecd9135a67340ab\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/20 08:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 08:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 08:52:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4F85A728-C86F-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\{4F85A728-C86F-11E1-8270-B8AC6F996F26}\ [2012/07/07 14:07:05 | 000,000,000 | ---D | M]

[2010/11/04 18:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Mozilla\Extensions
[2012/07/04 09:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Mozilla\Firefox\Profiles\9u9jd9x4.default\extensions
[2010/11/04 18:24:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Mozilla\Firefox\Profiles\9u9jd9x4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/28 12:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/28 12:09:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/07 14:07:05 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\CFJASDHFHSDJKLSDNHVK\LOCAL SETTINGS\APPLICATION DATA\{4F85A728-C86F-11E1-8270-B8AC6F996F26}
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/25 07:40:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/05 10:34:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gretsy] rundll32.exe "C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\gretsy.dll",CleanupGlobalTempFiles File not found
O4 - HKLM..\Run: [iTunesHelper] D:\Tunes install\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [kisird] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\kisird.dll (C-Media Electronics Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Download] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\SupportSoft\ddoctorv2\cfjasdhfhsdjklsdnhvk\ssGet.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261606953187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261608140578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/15 21:58:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 18:04:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\google.exe.exe
[2012/07/18 14:42:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\dds.com
[2012/07/17 19:48:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/17 11:22:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/17 11:22:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/17 11:22:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/17 11:22:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/17 11:05:13 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\ComboFix.exe
[2012/07/16 17:26:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/07/16 17:15:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Recent
[2012/07/16 17:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu\Programs\File Recovery
[2012/07/09 14:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2012/07/09 14:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZIP Password Recovery
[2012/07/07 14:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\{4F85A728-C86F-11E1-8270-B8AC6F996F26}
[2012/07/07 14:07:02 | 000,401,408 | ---- | C] (C-Media Electronics Inc.) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\kisird.dll
[2012/06/07 22:02:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 18:04:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\google.exe.exe
[2012/07/18 17:58:06 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\rkill.com
[2012/07/18 17:52:57 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/07/18 17:52:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/18 17:51:55 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3405786225-280757992-2748749879-1005.job
[2012/07/18 17:51:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/18 17:51:33 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 14:44:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3405786225-280757992-2748749879-1005UA.job
[2012/07/18 14:43:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3405786225-280757992-2748749879-1005Core.job
[2012/07/18 14:42:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\dds.com
[2012/07/17 11:03:36 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\ComboFix.exe
[2012/07/17 09:27:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\Default.rdp
[2012/07/16 19:07:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/16 17:57:26 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJFr
[2012/07/16 17:57:26 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJF
[2012/07/16 17:57:23 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jBqthUnXGgKIJF
[2012/07/16 14:05:05 | 000,055,182 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternator diagram.jpg
[2012/07/16 10:08:04 | 000,100,204 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternatorWiring.jpg
[2012/07/15 14:58:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3405786225-280757992-2748749879-1005.job
[2012/07/12 18:46:14 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to fba.lnk
[2012/07/11 16:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/11 14:04:52 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/07/07 14:07:04 | 000,401,408 | ---- | M] (C-Media Electronics Inc.) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\kisird.dll
[2012/07/05 19:27:13 | 000,294,868 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/07/05 19:27:13 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/07/05 19:27:13 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/07/05 18:27:59 | 000,294,868 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/07/04 19:46:23 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\inst.exe
[2012/07/04 19:46:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.sys
[2012/07/04 19:46:23 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.cat
[2012/07/04 19:46:23 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.inf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 17:58:02 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\rkill.com
[2012/07/18 17:52:23 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/07/18 15:11:34 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/17 11:22:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/17 11:22:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/17 11:22:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/17 11:22:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/17 11:22:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/17 09:27:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\Default.rdp
[2012/07/16 17:14:39 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJFr
[2012/07/16 17:14:39 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJF
[2012/07/16 17:14:36 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jBqthUnXGgKIJF
[2012/07/16 14:05:03 | 000,055,182 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternator diagram.jpg
[2012/07/16 10:08:03 | 000,100,204 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternatorWiring.jpg
[2012/07/12 18:46:14 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to fba.lnk
[2012/06/07 22:02:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\inst.exe
[2012/06/07 22:02:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.cat
[2012/06/07 22:02:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.inf
[2012/05/25 22:26:59 | 006,446,080 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\mame.exe
[2012/05/25 22:26:59 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\xml2info.exe
[2012/05/25 22:26:59 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\chdman.exe
[2012/05/25 22:26:59 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\romcmp.exe
[2012/05/25 11:57:57 | 006,547,980 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\mame088b.zip
[2012/04/28 23:16:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012/04/28 20:12:58 | 000,294,868 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/28 20:12:58 | 000,294,868 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/28 20:12:58 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/28 20:12:44 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/28 19:50:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/23 22:40:48 | 000,111,829 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu.rar
[2011/10/06 17:45:31 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2011/10/06 17:45:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/05/10 13:03:29 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/03/12 22:23:40 | 000,430,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/18 17:08:16 | 000,139,679 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2011/02/18 17:08:16 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/11/04 18:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/06 13:36:48 | 000,013,120 | -HS- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\d1NJm3Vp784
[2007/08/23 22:35:17 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\HMAGIC.CFG
[2007/08/20 21:05:47 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\ZGUICFG.DAT
[2007/08/20 21:05:01 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\ZGUICFGW.DAT
[2007/04/01 14:38:51 | 000,000,134 | R--- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Valid.Ext
[2007/02/10 12:47:58 | 000,531,446 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\com.kennettnet.MusicRescueProfiles.plist
[2007/02/10 12:47:58 | 000,003,201 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\com.kennettnet.MusicRescue.plist
[2007/01/15 17:27:58 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/15 22:55:05 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/26 19:47:46 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/24 19:51:42 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\fusioncache.dat
[2005/08/26 16:53:42 | 000,004,686 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\cfjasdhfhsdjklsdnhvklog.dat

========== LOP Check ==========

[2009/07/08 14:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/08/09 21:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5Spice Analysis
[2010/04/01 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/02/04 18:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011/10/18 15:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2012/02/05 10:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/12 11:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2006/08/26 04:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2006/08/15 23:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/05/14 20:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/08 17:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/14 21:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/07/25 21:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/23 09:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/12 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2011/02/13 19:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/22 17:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/05/03 15:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\.minecraft
[2010/03/01 16:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Autodesk
[2011/05/30 14:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\FrostWire
[2009/08/06 15:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\GetRightToGo
[2011/10/18 15:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\IconTweaker
[2012/02/05 10:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Juniper Networks
[2012/04/30 18:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Mupen64Plus
[2011/07/13 12:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\OpenOffice.org
[2006/08/15 23:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Otto
[2012/03/10 19:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Qesair
[2012/02/29 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Saqai
[2011/02/07 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Synthesia
[2010/12/07 19:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\TeamViewer
[2012/07/04 19:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Vso
[2012/03/09 12:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Xiryvi
[2012/07/18 14:43:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3405786225-280757992-2748749879-1005Core.job
[2012/07/18 14:44:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3405786225-280757992-2748749879-1005UA.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748

< End of report >

Chromed Shoes · « **Reply #6 on:** July 18, 2012, 06:50:11 PM »

