Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 14th, 2012, 1:39 am

Salutations good people!

I would like some help if possible. I am running Vista Home edition (32bit) on an AMD Athlon 64 x2 processor, 4 gigs of ram and a 300Gb HDD with 177Gb free space.

The computer has been getting slower and slower of late, with an occasional trip to the BSOD (sorry, I didn't note the culprit process), so I ran a full system scan with Avast! (free version, fully updated) which found some infections and quarantined them. Since it was still slow, I did another scan with ESET which found the infections in the title. I read through the pre-requisites for posting here, and tried both DDS.SCR and DDS.COM, both of which errored out.

Both Avast! and Search and destroy 2 were disabled for the scan.

I have the capability to run this computer in offline mode and access the forums from another computer if that would help. I have USB drives to sneakernet programs and info if needed.

Here are the logs from HJT:

================================ hijackthis.log ==============================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:16 PM, on 6/13/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vtune\TBPANEL.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://burgii.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.burgii.com
O15 - Trusted Zone: *.infinitekind.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8548 bytes

=============================== uninstall_list.txt =============================
Acrobat.com
Acronis True Image WD Edition
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
AntispamSniper for TheBat!
Apple Application Support
Apple Software Update
ApRadar 3.1.1.7 Update
AutoIt v3.3.6.1
avast! Free Antivirus
Belarc Advisor 8.1
BlackBerry Desktop Software 6.1
BlackBerry Desktop Software 6.1
Cain & Abel v4.9.43
Canon iP2600 series
Cisco Connect
CPUID CPU-Z 1.58
Data Lifeguard Diagnostic for Windows 1.22
DivX
Easy-WebPrint
Enhanced Multimedia Keyboard Solution
Exifer
FileZilla Client 3.5.3
FINAL FANTASY XI
FINAL FANTASY XI for Windows - Official Benchmark Program 3
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
FINAL FANTASY XIV
Fraps (remove only)
Google Earth Plug-in
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Picasso Media Center Add-In
HP Product Detection
HP Total Care Advisor
HP Update
HTML-Kit
Java(TM) 6 Update 22
Java(TM) 6 Update 32
Kies mini
Kies mini
LG United Mobile Driver
Magic ISO Maker v5.4 (build 0239)
MagicBerry for Blackberry version 3.5
MagicDisc 2.7.106
MemoryLifter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Help Viewer 1.1
Microsoft Help Viewer 1.1
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
muvee autoProducer 5.0
My HP Games
MyDefrag v4.2.9
MySQL Connector/ODBC 3.51
MySQL Workbench 5.2 CE
NirSoft IE PassView
NirSoft ShellExView
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 296.10
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 296.10
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
OcxSetup
OpenOffice.org 3.3
Oracle VM VirtualBox 4.1.16
Paragon Backup & Recovery™ 2012 Free
PHP Generator for MySQL 11.4
PlayOnline Viewer and Tetra Master
PMB
POLUtils
Python 2.4.3
QuickTime
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
SAMSUNG USB Driver for Mobile Phones
SciTE4AutoIt3 7/3/2011
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Service Pack 3 for SQL Server 2008 (KB2546951)
Skype™ 5.8
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy 2
Sql Server Customer Experience Improvement Program
The Bat! International Pack v5.0.8
TheBat! Home v5.0.36
TopStyle Lite (Version 3)
TopStyle Lite (Version 3)
UltraEdit-32 Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Version 6.7.1
VLC media player 1.0.1
Vtune 7.6
WampServer 2.2
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.4.2
XBCD Uninstaller
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!
Advertisement
Register to Remove

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 16th, 2012, 9:22 am

Hi daveyb,
Quite a lot in this post, but you are a software person.
Just do each one in order.
Let's update a few things, and remove this version of Spybot, which is still in trial mode.
I have also included Cain & Abel in the removals. Removing it is a good idea unless you have a specific need for it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.5.1
Cain & Abel v4.9.43
HiJackThis
Java(TM) 6 Update 22
Java(TM) 6 Update 32
Spybot - Search & Destroy 2

Take extra care in answering questions posed by any Uninstaller.
Since you already have MS Office and OpenOffice, you probably DO NOT need Microsoft Works either, but we can leave that until later.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 7u5, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK". If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline for 32-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1013_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 16th, 2012, 4:12 pm

Hi askey127,

Thanks for your reply!

All the programs listed were uninstalled, including Microsoft Office which I no longer use.

Microsoft Works was installed in the original machine image, and is missing the .msi file so the uninstaller will not work. I've just ignored it, but no, I don't use it either.

After the shutdown and restart, the updated JRE and Adobe reader were installed and the changes made as requested.

================================ Begin OTL.txt ===================================
OTL logfile created on: 6/16/2012 12:46:43 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Dave\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 58.91% Memory free
7.20 Gb Paging File | 5.83 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 169.26 Gb Free Space | 58.00% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.02% Space Free | Partition Type: NTFS