OTL Extras logfile created on: 7/18/2012 6:15:49 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 675.35 Mb Available Physical Memory | 66.05% Memory free
2.31 Gb Paging File | 2.13 Gb Available in Paging File | 92.15% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.31 Gb Total Space | 27.25 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
Drive D: | 120.09 Gb Total Space | 97.85 Gb Free Space | 81.48% Space Free | Partition Type: FAT32
Drive F: | 27.84 Gb Total Space | 12.42 Gb Free Space | 44.62% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: cfjasdhfhsdjklsdnhvk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\123CopyDVD 2009\123CopyDVD.exe" = C:\Program Files\123CopyDVD 2009\123CopyDVD.exe:*:Enabled:123CopyDVD 2009 -- ()
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Real\RealUpgrade\realupgrade.exe" = C:\Program Files\Real\RealUpgrade\realupgrade.exe:*:Disabled:RealUpgrade Launcher -- (RealNetworks, Inc.)
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:DivX Update -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\supportsoft\bin\bcont.exe" = C:\Program Files\Common Files\supportsoft\bin\bcont.exe:*:Disabled:SupportSoft Container -- (SupportSoft, Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\SSI\Warlords Battlecry\Battlecry.exe" = C:\Program Files\SSI\Warlords Battlecry\Battlecry.exe:*:Enabled:Warlords Battlecry
"C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Tunes install\iTunes.exe" = D:\Tunes install\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{050B8228-B0F4-4BE9-A506-32DD6D3ED19D}_is1" = World of Goo v1.3.0.4
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1ABA2AF6-A2BB-486C-A7CB-FCF34C135D92}" = Cisco AnyConnect VPN Client
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{703FBBAA-ED01-498D-86D5-559C4725CD63}" = Wireless 802.11g USB Adapter
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D9044DCB-F8F9-4A81-9B06-ACAC1A59B261}" = QuickConnect
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"123 CopyDVD 2009" = 123 CopyDVD 2009
"3D Windows XP" = 3D Windows XP Screen Saver
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CDisplay_is1" = CDisplay 1.8
"DivX Setup" = DivX Setup
"HP Photo & Imaging" = HP Image Zone 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{703FBBAA-ED01-498D-86D5-559C4725CD63}" = Wireless 802.11g USB Adapter
"InstallShield_{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Music Rescue_is1" = Music Rescue 3.1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenMG HotFix4.0-04-11-01-01" = OpenMG Limited Patch 4.0-04-11-01-01
"PCFriendly" = PCFriendly
"PeoplePC Partial" = PeoplePC Online - Partial Install
"PitCrewSCR" = PitCrewSCR
"RealPlayer 15.0" = RealPlayer
"TeamViewer 6" = TeamViewer 6
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for cfjasdhfhsdjklsdnhvk
"Akamai" = Akamai NetSession Interface
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 8:19:27 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/17/2012 8:32:01 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/17/2012 8:55:36 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/18/2012 12:00:27 AM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/18/2012 2:12:51 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/18/2012 4:40:39 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/18/2012 5:12:12 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/18/2012 5:18:55 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/18/2012 7:52:11 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

Error - 7/18/2012 7:57:32 PM | Computer Name = ACER | Source = Google Update | ID = 20
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 2/5/2012 12:32:05 PM | Computer Name = ACER | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 155.101.240.1 Interface: 155.101.240.236 Metric: 1

Error - 2/5/2012 12:32:05 PM | Computer Name = ACER | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
225 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 155.101.240.1 Interface: 155.101.240.236 Metric: 1

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
225 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 155.98.255.255
Netmask: 255.255.255.255 Gateway: 155.101.240.1 Interface: 155.101.240.236 Metric:
1

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
225 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 155.101.240.1 Interface: 155.101.240.236 Metric: 1

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
225 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 155.98.255.255
Netmask: 255.255.255.255 Gateway: 155.101.240.1 Interface: 155.101.240.236 Metric:
1

Error - 2/5/2012 12:32:11 PM | Computer Name = ACER | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
225 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

[ System Events ]
Error - 7/18/2012 2:12:51 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The Pure Networks Platform Service service failed to start due to
the following error: %%3

Error - 7/18/2012 4:40:39 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3

Error - 7/18/2012 4:40:39 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Listener Service service failed to start due to the
following error: %%3

Error - 7/18/2012 4:40:39 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The Pure Networks Platform Service service failed to start due to
the following error: %%3

Error - 7/18/2012 5:06:38 PM | Computer Name = ACER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/18/2012 5:06:38 PM | Computer Name = ACER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/18/2012 5:07:33 PM | Computer Name = ACER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/18/2012 5:07:54 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Fips

Error - 7/18/2012 5:10:56 PM | Computer Name = ACER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/18/2012 5:14:10 PM | Computer Name = ACER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 001558081E6A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

Bear · « **Reply #7 on:** July 18, 2012, 08:14:31 PM »

Hi Chrome

OK, we found a few things. Let's get them cleaned up and see where we are.

1. Please go to start/control panel/add or remove programs and completely uninstall the following programs:
Otto
Spybot - Search & Destroy

2. Are you familiar with or do you use a program or service called "gretsy?"

3. Double click on the OTL icon to run it (Vista and Windows 7 users right click and select Run as Administrator). Make sure all other windows are closed and to let it run uninterrupted.

4. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked. Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]

:OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
[2012/07/16 17:57:26 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJFr
[2012/07/16 17:57:26 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJF
[2012/07/16 17:57:23 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jBqthUnXGgKIJF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748


:FILES

:Commands
[REBOOT]
[EMPTYTEMP]
[RESETHOSTS]
[EMPTYJAVA]

5. Click on the Run Fix button. The fix log is saved on your C: drive under OTL\Moved Files as date-some number.log. Reboot you PC.

6. Now click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.

As always please check to be sure Word Wrap is NOT turned on in any Notepad files you post and please be sure to check that all the data you entered was posted. If not, use multiple posts.

Now please post the following to me as a reply to this post:
OTL Fix Log
OTL.txt
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well

Chromed Shoes · « **Reply #8 on:** July 19, 2012, 08:35:38 AM »

Gretsy? No I never installed or used this program intentionally. However after I ran mbam and delayed all of those false warnings I mentioned earlier, I get an error message saying gretsy.dll is missing.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJFr moved successfully.
C:\Documents and Settings\All Users\Application Data\-jBqthUnXGgKIJF moved successfully.
C:\Documents and Settings\All Users\Application Data\jBqthUnXGgKIJF moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748 deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: artwork

User: cfjasdhfhsdjklsdnhvk
->Temp folder emptied: 34619857 bytes
->Temporary Internet Files folder emptied: 4235301 bytes
->Java cache emptied: 12011603 bytes
->FireFox cache emptied: 6831893 bytes
->Flash cache emptied: 47647 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: docs

User: hash

User: hlsl

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: src

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3124241 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 311960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 4163438 bytes

Total Files Cleaned = 63.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: artwork

User: cfjasdhfhsdjklsdnhvk
->Java cache emptied: 0 bytes

User: Default User

User: docs

User: hash

User: hlsl

User: LocalService

User: NetworkService

User: src

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07192012_081730

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 7/19/2012 8:24:51 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 512.35 Mb Available Physical Memory | 50.11% Memory free
2.31 Gb Paging File | 1.96 Gb Available in Paging File | 84.81% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.31 Gb Total Space | 27.30 Gb Free Space | 44.52% Space Free | Partition Type: NTFS
Drive D: | 120.09 Gb Total Space | 97.85 Gb Free Space | 81.48% Space Free | Partition Type: FAT32
Drive F: | 27.84 Gb Total Space | 12.42 Gb Free Space | 44.62% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: cfjasdhfhsdjklsdnhvk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 18:04:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\google.exe.exe
PRC - [2012/07/11 14:38:59 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/29 17:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/20 08:51:51 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/13 00:24:58 | 000,421,736 | ---- | M] (Apple Inc.) -- D:\Tunes install\iTunesHelper.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/30 11:08:30 | 007,464,232 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2010/11/30 11:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/30 10:46:38 | 000,099,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/29 17:58:00 | 001,568,576 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2012/02/29 17:58:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/13 12:35:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2004/08/10 14:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtlisten)
SRV - File not found [Auto | Stopped] -- -- (nmservice)
SRV - File not found [Auto | Stopped] -- -- (LinksysUpdater)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (CDVDService)
SRV - [2012/02/29 17:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/18 12:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/11/30 11:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/02/25 16:52:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2004/10/29 02:20:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/10/29 02:18:24 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\SynasUSB.sys -- (SynasUSB)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\dysplr.sys -- (rlqra)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CFJASD~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/05/18 12:12:07 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/22 10:34:00 | 003,727,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/07/29 11:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 11:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/13 12:08:20 | 000,033,890 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/29 13:00:00 | 000,247,296 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2004/01/14 13:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=14196&l=dis
IE - HKCU\..\SearchScopes,DefaultScope = {3D1C0D1B-BB80-4BE1-ACC8-10F266830714}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US
IE - HKCU\..\SearchScopes\{3D1C0D1B-BB80-4BE1-ACC8-10F266830714}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADSA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Tunes install\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\RobloxVersions\version-eecd9135a67340ab\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/20 08:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 08:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 08:52:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4F85A728-C86F-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\{4F85A728-C86F-11E1-8270-B8AC6F996F26}\ [2012/07/07 14:07:05 | 000,000,000 | ---D | M]

[2010/11/04 18:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Mozilla\Extensions
[2012/07/04 09:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Mozilla\Firefox\Profiles\9u9jd9x4.default\extensions
[2010/11/04 18:24:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Mozilla\Firefox\Profiles\9u9jd9x4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/28 12:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/28 12:09:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/07 14:07:05 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\CFJASDHFHSDJKLSDNHVK\LOCAL SETTINGS\APPLICATION DATA\{4F85A728-C86F-11E1-8270-B8AC6F996F26}
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/25 07:40:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/19 08:17:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gretsy] rundll32.exe "C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\gretsy.dll",CleanupGlobalTempFiles File not found
O4 - HKLM..\Run: [iTunesHelper] D:\Tunes install\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [kisird] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\kisird.dll (C-Media Electronics Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Download] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\SupportSoft\ddoctorv2\cfjasdhfhsdjklsdnhvk\ssGet.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261606953187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261608140578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/15 21:58:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 08:17:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/18 18:04:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\google.exe.exe
[2012/07/18 14:42:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\dds.com
[2012/07/17 19:48:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/17 11:22:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/17 11:22:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/17 11:22:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/17 11:22:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/17 11:05:13 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\ComboFix.exe
[2012/07/16 17:26:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/07/16 17:15:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Recent
[2012/07/16 17:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu\Programs\File Recovery
[2012/07/09 14:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2012/07/09 14:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZIP Password Recovery
[2012/07/07 14:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\{4F85A728-C86F-11E1-8270-B8AC6F996F26}
[2012/07/07 14:07:02 | 000,401,408 | ---- | C] (C-Media Electronics Inc.) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\kisird.dll
[2012/06/07 22:02:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/19 08:22:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/19 08:21:23 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3405786225-280757992-2748749879-1005.job
[2012/07/19 08:21:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 08:21:03 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 08:17:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/18 18:04:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\google.exe.exe
[2012/07/18 17:58:06 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\rkill.com
[2012/07/18 17:52:57 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/07/18 14:44:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3405786225-280757992-2748749879-1005UA.job
[2012/07/18 14:43:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3405786225-280757992-2748749879-1005Core.job
[2012/07/18 14:42:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\dds.com
[2012/07/17 11:03:36 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\ComboFix.exe
[2012/07/17 09:27:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\Default.rdp
[2012/07/16 19:07:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/16 14:05:05 | 000,055,182 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternator diagram.jpg
[2012/07/16 10:08:04 | 000,100,204 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternatorWiring.jpg
[2012/07/15 14:58:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3405786225-280757992-2748749879-1005.job
[2012/07/12 18:46:14 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to fba.lnk
[2012/07/11 16:32:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/11 14:04:52 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/07/07 14:07:04 | 000,401,408 | ---- | M] (C-Media Electronics Inc.) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\kisird.dll
[2012/07/05 19:27:13 | 000,294,868 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/07/05 19:27:13 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/07/05 19:27:13 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/07/05 18:27:59 | 000,294,868 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/07/04 19:46:23 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\inst.exe
[2012/07/04 19:46:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.sys
[2012/07/04 19:46:23 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.cat
[2012/07/04 19:46:23 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.inf

========== Files Created - No Company Name ==========

[2012/07/18 17:58:02 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\rkill.com
[2012/07/18 17:52:23 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/07/18 15:11:34 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/17 11:22:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/17 11:22:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/17 11:22:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/17 11:22:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/17 11:22:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/17 09:27:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\My Documents\Default.rdp
[2012/07/16 14:05:03 | 000,055,182 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternator diagram.jpg
[2012/07/16 10:08:03 | 000,100,204 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Desktop\alternatorWiring.jpg
[2012/07/12 18:46:14 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to fba.lnk
[2012/06/07 22:02:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\inst.exe
[2012/06/07 22:02:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.cat
[2012/06/07 22:02:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\pcouffin.inf
[2012/05/25 22:26:59 | 006,446,080 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\mame.exe
[2012/05/25 22:26:59 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\xml2info.exe
[2012/05/25 22:26:59 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\chdman.exe
[2012/05/25 22:26:59 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\romcmp.exe
[2012/05/25 11:57:57 | 006,547,980 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\mame088b.zip
[2012/04/28 23:16:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012/04/28 20:12:58 | 000,294,868 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/28 20:12:58 | 000,294,868 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/28 20:12:58 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/28 20:12:44 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/28 19:50:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/23 22:40:48 | 000,111,829 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Start Menu.rar
[2011/10/06 17:45:31 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2011/10/06 17:45:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/05/10 13:03:29 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/03/12 22:23:40 | 000,430,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/18 17:08:16 | 000,139,679 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2011/02/18 17:08:16 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/11/04 18:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/06 13:36:48 | 000,013,120 | -HS- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\d1NJm3Vp784
[2007/08/23 22:35:17 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\HMAGIC.CFG
[2007/08/20 21:05:47 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\ZGUICFG.DAT
[2007/08/20 21:05:01 | 000,013,195 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\ZGUICFGW.DAT
[2007/04/01 14:38:51 | 000,000,134 | R--- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Valid.Ext
[2007/02/10 12:47:58 | 000,531,446 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\com.kennettnet.MusicRescueProfiles.plist
[2007/02/10 12:47:58 | 000,003,201 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\com.kennettnet.MusicRescue.plist
[2007/01/15 17:27:58 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/15 22:55:05 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/26 19:47:46 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/24 19:51:42 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Local Settings\Application Data\fusioncache.dat
[2005/08/26 16:53:42 | 000,004,686 | ---- | C] () -- C:\Documents and Settings\cfjasdhfhsdjklsdnhvk\Application Data\cfjasdhfhsdjklsdnhvklog.dat

< End of report >

Bear · « **Reply #9 on:** July 19, 2012, 01:31:02 PM »

Hi Chrome

How are the PC and Browser doing?