Computer Name: ANDROMEDA | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 12:43:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2012/06/16 11:33:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/29 13:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 13:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/08/25 18:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/25 18:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/05 18:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/25 05:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/28 06:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 11:33:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/05 18:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002/09/18 02:27:28 | 000,180,224 | ---- | M] () -- C:\Program Files\Exifer\ExiferShellExt.dll
MOD - [2000/01/18 07:00:00 | 000,022,016 | ---- | M] () -- C:\Program Files\UltraEdit\ue32ctmn.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 11:33:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 19:45:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/29 16:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/08/25 18:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (R300)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\cis1284.sys -- (cis1284)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2012/05/22 15:08:34 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/05/22 15:08:34 | 000,091,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/05/22 15:08:34 | 000,082,776 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/05/22 15:08:32 | 000,158,552 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/05/22 15:08:32 | 000,116,056 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012/05/08 18:24:06 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/05/08 18:23:53 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/05/08 18:23:52 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV - [2012/05/08 18:23:15 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/03/02 16:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2012/03/02 16:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2012/03/02 16:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2012/03/02 16:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2012/02/29 16:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/13 13:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/10/13 13:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011/10/13 13:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/20 22:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/20 22:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/20 22:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/08/22 11:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/18 22:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (Cardex)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {658C93D6-EB13-4DA5-8A2A-FA0164685CB4}
IE - HKLM\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{658C93D6-EB13-4DA5-8A2A-FA0164685CB4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{AD2D14A1-62D7-48D7-9A38-6AB5929C7185}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://burgii.com/
IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..\SearchScopes,DefaultScope = {A36BE452-D3E0-443A-857E-B6F8BD920D87}
IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..\SearchScopes\{658C93D6-EB13-4DA5-8A2A-FA0164685CB4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..\SearchScopes\{A36BE452-D3E0-443A-857E-B6F8BD920D87}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..\SearchScopes\{AD2D14A1-62D7-48D7-9A38-6AB5929C7185}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://burgii.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 11:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/28 17:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2012/06/13 21:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mx320zgb.default\extensions
[2012/06/06 20:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/28 15:14:44 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/06/13 00:52:13 | 000,525,294 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/15 16:51:47 | 000,006,378 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{AB4B5718-3998-4A2C-91AE-18A7C2DB513E}.XPI
[2012/05/05 13:53:01 | 000,922,025 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
[2011/09/25 18:21:05 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/01/06 02:05:50 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/03 11:19:16 | 000,023,657 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\DOWNLOAD-PANEL@KWOK.WAI.KAN.XPI
[2012/02/15 00:00:58 | 000,204,717 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2012/05/31 21:30:58 | 000,046,977 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\HTML5NOTIFICATIONS@PAXAL.NET.XPI
[2012/05/05 13:31:13 | 000,009,601 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\PASSWORD.GENERATOR@KOLYA.CA.XPI
[2012/06/13 21:56:22 | 000,121,107 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\QUICKPASSWORDS@AXELG.COM.XPI
[2012/05/08 20:03:09 | 000,195,036 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\SAVEDPASSWORDEDITOR@DANIEL.DAWSON.XPI
[2012/04/24 17:26:34 | 000,159,870 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/06/16 11:33:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/17 23:23:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 23:23:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/01 21:09:39 | 000,000,834 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.1 dlink
O1 - Hosts: 192.168.122.1 netgear
O1 - Hosts: 192.168.1.1 cisco
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..Trusted Domains: burgii.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..Trusted Domains: infinitekind.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CB202F-C53A-47EC-A58C-BF660DF2134C}: DhcpNameServer = 192.168.0.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/09 13:23:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 12:43:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/06/16 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/16 12:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/16 12:36:35 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/16 12:36:02 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/16 12:36:01 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/12 18:39:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/12 18:39:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/12 18:39:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/12 18:39:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/12 18:39:51 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/12 18:39:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/12 18:39:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/12 18:34:57 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/11 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\LearningModules
[2012/06/11 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\MemoryLifter
[2012/06/11 17:58:34 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\OMICRON_electronics_GmbH
[2012/06/11 17:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemoryLifter
[2012/06/11 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\MemoryLifter
[2012/06/02 23:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/06/02 23:29:36 | 000,158,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2012/06/02 23:26:55 | 000,091,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2012/06/02 22:57:58 | 000,000,000 | ---D | C] -- C:\SuperOneClickv2.3.3-ShortFuse
[2012/06/02 20:54:22 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr90.dll
[2012/06/02 20:54:22 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp90.dll
[2012/06/02 20:54:22 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm90.dll
[2012/06/02 20:54:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2012/06/02 20:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2012/06/02 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2012/06/02 20:53:15 | 000,025,088 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgandmodem.sys
[2012/06/02 20:53:15 | 000,020,736 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lganddiag.sys
[2012/06/02 20:53:15 | 000,020,096 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgandgps.sys
[2012/06/02 20:53:14 | 000,014,336 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgandbus.sys
[2012/06/02 20:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2012/06/01 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\Dave\burgii.com
[2012/05/29 21:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012/05/29 21:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/28 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/28 15:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicBerry for Blackberry
[2012/05/28 15:35:45 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx
[2012/05/28 15:35:45 | 000,151,552 | ---- | C] (Info-ZIP) -- C:\Windows\System32\zip32.dll
[2012/05/28 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\MagicBerry for Blackberry
[2012/05/28 00:09:48 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/05/28 00:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/05/28 00:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/05/26 10:11:46 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Bike Deregistered_files
[2012/05/22 15:08:34 | 000,104,792 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2012/05/22 15:08:34 | 000,082,776 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSB.sys
[2012/05/22 15:08:32 | 000,135,512 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\VBoxNetFltNobj.dll
[2012/05/22 15:08:32 | 000,116,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetFlt.sys
[2012/05/21 22:38:51 | 000,000,000 | ---D | C] -- C:\archive_db
[2012/05/21 20:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012/05/21 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012/05/21 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012/05/21 20:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012/05/21 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2012/05/21 20:03:51 | 000,000,000 | ---D | C] -- C:\Double Driver
[2012/05/19 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\.AVACSLiveChatWS
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/16 12:45:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/16 12:43:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/06/16 12:39:58 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/16 12:35:36 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/16 12:35:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/16 12:35:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/16 12:35:35 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/16 12:35:35 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/16 12:35:19 | 000,729,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/16 12:35:19 | 000,146,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/16 12:29:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/16 12:29:15 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 12:29:14 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 12:29:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/16 12:13:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 18:18:52 | 000,009,794 | ---- | M] () -- C:\Windows\UEDIT32.INI
[2012/06/13 17:48:41 | 000,330,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/05 18:30:25 | 000,016,870 | ---- | M] () -- C:\Users\Dave\Desktop\Gina.ods
[2012/06/03 20:12:28 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/06/01 22:55:46 | 000,000,600 | ---- | M] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2012/05/28 00:09:45 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/05/26 10:11:46 | 000,009,255 | ---- | M] () -- C:\Users\Dave\Documents\Bike Deregistered.html
[2012/05/22 15:08:34 | 000,104,792 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2012/05/22 15:08:34 | 000,091,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2012/05/22 15:08:34 | 000,082,776 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSB.sys
[2012/05/22 15:08:32 | 000,158,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2012/05/22 15:08:32 | 000,135,512 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\VBoxNetFltNobj.dll
[2012/05/22 15:08:32 | 000,116,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetFlt.sys
[2012/05/17 15:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/17 15:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/17 15:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/17 15:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/17 15:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/17 15:24:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/17 15:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 12:39:58 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/16 12:39:58 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/02 20:54:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012/06/02 20:54:18 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/06/01 22:55:46 | 000,000,600 | ---- | C] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2012/05/28 00:09:45 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/05/26 10:11:45 | 000,009,255 | ---- | C] () -- C:\Users\Dave\Documents\Bike Deregistered.html
[2012/05/12 17:03:43 | 000,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/24 17:48:05 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2011/08/27 17:35:56 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011/08/20 19:05:26 | 000,002,143 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/03 16:57:00 | 000,011,976 | ---- | C] () -- C:\Windows\ALCHEMY.INI
[2011/05/28 17:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/23 17:55:39 | 000,024,227 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\UserTile.png
[2011/05/17 00:05:00 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/29 12:50:29 | 000,009,794 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2011/04/14 20:27:54 | 000,000,080 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2011/09/24 17:14:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acreon
[2012/05/08 18:25:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acronis
[2012/04/15 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AntispamSniper
[2012/03/31 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Blackberry Desktop
[2011/02/17 02:20:00 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\ClickPotatoLite
[2012/06/10 10:02:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/06/11 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MemoryLifter
[2011/09/23 01:49:19 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MySQL
[2011/05/16 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenOffice.org
[2011/05/23 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PeerNetworking
[2010/09/09 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Research In Motion
[2011/11/06 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spamihilator
[2011/12/03 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SQL Maestro Group
[2011/05/08 18:06:36 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Template
[2007/11/07 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WildTangent
[2010/03/10 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WinBatch
[2010/12/05 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Wireshark
[2012/02/02 23:48:06 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job.bak
[2012/02/02 23:48:06 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job.bak
[2012/06/16 12:27:59 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

================================ end OTL.txt ===================================
Extras.txt follows in a second post
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 16th, 2012, 4:22 pm

OTL Extras logfile created on: 6/16/2012 12:46:43 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Dave\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 58.91% Memory free
7.20 Gb Paging File | 5.83 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 169.26 Gb Free Space | 58.00% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.02% Space Free | Partition Type: NTFS