Chromed Shoes · « **Reply #10 on:** July 19, 2012, 01:50:26 PM »

My browser keeps getting redirected

Bear · « **Reply #11 on:** July 19, 2012, 02:19:54 PM »

Hi Chrome

Before you proceed, be sure you have uninstalled the programs, I listed in the post #7.

1. Copy the code in the code box below. Click on Start/Run and paste the code you copied. Click OK. Wait until it finishes. Reboot your PC.

Code: [Select]


sfc /scannow

Please read carefully and follow these steps:

2. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: Combofix use

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Close all open browsers.

3. Disable all of your Anti-Virus, Anti-Spyware programs. If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

4. Double click combofix.exe. For XP, if ComboFix offers to install a Recovery Console, you must permit it to do so. It is very dangerous to permit ComboFix to run unless the Recovery Console is installed.

When finished, it will produce a report for you at C:\ComboFix.txt.

As always please be sure Word Wrap is disabled in Notepad. Also be sure to check that the data you posted was not cut off by the sites posting size limits.

Now please post the following to me as a reply to this post:
ComboFix.txt
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well

Chromed Shoes · « **Reply #12 on:** July 20, 2012, 01:09:09 PM »

It seems Combofix gets hung up in scanning my computer. It was running for about five hours yesterday and it never got past the "scanning for 10 minutes" mark.

Bear · « **Reply #13 on:** July 20, 2012, 01:45:23 PM »

Hi Chrome

As I expected, this is a tough one.

Please read carefully and follow these steps:

1. Download TDSSKiller and save it to your Desktop.

2. Double click on TDSSKiller.exe to run the application. Now click Start Scan.

3. Click on Change parameters and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

4. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue.

Click on Reboot Now if you are asked to reboot the computer.

5. If reboot is NOT required, click on Report. Please copy that file. If a reboot IS required, the report can also be found in your root directory (usually C:\ folder). It's file name will take the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt]". Please copy that file.

Please always check to be sure Word Wrap is NOT turned on in any Notepad files you post. This is done by opening the Notepad file and clicking on Format to be sure Word Wrap is not checked.

Note: This site has size limits on posts. Please be sure to check that all the data you entered was posted. If not, use multiple posts.

Now please post the following to me as a reply to this post:
TDSSKiller log
Let me know how your computer and browser are operating
If you have any questions or problems, let me know that as well

Chromed Shoes · « **Reply #14 on:** July 22, 2012, 09:41:22 AM »

08:54:56.0093 0856   TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
08:54:56.0125 0856   ============================================================
08:54:56.0125 0856   Current date / time: 2012/07/22 08:54:56.0125
08:54:56.0125 0856   SystemInfo:
08:54:56.0125 0856
08:54:56.0125 0856   OS Version: 5.1.2600 ServicePack: 2.0
08:54:56.0125 0856   Product type: Workstation
08:54:56.0125 0856   ComputerName: ACER
08:54:56.0125 0856   UserName: cfjasdhfhsdjklsdnhvk
08:54:56.0125 0856   Windows directory: C:\WINDOWS
08:54:56.0125 0856   System windows directory: C:\WINDOWS
08:54:56.0125 0856   Processor architecture: Intel x86
08:54:56.0125 0856   Number of processors: 1
08:54:56.0125 0856   Page size: 0x1000
08:54:56.0125 0856   Boot type: Normal boot
08:54:56.0125 0856   ============================================================
08:54:56.0343 0856   Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:54:56.0359 0856   Drive \Device\Harddisk5\DR13 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x800, Cylinders: 0x390, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:54:58.0843 0856   ============================================================
08:54:58.0843 0856   \Device\Harddisk0\DR0:
08:54:58.0843 0856   MBR partitions:
08:54:58.0843 0856   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x7AA0A44
08:54:58.0843 0856   \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x8463081, BlocksNum 0xF03AD40
08:54:58.0843 0856   \Device\Harddisk5\DR13:
08:54:58.0843 0856   MBR partitions:
08:54:58.0843 0856   \Device\Harddisk5\DR13\Partition0: MBR, Type 0xB, StartLBA 0xBC43, BlocksNum 0xDED34C
08:54:58.0843 0856   ============================================================
08:54:58.0875 0856   C: <-> \Device\Harddisk0\DR0\Partition0
08:54:58.0875 0856   D: <-> \Device\Harddisk0\DR0\Partition1
08:54:58.0875 0856   ============================================================
08:54:58.0875 0856   Initialize success
08:54:58.0875 0856   ============================================================
08:55:18.0953 2236   ============================================================
08:55:18.0953 2236   Scan started
08:55:18.0953 2236   Mode: Manual; SigCheck; TDLFS;
08:55:18.0953 2236   ============================================================
08:55:19.0625 2236   Abiosdsk - ok
08:55:19.0625 2236   abp480n5 - ok
08:55:19.0640 2236   ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:55:22.0359 2236   ACPI - ok
08:55:22.0390 2236   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:55:22.0562 2236   ACPIEC - ok
08:55:22.0562 2236   adpu160m - ok
08:55:22.0593 2236   aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
08:55:22.0906 2236   aec - ok
08:55:22.0937 2236   AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
08:55:22.0953 2236   AFD - ok
08:55:22.0968 2236   Aha154x - ok
08:55:22.0968 2236   aic78u2 - ok
08:55:22.0968 2236   aic78xx - ok
08:55:23.0171 2236   ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:55:23.0343 2236   ALCXWDM - ok
08:55:23.0453 2236   Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
08:55:23.0578 2236   Alerter - ok
08:55:23.0593 2236   ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
08:55:23.0671 2236   ALG - ok
08:55:23.0703 2236   AliIde - ok
08:55:23.0718 2236   AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:55:23.0750 2236   AmdK8 - ok
08:55:23.0750 2236   amsint - ok
08:55:23.0859 2236   Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:55:23.0859 2236   Apple Mobile Device - ok
08:55:23.0890 2236   AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
08:55:23.0953 2236   AppMgmt - ok
08:55:23.0984 2236   Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:55:24.0125 2236   Arp1394 - ok
08:55:24.0125 2236   asc - ok
08:55:24.0140 2236   asc3350p - ok
08:55:24.0140 2236   asc3550 - ok
08:55:24.0218 2236   aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:55:24.0234 2236   aspnet_state - ok
08:55:24.0234 2236   AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:55:24.0359 2236   AsyncMac - ok
08:55:24.0390 2236   atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:55:24.0546 2236   atapi - ok
08:55:24.0562 2236   Atdisk - ok
08:55:24.0578 2236   Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:55:24.0734 2236   Atmarpc - ok
08:55:24.0750 2236   AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
08:55:24.0890 2236   AudioSrv - ok
08:55:24.0906 2236   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:55:25.0046 2236   audstub - ok
08:55:25.0078 2236   BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
08:55:25.0078 2236   BCM42RLY ( UnsignedFile.Multi.Generic ) - warning
08:55:25.0078 2236   BCM42RLY - detected UnsignedFile.Multi.Generic (1)
08:55:25.0093 2236   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:55:25.0234 2236   Beep - ok
08:55:25.0281 2236   BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
08:55:25.0437 2236   BITS - ok
08:55:25.0500 2236   Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:55:25.0500 2236   Bonjour Service - ok
08:55:25.0546 2236   Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
08:55:25.0687 2236   Browser - ok
08:55:25.0765 2236   catchme - ok
08:55:25.0796 2236   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:55:25.0921 2236   cbidf2k - ok
08:55:25.0953 2236   CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:55:26.0078 2236   CCDECODE - ok
08:55:26.0093 2236   cd20xrnt - ok
08:55:26.0093 2236   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:55:26.0234 2236   Cdaudio - ok
08:55:26.0250 2236   Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
08:55:26.0375 2236   Cdfs - ok
08:55:26.0390 2236   Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:55:26.0406 2236   Cdrom - ok
08:55:26.0421 2236   Changer - ok
08:55:26.0437 2236   CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
08:55:26.0578 2236   CiSvc - ok
08:55:26.0609 2236   ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
08:55:26.0734 2236   ClipSrv - ok
08:55:26.0812 2236   clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:55:26.0812 2236   clr_optimization_v2.0.50727_32 - ok
08:55:26.0828 2236   CmdIde - ok
08:55:26.0843 2236   COMSysApp - ok
08:55:26.0859 2236   Cpqarray - ok
08:55:26.0859 2236   CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
08:55:26.0984 2236   CryptSvc - ok
08:55:26.0984 2236   dac2w2k - ok
08:55:27.0000 2236   dac960nt - ok
08:55:27.0031 2236   DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
08:55:27.0093 2236   DcomLaunch - ok
08:55:27.0125 2236   Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
08:55:27.0500 2236   Dhcp - ok
08:55:27.0531 2236   Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:27.0687 2236   Disk - ok
08:55:27.0687 2236   dmadmin - ok
08:55:27.0734 2236   dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
08:55:27.0875 2236   dmboot - ok
08:55:27.0890 2236   dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
08:55:28.0015 2236   dmio - ok
08:55:28.0031 2236   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:55:28.0156 2236   dmload - ok
08:55:28.0187 2236   dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
08:55:28.0312 2236   dmserver - ok
08:55:28.0343 2236   DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
08:55:28.0468 2236   DMusic - ok
08:55:28.0500 2236   Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
08:55:28.0562 2236   Dnscache - ok
08:55:28.0578 2236   dpti2o - ok
08:55:28.0593 2236   drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
08:55:28.0718 2236   drmkaud - ok
08:55:28.0734 2236   dsNcAdpt - ok
08:55:28.0750 2236   ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
08:55:28.0875 2236   ERSvc - ok
08:55:28.0906 2236   Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
08:55:28.0953 2236   Eventlog - ok
08:55:29.0000 2236   EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
08:55:29.0015 2236   EventSystem - ok
08:55:29.0031 2236   Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
08:55:29.0156 2236   Fastfat - ok
08:55:29.0187 2236   FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
08:55:29.0562 2236   FastUserSwitchingCompatibility - ok
08:55:29.0593 2236   Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
08:55:29.0734 2236   Fax - ok
08:55:29.0750 2236   Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:55:29.0875 2236   Fdc - ok
08:55:29.0890 2236   Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
08:55:30.0000 2236   Fips - ok
08:55:30.0093 2236   FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:55:30.0140 2236   FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:55:30.0140 2236   FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:55:30.0156 2236   Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:55:30.0265 2236   Flpydisk - ok
08:55:30.0296 2236   FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:55:30.0718 2236   FltMgr - ok
08:55:30.0781 2236   FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:55:30.0796 2236   FontCache3.0.0.0 - ok
08:55:30.0812 2236   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:55:30.0921 2236   Fs_Rec - ok
08:55:30.0937 2236   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:55:31.0062 2236   Ftdisk - ok
08:55:31.0078 2236   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:55:31.0093 2236   GEARAspiWDM - ok
08:55:31.0109 2236   Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:55:31.0234 2236   Gpc - ok