Computer Name: ANDROMEDA | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2822557063-1055806168-3018670457-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2k\Office10\msohtmed.exe" %1
htmlfile [print] -- "C:\Program Files\Microsoft Office 2k\Office10\msohtmed.exe" /p %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2822557063-1055806168-3018670457-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AA7B387-4824-4BD0-80D2-681A1F36F151}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{253D4C1C-199C-43DB-A201-B947690B0D25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28E9B58F-7B3A-428A-BCB9-3352D28ADE0C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2F48F3AC-BFB1-44C1-94EC-C5378C561CC9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{38136003-CA3E-4694-8485-B1649D363CE6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3AF53A4E-DEB8-4D30-9308-EB9DE7211E5B}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8DCE27E3-4AC3-411A-9F21-E965700F53E4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A045C06A-83CB-4EF2-B0B8-0AD599AC2CB3}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{A09E23D4-877C-40D5-913B-BBC88E0F1C39}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2FC6E93-D53C-4752-9A5D-145B5DC54CC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBA96C8C-92C1-4450-A428-2BC8011B4D19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5CB6869-EC58-4C70-AA96-DD44A813D53A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F9C39090-BF9B-4631-B9C9-4791D453B98D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005DE927-7EEF-40A6-8695-094A821735F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0B208427-AC56-4A1C-98E5-D523827AEC2B}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{1B757D18-5C6F-4F89-BB87-8FC947427FAF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{21C6DA6E-C9E5-4254-9D61-788F06A65252}" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\temp\7zs5860.tmp\symnrt.exe |
"{25C93AB3-3E9F-4791-B85F-931CF54B6FB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30B42332-5D0F-404C-8948-9E5466217CAE}" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\temp\7zs5860.tmp\symnrt.exe |
"{4170E249-0BEA-49E0-B193-69C15646CE8C}" = protocol=6 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
"{66DFACC2-5190-4C3F-A81C-485C40896829}" = protocol=17 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
"{6C5E5C9F-D414-4C37-8F62-87426374E445}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7313F568-2BD6-410A-8191-FC2053A81B84}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{77264ACE-CEF6-4EB4-8905-06A27E90D306}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{80431B57-F86E-4C45-89BE-CBD932C34698}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{812D0BBF-0601-493E-B298-D063B4F533B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9721B0EC-B857-4CCB-95F4-87E2148199EF}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{9A48A4B5-2CDE-4489-B1D2-B6BB494D97F4}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{D8D4A34C-47C2-44F0-9CB4-255CD649A9CD}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{2233522D-E7CD-4240-AA5B-4296CABF5D4A}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{306E5CD3-E78D-458F-9D3E-1CBCC4FF1ED0}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{505F13EC-2E1B-487E-8EC7-0A440D030B1B}C:\program files\chami\html-kit\bin\htmlkit.exe" = protocol=6 | dir=in | app=c:\program files\chami\html-kit\bin\htmlkit.exe |
"TCP Query User{5738E1E4-6C44-4AEA-A8C2-9765C41F0CEA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{59C62578-9561-4A73-91F0-634A19B5521D}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{8F2E589F-D3CC-458B-B44A-DACF72D1B6AB}C:\windower\mapmon\mapmon_server.exe" = protocol=6 | dir=in | app=c:\windower\mapmon\mapmon_server.exe |
"TCP Query User{A43353B0-7A38-4F8E-85D7-1107B7FB428D}C:\program files\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{AFFD554A-810A-4A36-BE96-3EFA8AB5874B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CD7BCAF2-C751-4358-8783-301532E0A9F5}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"TCP Query User{D65664BA-8CFC-4A4B-9184-B88B3503A741}C:\w2k d backup\work\dexter\utilities\processor\chipid.exe" = protocol=6 | dir=in | app=c:\w2k d backup\work\dexter\utilities\processor\chipid.exe |
"TCP Query User{E9891B0A-02CE-4C7F-8EBE-923CA71AE394}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0DEA8569-F2C9-43E8-A634-B37DFC010802}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0FB1F5E3-B0E6-431A-A35A-00B7E9B44AA9}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{1E3A97C8-1EE6-49D3-8DDF-41D461681761}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{38746AC5-A587-4947-9005-A8C5E7C8881B}C:\windower\mapmon\mapmon_server.exe" = protocol=17 | dir=in | app=c:\windower\mapmon\mapmon_server.exe |
"UDP Query User{3FB1B7BD-34EC-4D16-9900-83238D54A73F}C:\program files\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{446B7EA5-CB93-4D93-BC18-BF42C7A0BCE6}C:\program files\chami\html-kit\bin\htmlkit.exe" = protocol=17 | dir=in | app=c:\program files\chami\html-kit\bin\htmlkit.exe |
"UDP Query User{4BCD6CBB-83C4-40FC-B98F-C4DD2AC10871}C:\w2k d backup\work\dexter\utilities\processor\chipid.exe" = protocol=17 | dir=in | app=c:\w2k d backup\work\dexter\utilities\processor\chipid.exe |
"UDP Query User{5368B937-C4DB-4ECB-8323-A0B5CF10F8C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{5BC92DA3-59A9-4368-80CA-F8E64D593A55}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{A3F9CBCA-8C74-475D-B581-C60B4497533F}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
"UDP Query User{CAF969B6-AE50-4210-83CD-FAB55BF6214B}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04054166-0801-48A9-89E0-BC4B53FE7A81}_is1" = XBCD Uninstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14778462-8A05-4D50-85FA-B5EBFE6CA1DA}" = The Bat! International Pack v5.0.8
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2120B2F7-93AF-4063-B2E0-C1707E77D78C}" = MemoryLifter
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{404CBB42-3EF1-4ECF-BFBD-A557807CBF3B}_is1" = MagicBerry for Blackberry version 3.5
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{46991620-ECC1-462B-88BF-5B91BF133E77}" = Oracle VM VirtualBox 4.1.16
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975C73F2-FEE3-4755-ABBA-A4893E32A121}" = MySQL Connector/ODBC 3.51
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C86FD824-E01A-4C78-9A56-39FF2E4FBDA5}" = TheBat! Home v5.0.36
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3ABB4CC-1DC5-4430-BC49-D86AB708A9B8}" = MySQL Workbench 5.2 CE
"{E4D0E11A-CF32-4F7A-8C06-8EC3E2DB2E92}" = FINAL FANTASY XI for Windows - Official Benchmark Program 3
"{ED90F5E3-960A-4BED-B1EF-777D6E4E080F}_is1" = ApRadar 3.1.1.7 Update
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AntispamSniper for TheBat!" = AntispamSniper for TheBat!
"AutoItv3" = AutoIt v3.3.6.1
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Easy-WebPrint" = Easy-WebPrint
"Exifer_is1" = Exifer
"FFXI Parser_is1" = Version 6.7.1
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps (remove only)
"HTMLKit_is1" = HTML-Kit
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{E4D0E11A-CF32-4F7A-8C06-8EC3E2DB2E92}" = FINAL FANTASY XI for Windows - Official Benchmark Program 3
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDefrag v4.2.9_is1" = MyDefrag v4.2.9
"NirSoft IE PassView" = NirSoft IE PassView
"NirSoft ShellExView" = NirSoft ShellExView
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PHP Generator for MySQL_is1" = PHP Generator for MySQL 11.4
"POLUtils" = POLUtils
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SciTE4AutoIt3" = SciTE4AutoIt3 7/3/2011
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3)
"TSLite3_is1" = TopStyle Lite (Version 3)
"UltraEdit-32" = UltraEdit-32 Uninstall
"VLC media player" = VLC media player 1.0.1
"Vtune_is1" = Vtune 7.6
"WampServer 2_is1" = WampServer 2.2
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.4.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2822557063-1055806168-3018670457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AVACS Live Chat" = AVACS Live Chat

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2012 2:25:16 AM | Computer Name = Andromeda | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/3/2012 2:25:16 AM | Computer Name = Andromeda | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/3/2012 2:42:36 PM | Computer Name = Andromeda | Source = Application Error | ID = 1000
Description = Faulting application B2CNotiAgent.exe, version 1.0.6.2, time stamp
0x4f727952, faulting module MFC42.DLL, version 6.6.8064.0, time stamp 0x4d790490,
exception code 0xc0000005, fault offset 0x0002ed90, process id 0x1148, application
start time 0x01cd41b40a1c8925.

Error - 6/11/2012 9:03:01 PM | Computer Name = Andromeda | Source = Application Hang | ID = 1002
Description = The program MemoryLifter.exe version 2.4.1.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 89c Start Time: 01cd4836789db342 Termination Time: 16

Error - 6/14/2012 1:06:47 AM | Computer Name = Andromeda | Source = Application Error | ID = 1000
Description = Faulting application cmd.exe, version 6.0.6001.18000, time stamp 0x47918bde,
faulting module SDHook32.dll, version 2.0.5.1, time stamp 0x4e36cc58, exception
code 0xc0000005, fault offset 0x0003e2e5, process id 0x1268, application start time
0x01cd49eb5302d533.

Error - 6/14/2012 1:07:42 AM | Computer Name = Andromeda | Source = Application Error | ID = 1000
Description = Faulting application cmd.exe, version 6.0.6001.18000, time stamp 0x47918bde,
faulting module SDHook32.dll, version 2.0.5.1, time stamp 0x4e36cc58, exception
code 0xc0000005, fault offset 0x0003e2e5, process id 0x13c8, application start time
0x01cd49eb987f5893.

Error - 6/14/2012 1:09:09 AM | Computer Name = Andromeda | Source = Application Error | ID = 1000
Description = Faulting application cmd.exe, version 6.0.6001.18000, time stamp 0x47918bde,
faulting module SDHook32.dll, version 2.0.5.1, time stamp 0x4e36cc58, exception
code 0xc0000005, fault offset 0x0003e2e5, process id 0x13d4, application start time
0x01cd49ebcc9481a3.

Error - 6/14/2012 2:34:01 AM | Computer Name = Andromeda | Source = Application Error | ID = 1000
Description = Faulting application cmd.exe, version 6.0.6001.18000, time stamp 0x47918bde,
faulting module SDHook32.dll, version 2.0.5.1, time stamp 0x4e36cc58, exception
code 0xc0000005, fault offset 0x0003e2e5, process id 0x1430, application start time
0x01cd49f7a7aa3223.