08:55:31.0250 2236   GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
08:55:31.0250 2236   GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
08:55:31.0250 2236   GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
08:55:31.0296 2236   helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:55:31.0406 2236   helpsvc - ok
08:55:31.0437 2236   HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
08:55:31.0562 2236   HidServ - ok
08:55:31.0578 2236   hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:55:31.0703 2236   hidusb - ok
08:55:31.0703 2236   hpn - ok
08:55:31.0796 2236   hpqcxs08 (a30e97371e38ef45b0757561b2796733) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:55:31.0812 2236   hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
08:55:31.0812 2236   hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
08:55:31.0843 2236   HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:55:31.0953 2236   HPZid412 - ok
08:55:31.0968 2236   HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:55:32.0000 2236   HPZipr12 - ok
08:55:32.0031 2236   HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:55:32.0046 2236   HPZius12 - ok
08:55:32.0093 2236   HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
08:55:32.0140 2236   HTTP - ok
08:55:32.0156 2236   HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
08:55:32.0281 2236   HTTPFilter - ok
08:55:32.0296 2236   i2omgmt - ok
08:55:32.0296 2236   i2omp - ok
08:55:32.0328 2236   i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:55:32.0453 2236   i8042prt - ok
08:55:32.0515 2236   IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:55:32.0531 2236   IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:55:32.0531 2236   IDriverT - detected UnsignedFile.Multi.Generic (1)
08:55:32.0640 2236   idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:55:32.0656 2236   idsvc - ok
08:55:32.0687 2236   Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:55:32.0812 2236   Imapi - ok
08:55:32.0843 2236   ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
08:55:32.0953 2236   ImapiService - ok
08:55:32.0953 2236   ini910u - ok
08:55:32.0968 2236   IntelIde - ok
08:55:33.0000 2236   Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:55:33.0109 2236   Ip6Fw - ok
08:55:33.0125 2236   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:55:33.0234 2236   IpFilterDriver - ok
08:55:33.0250 2236   IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:55:33.0375 2236   IpInIp - ok
08:55:33.0390 2236   IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:55:33.0796 2236   IpNat - ok
08:55:33.0921 2236   iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
08:55:33.0937 2236   iPod Service - ok
08:55:33.0984 2236   IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:55:34.0093 2236   IPSec - ok
08:55:34.0109 2236   irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
08:55:34.0187 2236   irda - ok
08:55:34.0203 2236   IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:55:34.0281 2236   IRENUM - ok
08:55:34.0296 2236   Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll
08:55:34.0375 2236   Irmon - ok
08:55:34.0406 2236   irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
08:55:34.0468 2236   irsir - ok
08:55:34.0484 2236   isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:55:34.0609 2236   isapnp - ok
08:55:34.0625 2236   Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:55:34.0750 2236   Kbdclass - ok
08:55:34.0781 2236   kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:55:34.0890 2236   kbdhid - ok
08:55:34.0921 2236   kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
08:55:35.0343 2236   kmixer - ok
08:55:35.0359 2236   KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
08:55:35.0421 2236   KSecDD - ok
08:55:35.0453 2236   lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
08:55:35.0875 2236   lanmanserver - ok
08:55:35.0906 2236   lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
08:55:35.0937 2236   lanmanworkstation - ok
08:55:35.0937 2236   lbrtfdc - ok
08:55:35.0968 2236   LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
08:55:36.0078 2236   LmHosts - ok
08:55:36.0109 2236   Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
08:55:36.0218 2236   Messenger - ok
08:55:36.0234 2236   MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
08:55:36.0281 2236   MHN - ok
08:55:36.0296 2236   MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:55:36.0312 2236   MHNDRV - ok
08:55:36.0328 2236   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:55:36.0437 2236   mnmdd - ok
08:55:36.0468 2236   mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
08:55:36.0593 2236   mnmsrvc - ok
08:55:36.0609 2236   Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
08:55:36.0734 2236   Modem - ok
08:55:36.0765 2236   MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
08:55:36.0890 2236   MODEMCSA - ok
08:55:36.0906 2236   Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:55:37.0015 2236   Mouclass - ok
08:55:37.0031 2236   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:55:37.0140 2236   mouhid - ok
08:55:37.0171 2236   MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
08:55:37.0265 2236   MountMgr - ok
08:55:37.0281 2236   mraid35x - ok
08:55:37.0328 2236   MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:55:37.0375 2236   MRxDAV - ok
08:55:37.0421 2236   MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:55:37.0468 2236   MRxSmb - ok
08:55:37.0484 2236   MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
08:55:37.0593 2236   MSDTC - ok
08:55:37.0609 2236   Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
08:55:37.0718 2236   Msfs - ok
08:55:37.0734 2236   MSIServer - ok
08:55:37.0750 2236   MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:55:37.0875 2236   MSKSSRV - ok
08:55:37.0875 2236   MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:55:38.0015 2236   MSPCLOCK - ok
08:55:38.0015 2236   MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
08:55:38.0156 2236   MSPQM - ok
08:55:38.0171 2236   mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:55:38.0296 2236   mssmbios - ok
08:55:38.0328 2236   MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
08:55:38.0453 2236   MSTEE - ok
08:55:38.0468 2236   Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
08:55:38.0578 2236   Mup - ok
08:55:38.0609 2236   NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:55:38.0734 2236   NABTSFEC - ok
08:55:38.0750 2236   NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
08:55:38.0843 2236   NDIS - ok
08:55:38.0875 2236   NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:55:39.0000 2236   NdisIP - ok
08:55:39.0015 2236   NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:55:39.0125 2236   NdisTapi - ok
08:55:39.0156 2236   Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:55:39.0203 2236   Ndisuio - ok
08:55:39.0234 2236   NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:55:39.0343 2236   NdisWan - ok
08:55:39.0359 2236   NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
08:55:39.0484 2236   NDProxy - ok
08:55:39.0500 2236   Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
08:55:39.0500 2236   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:55:39.0500 2236   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:55:39.0515 2236   NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:55:39.0640 2236   NetBIOS - ok
08:55:39.0656 2236   NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:55:39.0781 2236   NetBT - ok
08:55:39.0796 2236   NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
08:55:39.0921 2236   NetDDE - ok
08:55:39.0921 2236   NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
08:55:40.0031 2236   NetDDEdsdm - ok
08:55:40.0062 2236   Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
08:55:40.0171 2236   Netlogon - ok
08:55:40.0203 2236   Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
08:55:40.0656 2236   Netman - ok
08:55:40.0718 2236   NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:55:40.0718 2236   NetTcpPortSharing - ok
08:55:40.0750 2236   NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:55:40.0875 2236   NIC1394 - ok
08:55:40.0906 2236   Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
08:55:40.0968 2236   Nla - ok
08:55:41.0000 2236   Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
08:55:41.0093 2236   Npfs - ok
08:55:41.0156 2236   Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
08:55:41.0578 2236   Ntfs - ok
08:55:41.0609 2236   NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
08:55:41.0609 2236   NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
08:55:41.0609 2236   NTIDrvr - detected UnsignedFile.Multi.Generic (1)
08:55:41.0625 2236   NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
08:55:41.0734 2236   NtLmSsp - ok
08:55:41.0765 2236   NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
08:55:41.0890 2236   NtmsSvc - ok
08:55:41.0906 2236   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:55:42.0015 2236   Null - ok
08:55:42.0562 2236   nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:55:43.0000 2236   nv - ok
08:55:43.0140 2236   NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:55:43.0171 2236   NVENETFD - ok
08:55:43.0203 2236   nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:55:43.0234 2236   nvnetbus - ok
08:55:43.0265 2236   NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
08:55:43.0265 2236   NVSvc - ok
08:55:43.0421 2236   nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:55:43.0500 2236   nvUpdatusService - ok
08:55:43.0593 2236   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:55:43.0703 2236   NwlnkFlt - ok
08:55:43.0718 2236   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:55:43.0843 2236   NwlnkFwd - ok
08:55:43.0859 2236   ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:55:43.0984 2236   ohci1394 - ok
08:55:44.0046 2236   ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:55:44.0046 2236   ose - ok
08:55:44.0093 2236   PACSPTISVR (ca05d498da64352d7d71483ca3cd34ce) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
08:55:44.0109 2236   PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
08:55:44.0109 2236   PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
08:55:44.0125 2236   Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
08:55:44.0265 2236   Parport - ok
08:55:44.0265 2236   PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
08:55:44.0375 2236   PartMgr - ok
08:55:44.0390 2236   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:55:44.0515 2236   ParVdm - ok
08:55:44.0546 2236   PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
08:55:44.0671 2236   PCI - ok
08:55:44.0687 2236   PCIDump - ok
08:55:44.0687 2236   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:55:44.0796 2236   PCIIde - ok
08:55:44.0828 2236   Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:55:44.0937 2236   Pcmcia - ok
08:55:44.0968 2236   pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
08:55:45.0000 2236   pcouffin ( UnsignedFile.Multi.Generic ) - warning
08:55:45.0000 2236   pcouffin - detected UnsignedFile.Multi.Generic (1)
08:55:45.0000 2236   PDCOMP - ok
08:55:45.0000 2236   PDFRAME - ok
08:55:45.0000 2236   PDRELI - ok
08:55:45.0015 2236   PDRFRAME - ok
08:55:45.0015 2236   perc2 - ok
08:55:45.0031 2236   perc2hib - ok
08:55:45.0218 2236   PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
08:55:45.0250 2236   PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
08:55:45.0250 2236   PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
08:55:45.0281 2236   PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
08:55:45.0343 2236   PlugPlay - ok
08:55:45.0359 2236   Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
08:55:45.0375 2236   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:55:45.0375 2236   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:55:45.0406 2236   pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
08:55:45.0406 2236   pnarp - ok
08:55:45.0421 2236   PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
08:55:45.0531 2236   PolicyAgent - ok
08:55:45.0546 2236   PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:55:45.0656 2236   PptpMiniport - ok
08:55:45.0671 2236   Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
08:55:45.0796 2236   Processor - ok
08:55:45.0796 2236   ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
08:55:45.0906 2236   ProtectedStorage - ok
08:55:45.0921 2236   PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
08:55:46.0031 2236   PSched - ok
08:55:46.0062 2236   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:55:46.0171 2236   Ptilink - ok
08:55:46.0203 2236   purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
08:55:46.0203 2236   purendis - ok
08:55:46.0234 2236   PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:55:46.0250 2236   PxHelp20 - ok
08:55:46.0250 2236   ql1080 - ok
08:55:46.0265 2236   Ql10wnt - ok
08:55:46.0265 2236   ql12160 - ok
08:55:46.0265 2236   ql1240 - ok
08:55:46.0281 2236   ql1280 - ok
08:55:46.0296 2236   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:55:46.0406 2236   RasAcd - ok
08:55:46.0437 2236   RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
08:55:46.0546 2236   RasAuto - ok
08:55:46.0562 2236   Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
08:55:46.0640 2236   Rasirda - ok
08:55:46.0656 2236   Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:55:46.0765 2236   Rasl2tp - ok
08:55:46.0796 2236   RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
08:55:47.0250 2236   RasMan - ok
08:55:47.0265 2236   RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:55:47.0375 2236   RasPppoe - ok
08:55:47.0390 2236   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:55:47.0500 2236   Raspti - ok
08:55:47.0546 2236   Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:55:48.0000 2236   Rdbss - ok
08:55:48.0015 2236   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:55:48.0140 2236   RDPCDD - ok
08:55:48.0156 2236   rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:55:48.0265 2236   rdpdr - ok
08:55:48.0296 2236   RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
08:55:48.0750 2236   RDPWD - ok
08:55:48.0765 2236   RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
08:55:48.0890 2236   RDSessMgr - ok
08:55:48.0906 2236   redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:55:49.0015 2236   redbook - ok
08:55:49.0046 2236   RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
08:55:49.0171 2236   RemoteAccess - ok
08:55:49.0187 2236   RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
08:55:49.0281 2236   RemoteRegistry - ok
08:55:49.0296 2236   rlqra - ok
08:55:49.0312 2236   ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
08:55:49.0421 2236   ROOTMODEM - ok
08:55:49.0453 2236   RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
08:55:49.0578 2236   RpcLocator - ok
08:55:49.0609 2236   RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
08:55:49.0687 2236   RpcSs - ok
08:55:49.0718 2236   RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:55:49.0812 2236   RSVP - ok
08:55:49.0843 2236   RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
08:55:49.0859 2236   RT61 ( UnsignedFile.Multi.Generic ) - warning
08:55:49.0859 2236   RT61 - detected UnsignedFile.Multi.Generic (1)
08:55:49.0875 2236   SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
08:55:49.0984 2236   SamSs - ok
08:55:50.0000 2236   SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
08:55:50.0125 2236   SCardSvr - ok
08:55:50.0140 2236   Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
08:55:50.0265 2236   Schedule - ok
08:55:50.0296 2236   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:55:50.0359 2236   Secdrv - ok
08:55:50.0390 2236   seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
08:55:50.0500 2236   seclogon - ok
08:55:50.0531 2236   SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
08:55:50.0640 2236   SENS - ok
08:55:50.0656 2236   serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:55:50.0781 2236   serenum - ok
08:55:50.0796 2236   Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
08:55:50.0906 2236   Serial - ok
08:55:50.0937 2236   Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:55:51.0046 2236   Sfloppy - ok
08:55:51.0093 2236   SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
08:55:51.0218 2236   SharedAccess - ok
08:55:51.0234 2236   ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
08:55:51.0703 2236   ShellHWDetection - ok
08:55:51.0703 2236   Simbad - ok
08:55:51.0750 2236   SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:55:51.0875 2236   SLIP - ok
08:55:51.0875 2236   Sparrow - ok
08:55:51.0906 2236   splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
08:55:52.0359 2236   splitter - ok
08:55:52.0375 2236   Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
08:55:52.0843 2236   Spooler - ok
08:55:52.0921 2236   sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
08:55:52.0937 2236   sprtsvc_ddoctorv2 - ok
08:55:52.0984 2236   SPTISRV (150997568104a131e9b82f4df847c602) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
08:55:52.0984 2236   SPTISRV ( UnsignedFile.Multi.Generic ) - warning
08:55:52.0984 2236   SPTISRV - detected UnsignedFile.Multi.Generic (1)
08:55:53.0015 2236   SQTECH905C (80bba4f191ad76ef2d31dab9162d3fae) C:\WINDOWS\system32\Drivers\Capt905c.sys
08:55:53.0031 2236   SQTECH905C ( UnsignedFile.Multi.Generic ) - warning
08:55:53.0031 2236   SQTECH905C - detected UnsignedFile.Multi.Generic (1)
08:55:53.0062 2236   sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
08:55:53.0140 2236   sr - ok
08:55:53.0171 2236   srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
08:55:53.0234 2236   srservice - ok
08:55:53.0265 2236   Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
08:55:53.0328 2236   Srv - ok
08:55:53.0343 2236   SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
08:55:53.0421 2236   SSDPSRV - ok
08:55:53.0453 2236   stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
08:55:53.0859 2236   stisvc - ok
08:55:53.0875 2236   streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:55:54.0000 2236   streamip - ok
08:55:54.0015 2236   swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:55:54.0140 2236   swenum - ok
08:55:54.0156 2236   swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
08:55:54.0281 2236   swmidi - ok
08:55:54.0281 2236   SwPrv - ok
08:55:54.0281 2236   symc810 - ok
08:55:54.0296 2236   symc8xx - ok
08:55:54.0296 2236   sym_hi - ok
08:55:54.0312 2236   sym_u3 - ok
08:55:54.0312 2236   SynasUSB - ok
08:55:54.0343 2236   sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
08:55:54.0453 2236   sysaudio - ok
08:55:54.0484 2236   SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
08:55:54.0609 2236   SysmonLog - ok