Error - 6/14/2012 8:15:18 PM | Computer Name = Andromeda | Source = Application Error | ID = 1000
Description = Faulting application thebat.exe, version 5.0.36.2, time stamp 0x4f508dd4,
faulting module SDHook32.dll, version 2.0.5.1, time stamp 0x4e36cc58, exception
code 0xc0000417, fault offset 0x00034e67, process id 0xa90, application start time
0x01cd4a8ba2d6922c.

Error - 6/16/2012 2:59:43 PM | Computer Name = Andromeda | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 6/16/2012 2:52:18 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2012 2:54:11 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7038
Description =

Error - 6/16/2012 2:54:11 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2012 3:06:16 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7034
Description =

Error - 6/16/2012 3:30:51 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2012 3:30:51 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2012 3:30:51 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2012 3:31:53 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7038
Description =

Error - 6/16/2012 3:31:53 PM | Computer Name = Andromeda | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2012 3:40:26 PM | Computer Name = Andromeda | Source = DCOM | ID = 10010
Description =


< End of report >
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 16th, 2012, 7:47 pm

daveyb,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    [2012/02/02 23:48:06 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job.bak
    [2012/02/02 23:48:06 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job.bak
    IE - HKU\S-1-5-21-2822557063-1055806168-3018670457-1000\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {658C93D6-EB13-4DA5-8A2A-FA0164685CB4}
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 16th, 2012, 8:32 pm

I opened OTL as admin, pasted the script, clicked on run fix, and it started running. After about 3 seconds, it went into a BSOD, on booting back in, I got the "Windows has recovered from an unexpected shutdown" message box, with the following in the "problem details" part:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 89E18970
BCP3: 89E18ABC
BCP4: 83244AB0
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini061612-01.dmp
C:\Users\Dave\AppData\Local\Temp\WER-163754-0.sysdata.xml
C:\Users\Dave\AppData\Local\Temp\WEREA3E.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409


The .dmp file does exist, but the other two files are not in C:\Users\Dave\AppData\Local\Temp\
Also, system files are now visible - desktop.ini is showing up on the desktop.

I'll try to continue with the rest of the instructions and post the logs back.
Last edited by daveyb on June 16th, 2012, 9:02 pm, edited 1 time in total.
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 16th, 2012, 8:41 pm

OTL logfile created on: 6/16/2012 5:33:25 PM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Dave\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 61.80% Memory free
7.18 Gb Paging File | 5.93 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 169.24 Gb Free Space | 57.99% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.02% Space Free | Partition Type: NTFS

Computer Name: ANDROMEDA | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 12:43:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2012/06/16 11:33:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/29 13:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 13:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/08/25 18:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/25 18:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/05 18:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/25 05:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/28 06:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 11:33:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/05 18:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2000/01/18 07:00:00 | 000,022,016 | ---- | M] () -- C:\Program Files\UltraEdit\ue32ctmn.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 11:33:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 19:45:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/29 16:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/08/25 18:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (R300)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\cis1284.sys -- (cis1284)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2012/05/22 15:08:34 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/05/22 15:08:34 | 000,091,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/05/22 15:08:34 | 000,082,776 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/05/22 15:08:32 | 000,158,552 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/05/22 15:08:32 | 000,116,056 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012/05/08 18:24:06 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/05/08 18:23:53 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/05/08 18:23:52 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV - [2012/05/08 18:23:15 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/03/02 16:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2012/03/02 16:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2012/03/02 16:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2012/03/02 16:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2012/02/29 16:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/13 13:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/10/13 13:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011/10/13 13:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/20 22:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/20 22:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/20 22:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/08/22 11:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/18 22:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (Cardex)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {658C93D6-EB13-4DA5-8A2A-FA0164685CB4}
IE - HKLM\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{658C93D6-EB13-4DA5-8A2A-FA0164685CB4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{AD2D14A1-62D7-48D7-9A38-6AB5929C7185}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://burgii.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {A36BE452-D3E0-443A-857E-B6F8BD920D87}
IE - HKCU\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{658C93D6-EB13-4DA5-8A2A-FA0164685CB4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A36BE452-D3E0-443A-857E-B6F8BD920D87}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{AD2D14A1-62D7-48D7-9A38-6AB5929C7185}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://burgii.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 11:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/28 17:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2012/06/13 21:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mx320zgb.default\extensions
[2012/06/06 20:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/28 15:14:44 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/06/13 00:52:13 | 000,525,294 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/15 16:51:47 | 000,006,378 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{AB4B5718-3998-4A2C-91AE-18A7C2DB513E}.XPI
[2012/05/05 13:53:01 | 000,922,025 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
[2011/09/25 18:21:05 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/01/06 02:05:50 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/03 11:19:16 | 000,023,657 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\DOWNLOAD-PANEL@KWOK.WAI.KAN.XPI
[2012/02/15 00:00:58 | 000,204,717 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2012/05/31 21:30:58 | 000,046,977 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\HTML5NOTIFICATIONS@PAXAL.NET.XPI
[2012/05/05 13:31:13 | 000,009,601 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\PASSWORD.GENERATOR@KOLYA.CA.XPI
[2012/06/13 21:56:22 | 000,121,107 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\QUICKPASSWORDS@AXELG.COM.XPI
[2012/05/08 20:03:09 | 000,195,036 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\SAVEDPASSWORDEDITOR@DANIEL.DAWSON.XPI
[2012/04/24 17:26:34 | 000,159,870 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/06/16 11:33:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/17 23:23:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 23:23:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/01 21:09:39 | 000,000,834 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.1 dlink
O1 - Hosts: 192.168.122.1 netgear
O1 - Hosts: 192.168.1.1 cisco
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: burgii.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: infinitekind.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CB202F-C53A-47EC-A58C-BF660DF2134C}: DhcpNameServer = 192.168.0.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/09 13:23:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 12:43:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/06/16 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/16 12:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/11 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\LearningModules
[2012/06/11 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\MemoryLifter
[2012/06/11 17:58:34 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\OMICRON_electronics_GmbH
[2012/06/11 17:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemoryLifter
[2012/06/11 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\MemoryLifter
[2012/06/02 23:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/06/02 22:57:58 | 000,000,000 | ---D | C] -- C:\SuperOneClickv2.3.3-ShortFuse
[2012/06/02 20:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2012/06/02 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2012/06/02 20:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2012/06/01 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\Dave\burgii.com
[2012/05/29 21:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012/05/29 21:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/28 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/28 15:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicBerry for Blackberry
[2012/05/28 15:35:45 | 000,151,552 | ---- | C] (Info-ZIP) -- C:\Windows\System32\zip32.dll
[2012/05/28 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\MagicBerry for Blackberry
[2012/05/28 00:09:48 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/05/28 00:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/05/28 00:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/05/26 10:11:46 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Bike Deregistered_files
[2012/05/21 22:38:51 | 000,000,000 | ---D | C] -- C:\archive_db
[2012/05/21 20:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012/05/21 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012/05/21 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012/05/21 20:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012/05/21 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2012/05/21 20:03:51 | 000,000,000 | ---D | C] -- C:\Double Driver
[2012/05/19 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\.AVACSLiveChatWS
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/16 17:36:46 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2012/06/16 17:29:17 | 000,729,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/16 17:29:17 | 000,146,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/16 17:24:56 | 000,009,791 | ---- | M] () -- C:\Windows\UEDIT32.INI
[2012/06/16 17:23:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/16 17:21:17 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 17:21:17 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 17:21:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/16 17:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/16 16:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/16 12:43:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/06/16 12:39:58 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/13 17:48:41 | 000,330,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/05 18:30:25 | 000,016,870 | ---- | M] () -- C:\Users\Dave\Desktop\Gina.ods
[2012/06/03 20:12:28 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/06/01 22:55:46 | 000,000,600 | ---- | M] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2012/05/28 00:09:45 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/05/26 10:11:46 | 000,009,255 | ---- | M] () -- C:\Users\Dave\Documents\Bike Deregistered.html
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 12:39:58 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/16 12:39:58 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/02 20:54:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012/06/02 20:54:18 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/06/01 22:55:46 | 000,000,600 | ---- | C] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2012/05/28 00:09:45 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/05/26 10:11:45 | 000,009,255 | ---- | C] () -- C:\Users\Dave\Documents\Bike Deregistered.html
[2012/05/12 17:03:43 | 000,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/24 17:48:05 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2011/08/27 17:35:56 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011/08/20 19:05:26 | 000,002,143 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/03 16:57:00 | 000,011,976 | ---- | C] () -- C:\Windows\ALCHEMY.INI
[2011/05/28 17:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/23 17:55:39 | 000,024,227 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\UserTile.png
[2011/05/17 00:05:00 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/29 12:50:29 | 000,009,791 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2011/04/14 20:27:54 | 000,000,080 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2011/09/24 17:14:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acreon
[2012/05/08 18:25:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acronis
[2012/04/15 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AntispamSniper
[2012/03/31 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Blackberry Desktop
[2011/02/17 02:20:00 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\ClickPotatoLite
[2012/06/10 10:02:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/06/11 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MemoryLifter
[2011/09/23 01:49:19 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MySQL
[2011/05/16 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenOffice.org
[2011/05/23 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PeerNetworking
[2010/09/09 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Research In Motion
[2011/11/06 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spamihilator
[2011/12/03 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SQL Maestro Group
[2011/05/08 18:06:36 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Template
[2007/11/07 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WildTangent
[2010/03/10 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WinBatch
[2010/12/05 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Wireshark
[2012/02/02 23:48:06 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job.bak
[2012/02/02 23:48:06 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job.bak
[2012/06/16 12:27:59 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 16th, 2012, 8:46 pm

17:44:20.0682 5804 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:44:21.0321 5804 ============================================================
17:44:21.0321 5804 Current date / time: 2012/06/16 17:44:21.0321
17:44:21.0321 5804 SystemInfo:
17:44:21.0321 5804
17:44:21.0321 5804 OS Version: 6.0.6002 ServicePack: 2.0
17:44:21.0321 5804 Product type: Workstation
17:44:21.0321 5804 ComputerName: ANDROMEDA
17:44:21.0321 5804 UserName: Dave
17:44:21.0321 5804 Windows directory: C:\Windows
17:44:21.0321 5804 System windows directory: C:\Windows
17:44:21.0321 5804 Processor architecture: Intel x86
17:44:21.0321 5804 Number of processors: 2
17:44:21.0321 5804 Page size: 0x1000
17:44:21.0321 5804 Boot type: Normal boot
17:44:21.0321 5804 ============================================================
17:44:21.0711 5804 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:44:21.0727 5804 ============================================================
17:44:21.0727 5804 \Device\Harddisk0\DR0:
17:44:21.0727 5804 MBR partitions:
17:44:21.0727 5804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x247A9091
17:44:21.0727 5804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x247A90D0, BlocksNum 0xC845F1
17:44:21.0727 5804 ============================================================
17:44:21.0742 5804 C: <-> \Device\Harddisk0\DR0\Partition0
17:44:21.0789 5804 D: <-> \Device\Harddisk0\DR0\Partition1
17:44:21.0789 5804 ============================================================
17:44:21.0789 5804 Initialize success
17:44:21.0789 5804 ============================================================
17:44:45.0782 5396 ============================================================
17:44:45.0782 5396 Scan started
17:44:45.0782 5396 Mode: Manual;
17:44:45.0782 5396 ============================================================
17:44:46.0328 5396 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:44:46.0328 5396 ACPI - ok
17:44:46.0453 5396 AcrSch2Svc (af6481c648ea9a76569aacb73eac286a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
17:44:46.0453 5396 AcrSch2Svc - ok
17:44:46.0546 5396 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:44:46.0546 5396 AdobeARMservice - ok
17:44:46.0765 5396 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:44:46.0765 5396 AdobeFlashPlayerUpdateSvc - ok
17:44:46.0858 5396 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:44:46.0858 5396 adp94xx - ok
17:44:46.0905 5396 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:44:46.0905 5396 adpahci - ok
17:44:46.0936 5396 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:44:46.0936 5396 adpu160m - ok
17:44:46.0952 5396 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:44:46.0968 5396 adpu320 - ok
17:44:46.0999 5396 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:44:47.0014 5396 AeLookupSvc - ok
17:44:47.0061 5396 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:44:47.0061 5396 AFD - ok
17:44:47.0092 5396 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:44:47.0108 5396 agp440 - ok
17:44:47.0124 5396 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:44:47.0124 5396 aic78xx - ok
17:44:47.0155 5396 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:44:47.0155 5396 ALG - ok
17:44:47.0170 5396 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:44:47.0170 5396 aliide - ok
17:44:47.0233 5396 AMD External Events Utility (369fc70bdbaa2d13e0e66647e14cecef) C:\Windows\system32\atiesrxx.exe
17:44:47.0233 5396 AMD External Events Utility - ok
17:44:47.0264 5396 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:44:47.0264 5396 amdagp - ok
17:44:47.0264 5396 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:44:47.0264 5396 amdide - ok
17:44:47.0295 5396 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:44:47.0295 5396 AmdK7 - ok
17:44:47.0326 5396 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
17:44:47.0326 5396 AmdK8 - ok
17:44:47.0358 5396 Andbus (3e59df4984fbd6800d6621480b38a34e) C:\Windows\system32\DRIVERS\lgandbus.sys
17:44:47.0358 5396 Andbus - ok
17:44:47.0389 5396 AndDiag (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\Windows\system32\DRIVERS\lganddiag.sys
17:44:47.0389 5396 AndDiag - ok
17:44:47.0404 5396 AndGps (1d2c90e25483363d54b652898bbc8f2a) C:\Windows\system32\DRIVERS\lgandgps.sys
17:44:47.0404 5396 AndGps - ok
17:44:47.0420 5396 ANDModem (b1b06a95da2cac7fa19832c60c348c85) C:\Windows\system32\DRIVERS\lgandmodem.sys
17:44:47.0420 5396 ANDModem - ok
17:44:47.0467 5396 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:44:47.0467 5396 Appinfo - ok
17:44:47.0514 5396 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:44:47.0514 5396 arc - ok
17:44:47.0560 5396 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:44:47.0560 5396 arcsas - ok
17:44:47.0685 5396 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:44:47.0685 5396 aspnet_state - ok
17:44:47.0763 5396 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
17:44:47.0763 5396 aswFsBlk - ok
17:44:47.0794 5396 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
17:44:47.0794 5396 aswMonFlt - ok
17:44:47.0810 5396 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
17:44:47.0826 5396 aswRdr - ok
17:44:47.0872 5396 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
17:44:47.0888 5396 aswSnx - ok
17:44:47.0904 5396 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
17:44:47.0919 5396 aswSP - ok
17:44:47.0935 5396 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
17:44:47.0935 5396 aswTdi - ok
17:44:47.0982 5396 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:44:47.0982 5396 AsyncMac - ok
17:44:48.0013 5396 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:44:48.0013 5396 atapi - ok
17:44:48.0028 5396 AtiHDAudioService - ok
17:44:48.0091 5396 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:44:48.0106 5396 AudioEndpointBuilder - ok
17:44:48.0106 5396 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:44:48.0122 5396 Audiosrv - ok
17:44:48.0216 5396 avast! Antivirus (c76769f246250edad34a5581419e9d60) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:44:48.0216 5396 avast! Antivirus - ok
17:44:48.0278 5396 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:44:48.0278 5396 Beep - ok
17:44:48.0340 5396 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:44:48.0356 5396 BFE - ok
17:44:48.0434 5396 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:44:48.0465 5396 BITS - ok
17:44:48.0481 5396 blbdrive - ok
17:44:48.0528 5396 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:44:48.0528 5396 bowser - ok
17:44:48.0559 5396 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:44:48.0559 5396 BrFiltLo - ok
17:44:48.0574 5396 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:44:48.0574 5396 BrFiltUp - ok
17:44:48.0621 5396 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:44:48.0621 5396 Browser - ok
17:44:48.0652 5396 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:44:48.0652 5396 Brserid - ok
17:44:48.0668 5396 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:44:48.0668 5396 BrSerWdm - ok
17:44:48.0684 5396 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:44:48.0684 5396 BrUsbMdm - ok
17:44:48.0699 5396 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:44:48.0699 5396 BrUsbSer - ok
17:44:48.0715 5396 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:44:48.0715 5396 BTHMODEM - ok
17:44:48.0762 5396 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPANEL.SYS
17:44:48.0762 5396 Cardex - ok
17:44:48.0808 5396 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:44:48.0808 5396 cdfs - ok
17:44:48.0855 5396 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:44:48.0855 5396 cdrom - ok
17:44:48.0918 5396 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:44:48.0918 5396 CertPropSvc - ok
17:44:48.0949 5396 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:44:48.0949 5396 circlass - ok
17:44:48.0964 5396 cis1284 - ok
17:44:49.0011 5396 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:44:49.0027 5396 CLFS - ok
17:44:49.0105 5396 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:44:49.0105 5396 clr_optimization_v2.0.50727_32 - ok
17:44:49.0214 5396 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:44:49.0214 5396 clr_optimization_v4.0.30319_32 - ok
17:44:49.0245 5396 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:44:49.0245 5396 cmdide - ok
17:44:49.0276 5396 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:44:49.0276 5396 Compbatt - ok
17:44:49.0292 5396 COMSysApp - ok
17:44:49.0339 5396 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
17:44:49.0339 5396 cpuz135 - ok
17:44:49.0354 5396 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:44:49.0370 5396 crcdisk - ok
17:44:49.0370 5396 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:44:49.0370 5396 Crusoe - ok
17:44:49.0432 5396 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
17:44:49.0448 5396 CryptSvc - ok
17:44:49.0526 5396 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:44:49.0542 5396 DcomLaunch - ok
17:44:49.0588 5396 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:44:49.0588 5396 DfsC - ok
17:44:49.0651 5396 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:44:49.0666 5396 Dhcp - ok
17:44:49.0682 5396 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:44:49.0698 5396 disk - ok