08:55:54.0625 2236   TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
08:55:55.0109 2236   TapiSrv - ok
08:55:55.0140 2236   Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:55:55.0203 2236   Tcpip - ok
08:55:55.0218 2236   TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:55:55.0343 2236   TDPIPE - ok
08:55:55.0359 2236   TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
08:55:55.0468 2236   TDTCP - ok
08:55:55.0656 2236   TeamViewer6 (0835a6c3c951a440ad03fb3dab953d16) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
08:55:55.0750 2236   TeamViewer6 - ok
08:55:55.0875 2236   TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:55:56.0000 2236   TermDD - ok
08:55:56.0031 2236   TermService (c29a5286e64d97385178452d5f307b98) C:\WINDOWS\System32\termsrv.dll
08:55:56.0562 2236   TermService - ok
08:55:56.0578 2236   Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
08:55:57.0046 2236   Themes - ok
08:55:57.0078 2236   TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
08:55:57.0140 2236   TlntSvr - ok
08:55:57.0156 2236   TosIde - ok
08:55:57.0171 2236   TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
08:55:57.0281 2236   TrkWks - ok
08:55:57.0296 2236   UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
08:55:57.0312 2236   UBHelper ( UnsignedFile.Multi.Generic ) - warning
08:55:57.0312 2236   UBHelper - detected UnsignedFile.Multi.Generic (1)
08:55:57.0328 2236   Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
08:55:57.0437 2236   Udfs - ok
08:55:57.0437 2236   ultra - ok
08:55:57.0468 2236   Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
08:55:57.0578 2236   Update - ok
08:55:57.0609 2236   upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
08:55:58.0093 2236   upnphost - ok
08:55:58.0109 2236   UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
08:55:58.0218 2236   UPS - ok
08:55:58.0250 2236   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:55:58.0281 2236   USBAAPL - ok
08:55:58.0296 2236   usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:55:58.0421 2236   usbccgp - ok
08:55:58.0453 2236   usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:55:58.0578 2236   usbehci - ok
08:55:58.0593 2236   usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:55:58.0703 2236   usbhub - ok
08:55:58.0718 2236   usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:55:58.0843 2236   usbohci - ok
08:55:58.0875 2236   usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:55:58.0984 2236   usbprint - ok
08:55:59.0015 2236   usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:55:59.0140 2236   usbscan - ok
08:55:59.0171 2236   USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:55:59.0281 2236   USBSTOR - ok
08:55:59.0296 2236   VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
08:55:59.0406 2236   VgaSave - ok
08:55:59.0421 2236   ViaIde - ok
08:55:59.0437 2236   VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
08:55:59.0546 2236   VolSnap - ok
08:55:59.0625 2236   vpnagent (ea8869fa708554bd8130c91bb985c14d) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
08:55:59.0640 2236   vpnagent - ok
08:55:59.0687 2236   vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\WINDOWS\system32\DRIVERS\vpnva.sys
08:55:59.0687 2236   vpnva - ok
08:55:59.0734 2236   VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
08:55:59.0812 2236   VSS - ok
08:55:59.0828 2236   W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
08:55:59.0937 2236   W32Time - ok
08:55:59.0953 2236   Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:56:00.0062 2236   Wanarp - ok
08:56:00.0078 2236   WDICA - ok
08:56:00.0109 2236   wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
08:56:00.0578 2236   wdmaud - ok
08:56:00.0593 2236   WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
08:56:01.0078 2236   WebClient - ok
08:56:01.0140 2236   winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:56:01.0250 2236   winmgmt - ok
08:56:01.0343 2236   WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
08:56:01.0375 2236   WLSetupSvc - ok
08:56:01.0406 2236   WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:56:01.0453 2236   WmdmPmSN - ok
08:56:01.0515 2236   Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
08:56:01.0609 2236   Wmi - ok
08:56:01.0640 2236   WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:56:01.0750 2236   WmiApSrv - ok
08:56:01.0828 2236   WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:56:01.0843 2236   WMPNetworkSvc - ok
08:56:01.0921 2236   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
08:56:01.0921 2236   WpdUsb - ok
08:56:01.0953 2236   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:56:02.0062 2236   WS2IFSL - ok
08:56:02.0078 2236   wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
08:56:02.0203 2236   wscsvc - ok
08:56:02.0218 2236   WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:56:02.0328 2236   WSTCODEC - ok
08:56:02.0343 2236   wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
08:56:02.0453 2236   wuauserv - ok
08:56:02.0468 2236   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:56:02.0515 2236   WudfPf - ok
08:56:02.0531 2236   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:56:02.0546 2236   WudfRd - ok
08:56:02.0578 2236   WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:56:02.0578 2236   WudfSvc - ok
08:56:02.0625 2236   WZCSVC (247520eded53a08ae89ea4fae04f54d8) C:\WINDOWS\System32\wzcsvc.dll
08:56:02.0687 2236   WZCSVC - ok
08:56:02.0718 2236   xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
08:56:02.0812 2236   xmlprov - ok
08:56:02.0843 2236   ZD1211U(ZyDAS) (748ebbf816261873307695d02989e78a) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
08:56:02.0859 2236   ZD1211U(ZyDAS) - ok
08:56:02.0875 2236   ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
08:56:02.0875 2236   ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - warning
08:56:02.0875 2236   ZDPNDIS5 - detected UnsignedFile.Multi.Generic (1)
08:56:02.0906 2236   MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:56:02.0937 2236   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
08:56:02.0937 2236   \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
08:56:05.0453 2236   MBR (0x1B8) (16f8fdff0604e2ba0ae59b3081b7dbff) \Device\Harddisk5\DR13
08:56:31.0609 2236   \Device\Harddisk5\DR13 - ok
08:56:31.0625 2236   Boot (0x1200) (275c32dc21d3aadc0a67b3879780ea66) \Device\Harddisk0\DR0\Partition0
08:56:31.0625 2236   \Device\Harddisk0\DR0\Partition0 - ok
08:56:31.0640 2236   Boot (0x1200) (0e557827a8f210c469f81c620c353793) \Device\Harddisk0\DR0\Partition1
08:56:31.0640 2236   \Device\Harddisk0\DR0\Partition1 - ok
08:56:31.0656 2236   Boot (0x1200) (02e3039228649d42fcf9b8e9055ed643) \Device\Harddisk5\DR13\Partition0
08:56:31.0671 2236   \Device\Harddisk5\DR13\Partition0 - ok
08:56:31.0671 2236   ============================================================
08:56:31.0671 2236   Scan finished
08:56:31.0671 2236   ============================================================
08:56:31.0781 1776   Detected object count: 17
08:56:31.0781 1776   Actual detected object count: 17
08:57:04.0140 1776   BCM42RLY ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0140 1776   BCM42RLY ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0140 1776   FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0140 1776   FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0140 1776   GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0140 1776   GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0140 1776   hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0140 1776   hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0140 1776   IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0140 1776   IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0140 1776   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0140 1776   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   RT61 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   RT61 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   SQTECH905C ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   SQTECH905C ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:04.0156 1776   ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:04.0156 1776   ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:07.0437 1776   \Device\Harddisk0\DR0\# - copied to quarantine
08:57:07.0437 1776   \Device\Harddisk0\DR0 - copied to quarantine
08:57:07.0453 1776   \Device\Harddisk0\DR0 - processing error
08:58:12.0875 1776   \Device\Harddisk0\DR0 - will be restored on reboot
08:58:12.0875 1776   \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure Restore
08:58:48.0171 3244   Deinitialize success

News:

Author Topic: [Resolved]File Recovery virus (Read 1691 times)

Chromed Shoes

[Resolved]File Recovery virus

Bear

Re: File Recovery virus

Chromed Shoes

Re: File Recovery virus

Bear

Re: File Recovery virus

Bear

Re: [In Progress-B]File Recovery virus

Chromed Shoes

Re: [In Progress-B]File Recovery virus

Chromed Shoes

Re: [In Progress-B]File Recovery virus

Bear

Re: [In Progress-B]File Recovery virus

Chromed Shoes

Re: [In Progress-B]File Recovery virus

Bear

Re: [In Progress-B]File Recovery virus

Chromed Shoes

Re: [In Progress-B]File Recovery virus

Bear

Re: [In Progress-B]File Recovery virus

Chromed Shoes

Re: [In Progress-B]File Recovery virus

Bear

Re: [In Progress-B]File Recovery virus

Chromed Shoes

Re: [In Progress-B]File Recovery virus