17:44:49.0760 5396 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:44:49.0760 5396 Dnscache - ok
17:44:49.0807 5396 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:44:49.0822 5396 dot3svc - ok
17:44:49.0869 5396 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:44:49.0869 5396 DPS - ok
17:44:49.0916 5396 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:44:49.0932 5396 drmkaud - ok
17:44:50.0010 5396 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:44:50.0010 5396 DXGKrnl - ok
17:44:50.0056 5396 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:44:50.0056 5396 E1G60 - ok
17:44:50.0088 5396 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:44:50.0088 5396 EapHost - ok
17:44:50.0134 5396 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:44:50.0134 5396 Ecache - ok
17:44:50.0212 5396 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:44:50.0228 5396 ehRecvr - ok
17:44:50.0259 5396 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:44:50.0275 5396 ehSched - ok
17:44:50.0306 5396 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:44:50.0306 5396 ehstart - ok
17:44:50.0368 5396 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:44:50.0368 5396 elxstor - ok
17:44:50.0431 5396 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:44:50.0446 5396 EMDMgmt - ok
17:44:50.0478 5396 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:44:50.0478 5396 EventSystem - ok
17:44:50.0524 5396 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:44:50.0540 5396 exfat - ok
17:44:50.0556 5396 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:44:50.0556 5396 fastfat - ok
17:44:50.0602 5396 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:44:50.0602 5396 fdc - ok
17:44:50.0649 5396 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:44:50.0649 5396 fdPHost - ok
17:44:50.0680 5396 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:44:50.0696 5396 FDResPub - ok
17:44:50.0743 5396 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:44:50.0743 5396 FileInfo - ok
17:44:50.0790 5396 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:44:50.0790 5396 Filetrace - ok
17:44:50.0821 5396 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:44:50.0821 5396 flpydisk - ok
17:44:50.0852 5396 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:44:50.0852 5396 FltMgr - ok
17:44:50.0946 5396 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:44:50.0961 5396 FontCache - ok
17:44:51.0039 5396 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:44:51.0055 5396 FontCache3.0.0.0 - ok
17:44:51.0070 5396 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:44:51.0086 5396 Fs_Rec - ok
17:44:51.0102 5396 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:44:51.0117 5396 gagp30kx - ok
17:44:51.0226 5396 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
17:44:51.0226 5396 GameConsoleService - ok
17:44:51.0273 5396 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:44:51.0289 5396 gpsvc - ok
17:44:51.0351 5396 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:44:51.0351 5396 gupdate - ok
17:44:51.0367 5396 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:44:51.0382 5396 gupdatem - ok
17:44:51.0445 5396 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
17:44:51.0445 5396 HdAudAddService - ok
17:44:51.0523 5396 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:44:51.0523 5396 HDAudBus - ok
17:44:51.0554 5396 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:44:51.0554 5396 HidBth - ok
17:44:51.0570 5396 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:44:51.0570 5396 HidIr - ok
17:44:51.0601 5396 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:44:51.0601 5396 hidserv - ok
17:44:51.0616 5396 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:44:51.0616 5396 HidUsb - ok
17:44:51.0648 5396 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:44:51.0663 5396 hkmsvc - ok
17:44:51.0663 5396 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:44:51.0663 5396 HpCISSs - ok
17:44:51.0788 5396 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
17:44:51.0804 5396 HSF_DP - ok
17:44:51.0819 5396 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:44:51.0835 5396 HSXHWBS2 - ok
17:44:51.0882 5396 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:44:51.0882 5396 HTTP - ok
17:44:51.0913 5396 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:44:51.0913 5396 i2omp - ok
17:44:51.0975 5396 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:44:51.0975 5396 i8042prt - ok
17:44:52.0006 5396 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:44:52.0006 5396 iaStorV - ok
17:44:52.0147 5396 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:44:52.0162 5396 idsvc - ok
17:44:52.0194 5396 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:44:52.0194 5396 iirsp - ok
17:44:52.0256 5396 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:44:52.0272 5396 IKEEXT - ok
17:44:52.0474 5396 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
17:44:52.0506 5396 IntcAzAudAddService - ok
17:44:52.0662 5396 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:44:52.0662 5396 intelide - ok
17:44:52.0693 5396 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
17:44:52.0693 5396 intelppm - ok
17:44:52.0724 5396 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:44:52.0740 5396 IPBusEnum - ok
17:44:52.0771 5396 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:44:52.0771 5396 IpFilterDriver - ok
17:44:52.0818 5396 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:44:52.0818 5396 iphlpsvc - ok
17:44:52.0833 5396 IpInIp - ok
17:44:52.0849 5396 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:44:52.0849 5396 IPMIDRV - ok
17:44:52.0864 5396 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:44:52.0880 5396 IPNAT - ok
17:44:52.0896 5396 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:44:52.0896 5396 IRENUM - ok
17:44:52.0911 5396 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:44:52.0911 5396 isapnp - ok
17:44:52.0958 5396 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:44:52.0974 5396 iScsiPrt - ok
17:44:52.0974 5396 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:44:52.0974 5396 iteatapi - ok
17:44:53.0005 5396 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:44:53.0005 5396 iteraid - ok
17:44:53.0036 5396 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:44:53.0036 5396 kbdclass - ok
17:44:53.0052 5396 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:44:53.0052 5396 kbdhid - ok
17:44:53.0083 5396 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:44:53.0083 5396 KeyIso - ok
17:44:53.0130 5396 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:44:53.0145 5396 KSecDD - ok
17:44:53.0208 5396 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:44:53.0223 5396 KtmRm - ok
17:44:53.0270 5396 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:44:53.0286 5396 LanmanServer - ok
17:44:53.0332 5396 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:44:53.0348 5396 LanmanWorkstation - ok
17:44:53.0488 5396 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:44:53.0488 5396 LightScribeService - ok
17:44:53.0566 5396 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:44:53.0566 5396 lltdio - ok
17:44:53.0613 5396 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:44:53.0629 5396 lltdsvc - ok
17:44:53.0660 5396 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:44:53.0660 5396 lmhosts - ok
17:44:53.0707 5396 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:44:53.0707 5396 LSI_FC - ok
17:44:53.0707 5396 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:44:53.0707 5396 LSI_SAS - ok
17:44:53.0722 5396 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:44:53.0722 5396 LSI_SCSI - ok
17:44:53.0754 5396 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:44:53.0754 5396 luafv - ok
17:44:53.0800 5396 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
17:44:53.0800 5396 mcdbus - ok
17:44:53.0816 5396 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:44:53.0816 5396 Mcx2Svc - ok
17:44:53.0847 5396 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:44:53.0847 5396 mdmxsdk - ok
17:44:53.0894 5396 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:44:53.0910 5396 megasas - ok
17:44:53.0925 5396 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:44:53.0925 5396 MMCSS - ok
17:44:53.0956 5396 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:44:53.0972 5396 Modem - ok
17:44:54.0003 5396 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:44:54.0003 5396 monitor - ok
17:44:54.0034 5396 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:44:54.0034 5396 mouclass - ok
17:44:54.0050 5396 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:44:54.0050 5396 mouhid - ok
17:44:54.0081 5396 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:44:54.0097 5396 MountMgr - ok
17:44:54.0190 5396 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:44:54.0190 5396 MozillaMaintenance - ok
17:44:54.0237 5396 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:44:54.0253 5396 mpio - ok
17:44:54.0284 5396 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:44:54.0284 5396 mpsdrv - ok
17:44:54.0346 5396 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:44:54.0346 5396 MpsSvc - ok
17:44:54.0362 5396 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:44:54.0362 5396 Mraid35x - ok
17:44:54.0393 5396 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:44:54.0393 5396 MRxDAV - ok
17:44:54.0440 5396 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:44:54.0440 5396 mrxsmb - ok
17:44:54.0487 5396 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:44:54.0487 5396 mrxsmb10 - ok
17:44:54.0502 5396 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:44:54.0502 5396 mrxsmb20 - ok
17:44:54.0534 5396 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
17:44:54.0534 5396 msahci - ok
17:44:54.0549 5396 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:44:54.0549 5396 msdsm - ok
17:44:54.0580 5396 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:44:54.0580 5396 MSDTC - ok
17:44:54.0627 5396 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:44:54.0627 5396 Msfs - ok
17:44:54.0674 5396 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:44:54.0674 5396 msisadrv - ok
17:44:54.0721 5396 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:44:54.0736 5396 MSiSCSI - ok
17:44:54.0736 5396 msiserver - ok
17:44:54.0736 5396 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:44:54.0736 5396 MSKSSRV - ok
17:44:54.0768 5396 msloop (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
17:44:54.0783 5396 msloop - ok
17:44:54.0814 5396 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:44:54.0814 5396 MSPCLOCK - ok
17:44:54.0814 5396 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:44:54.0830 5396 MSPQM - ok
17:44:54.0861 5396 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:44:54.0861 5396 MsRPC - ok
17:44:54.0892 5396 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:44:54.0908 5396 mssmbios - ok
17:44:55.0002 5396 MSSQL$SQLEXPRESS - ok
17:44:55.0095 5396 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:44:55.0095 5396 MSSQLServerADHelper100 - ok
17:44:55.0126 5396 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:44:55.0126 5396 MSTEE - ok
17:44:55.0142 5396 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:44:55.0142 5396 Mup - ok
17:44:55.0189 5396 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:44:55.0204 5396 napagent - ok
17:44:55.0251 5396 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:44:55.0251 5396 NativeWifiP - ok
17:44:55.0314 5396 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:44:55.0314 5396 NDIS - ok
17:44:55.0345 5396 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:44:55.0345 5396 NdisTapi - ok
17:44:55.0376 5396 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:44:55.0376 5396 Ndisuio - ok
17:44:55.0392 5396 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:44:55.0392 5396 NdisWan - ok
17:44:55.0423 5396 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:44:55.0438 5396 NDProxy - ok
17:44:55.0454 5396 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:44:55.0454 5396 NetBIOS - ok
17:44:55.0501 5396 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:44:55.0501 5396 netbt - ok
17:44:55.0532 5396 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:44:55.0532 5396 Netlogon - ok
17:44:55.0579 5396 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:44:55.0594 5396 Netman - ok
17:44:55.0719 5396 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:44:55.0719 5396 NetMsmqActivator - ok
17:44:55.0719 5396 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:44:55.0719 5396 NetPipeActivator - ok
17:44:55.0766 5396 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:44:55.0782 5396 netprofm - ok
17:44:55.0797 5396 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:44:55.0797 5396 NetTcpActivator - ok
17:44:55.0813 5396 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:44:55.0813 5396 NetTcpPortSharing - ok
17:44:55.0844 5396 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:44:55.0844 5396 nfrd960 - ok
17:44:55.0891 5396 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:44:55.0906 5396 NlaSvc - ok
17:44:55.0953 5396 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
17:44:55.0953 5396 NPF - ok
17:44:56.0000 5396 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:44:56.0000 5396 Npfs - ok
17:44:56.0031 5396 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:44:56.0031 5396 nsi - ok
17:44:56.0062 5396 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:44:56.0062 5396 nsiproxy - ok
17:44:56.0156 5396 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:44:56.0156 5396 Ntfs - ok
17:44:56.0187 5396 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:44:56.0187 5396 ntrigdigi - ok
17:44:56.0218 5396 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
17:44:56.0218 5396 NuidFltr - ok
17:44:56.0234 5396 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:44:56.0234 5396 Null - ok
17:44:56.0343 5396 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:44:56.0359 5396 NVENETFD - ok
17:44:57.0061 5396 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:44:57.0139 5396 nvlddmkm - ok
17:44:57.0310 5396 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:44:57.0310 5396 nvraid - ok
17:44:57.0342 5396 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
17:44:57.0342 5396 nvstor - ok
17:44:57.0373 5396 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys
17:44:57.0373 5396 nvstor32 - ok
17:44:57.0435 5396 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
17:44:57.0451 5396 nvsvc - ok
17:44:57.0685 5396 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:44:57.0716 5396 nvUpdatusService - ok
17:44:57.0888 5396 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:44:57.0888 5396 nv_agp - ok
17:44:57.0903 5396 NwlnkFlt - ok
17:44:57.0903 5396 NwlnkFwd - ok
17:44:57.0966 5396 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:44:57.0966 5396 ohci1394 - ok
17:44:58.0028 5396 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:44:58.0059 5396 p2pimsvc - ok
17:44:58.0059 5396 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:44:58.0075 5396 p2psvc - ok
17:44:58.0090 5396 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:44:58.0090 5396 Parport - ok
17:44:58.0122 5396 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
17:44:58.0122 5396 partmgr - ok
17:44:58.0153 5396 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:44:58.0168 5396 Parvdm - ok
17:44:58.0200 5396 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:44:58.0200 5396 PcaSvc - ok
17:44:58.0231 5396 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:44:58.0231 5396 pci - ok
17:44:58.0262 5396 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:44:58.0262 5396 pciide - ok
17:44:58.0278 5396 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:44:58.0278 5396 pcmcia - ok
17:44:58.0356 5396 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:44:58.0356 5396 PEAUTH - ok
17:44:58.0543 5396 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:44:58.0574 5396 pla - ok
17:44:58.0683 5396 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:44:58.0699 5396 PlugPlay - ok
17:44:58.0824 5396 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
17:44:58.0824 5396 PMBDeviceInfoProvider - ok
17:44:58.0902 5396 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:44:58.0917 5396 PNRPAutoReg - ok
17:44:58.0933 5396 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:44:58.0948 5396 PNRPsvc - ok
17:44:59.0011 5396 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:44:59.0026 5396 PolicyAgent - ok
17:44:59.0089 5396 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:44:59.0104 5396 PptpMiniport - ok
17:44:59.0136 5396 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:44:59.0136 5396 Processor - ok
17:44:59.0214 5396 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:44:59.0214 5396 ProfSvc - ok
17:44:59.0245 5396 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:44:59.0260 5396 ProtectedStorage - ok
17:44:59.0292 5396 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
17:44:59.0292 5396 Ps2 - ok
17:44:59.0323 5396 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:44:59.0338 5396 PSched - ok
17:44:59.0354 5396 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
17:44:59.0370 5396 PxHelp20 - ok
17:44:59.0432 5396 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:44:59.0448 5396 ql2300 - ok
17:44:59.0479 5396 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:44:59.0479 5396 ql40xx - ok
17:44:59.0526 5396 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:44:59.0541 5396 QWAVE - ok
17:44:59.0572 5396 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:44:59.0572 5396 QWAVEdrv - ok
17:44:59.0572 5396 R300 - ok
17:44:59.0604 5396 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:44:59.0604 5396 RasAcd - ok
17:44:59.0650 5396 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:44:59.0650 5396 RasAuto - ok
17:44:59.0682 5396 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:44:59.0682 5396 Rasl2tp - ok
17:44:59.0728 5396 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:44:59.0744 5396 RasMan - ok
17:44:59.0775 5396 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:44:59.0775 5396 RasPppoe - ok
17:44:59.0806 5396 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:44:59.0806 5396 RasSstp - ok
17:44:59.0853 5396 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:44:59.0853 5396 rdbss - ok
17:44:59.0884 5396 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:44:59.0900 5396 RDPCDD - ok
17:44:59.0947 5396 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:44:59.0947 5396 rdpdr - ok
17:44:59.0947 5396 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:44:59.0947 5396 RDPENCDD - ok
17:45:00.0009 5396 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
17:45:00.0009 5396 RDPWD - ok
17:45:00.0087 5396 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:45:00.0103 5396 RemoteAccess - ok
17:45:00.0165 5396 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:45:00.0165 5396 RemoteRegistry - ok
17:45:00.0212 5396 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
17:45:00.0212 5396 RimUsb - ok
17:45:00.0243 5396 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
17:45:00.0243 5396 RimVSerPort - ok
17:45:00.0306 5396 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner\RivaTuner32.sys
17:45:00.0306 5396 RivaTuner32 - ok
17:45:00.0337 5396 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
17:45:00.0337 5396 ROOTMODEM - ok
17:45:00.0384 5396 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
17:45:00.0384 5396 rpcapd - ok
17:45:00.0415 5396 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:45:00.0415 5396 RpcLocator - ok
17:45:00.0462 5396 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:45:00.0477 5396 RpcSs - ok
17:45:00.0540 5396 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
17:45:00.0540 5396 RsFx0105 - ok
17:45:00.0571 5396 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:45:00.0571 5396 rspndr - ok
17:45:00.0602 5396 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:45:00.0602 5396 SamSs - ok
17:45:00.0633 5396 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:45:00.0649 5396 sbp2port - ok
17:45:00.0680 5396 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:45:00.0696 5396 SCardSvr - ok
17:45:00.0758 5396 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:45:00.0774 5396 Schedule - ok
17:45:00.0789 5396 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:45:00.0789 5396 SCPolicySvc - ok
17:45:00.0820 5396 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:45:00.0836 5396 SDRSVC - ok
17:45:00.0867 5396 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:45:00.0867 5396 secdrv - ok
17:45:00.0898 5396 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:45:00.0898 5396 seclogon - ok
17:45:00.0914 5396 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:45:00.0930 5396 SENS - ok
17:45:00.0945 5396 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:45:00.0945 5396 Serenum - ok
17:45:00.0976 5396 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:45:00.0976 5396 Serial - ok
17:45:00.0992 5396 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:45:01.0008 5396 sermouse - ok
17:45:01.0054 5396 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:45:01.0054 5396 SessionEnv - ok
17:45:01.0070 5396 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:45:01.0070 5396 sffdisk - ok
17:45:01.0086 5396 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:45:01.0086 5396 sffp_mmc - ok
17:45:01.0117 5396 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:45:01.0117 5396 sffp_sd - ok
17:45:01.0117 5396 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:45:01.0117 5396 sfloppy - ok
17:45:01.0148 5396 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:45:01.0164 5396 SharedAccess - ok
17:45:01.0210 5396 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:45:01.0226 5396 ShellHWDetection - ok
17:45:01.0242 5396 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:45:01.0242 5396 sisagp - ok
17:45:01.0257 5396 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:45:01.0257 5396 SiSRaid2 - ok
17:45:01.0273 5396 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:45:01.0273 5396 SiSRaid4 - ok
17:45:01.0351 5396 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
17:45:01.0351 5396 SkypeUpdate - ok
17:45:01.0554 5396 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:45:01.0600 5396 slsvc - ok
17:45:01.0756 5396 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:45:01.0772 5396 SLUINotify - ok
17:45:01.0850 5396 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:45:01.0850 5396 Smb - ok
17:45:01.0912 5396 snapman (98b44c15b4eed76aa8dccb64a4ca11af) C:\Windows\system32\DRIVERS\snapman.sys
17:45:01.0928 5396 snapman - ok
17:45:01.0959 5396 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:45:01.0975 5396 SNMPTRAP - ok
17:45:02.0022 5396 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:45:02.0022 5396 spldr - ok
17:45:02.0068 5396 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:45:02.0084 5396 Spooler - ok
17:45:02.0240 5396 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:45:02.0240 5396 SQLAgent$SQLEXPRESS - ok
17:45:02.0334 5396 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:45:02.0334 5396 SQLBrowser - ok
17:45:02.0380 5396 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:45:02.0380 5396 SQLWriter - ok
17:45:02.0427 5396 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:45:02.0443 5396 srv - ok
17:45:02.0490 5396 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:45:02.0490 5396 srv2 - ok
17:45:02.0521 5396 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:45:02.0521 5396 srvnet - ok
17:45:02.0583 5396 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\Windows\system32\DRIVERS\ssadbus.sys
17:45:02.0583 5396 ssadbus - ok
17:45:02.0614 5396 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\Windows\system32\DRIVERS\ssadmdfl.sys
17:45:02.0630 5396 ssadmdfl - ok
17:45:02.0646 5396 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\Windows\system32\DRIVERS\ssadmdm.sys
17:45:02.0646 5396 ssadmdm - ok
17:45:02.0692 5396 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:45:02.0708 5396 SSDPSRV - ok
17:45:02.0786 5396 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:45:02.0802 5396 SstpSvc - ok
17:45:02.0942 5396 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:45:02.0942 5396 Stereo Service - ok
17:45:03.0004 5396 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:45:03.0020 5396 stisvc - ok
17:45:03.0067 5396 stllssvr (d4ce4d370a26ae1bf41be9f69d24d049) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:45:03.0082 5396 stllssvr - ok
17:45:03.0129 5396 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:45:03.0129 5396 swenum - ok
17:45:03.0176 5396 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:45:03.0192 5396 swprv - ok
17:45:03.0223 5396 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:45:03.0223 5396 Symc8xx - ok
17:45:03.0238 5396 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:45:03.0238 5396 Sym_hi - ok
17:45:03.0238 5396 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:45:03.0238 5396 Sym_u3 - ok
17:45:03.0316 5396 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:45:03.0332 5396 SysMain - ok
17:45:03.0363 5396 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:45:03.0363 5396 TabletInputService - ok
17:45:03.0410 5396 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:45:03.0426 5396 TapiSrv - ok
17:45:03.0472 5396 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
17:45:03.0472 5396 TBPanel - ok
17:45:03.0519 5396 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:45:03.0519 5396 TBS - ok
17:45:03.0613 5396 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
17:45:03.0628 5396 Tcpip - ok
17:45:03.0644 5396 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
17:45:03.0644 5396 Tcpip6 - ok
17:45:03.0675 5396 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:45:03.0675 5396 tcpipreg - ok
17:45:03.0706 5396 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:45:03.0706 5396 TDPIPE - ok
17:45:03.0722 5396 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:45:03.0722 5396 TDTCP - ok
17:45:03.0753 5396 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:45:03.0753 5396 tdx - ok
17:45:03.0784 5396 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:45:03.0784 5396 TermDD - ok
17:45:03.0847 5396 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:45:03.0862 5396 TermService - ok
17:45:03.0909 5396 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:45:03.0925 5396 Themes - ok
17:45:03.0956 5396 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:45:03.0956 5396 THREADORDER - ok
17:45:04.0050 5396 timounter (d8a96d0e25d43fdac3bed09adf39fde9) C:\Windows\system32\DRIVERS\timntr.sys
17:45:04.0065 5396 timounter - ok
17:45:04.0096 5396 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:45:04.0112 5396 TrkWks - ok
17:45:04.0174 5396 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:45:04.0174 5396 TrustedInstaller - ok
17:45:04.0221 5396 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:45:04.0221 5396 tssecsrv - ok
17:45:04.0252 5396 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:45:04.0252 5396 tunmp - ok
17:45:04.0284 5396 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:45:04.0284 5396 tunnel - ok
17:45:04.0315 5396 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:45:04.0315 5396 uagp35 - ok
17:45:04.0362 5396 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:45:04.0377 5396 udfs - ok
17:45:04.0408 5396 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:45:04.0408 5396 UI0Detect - ok
17:45:04.0440 5396 UimBus (0a1822d12cf103633893caf9cae4e69d) C:\Windows\system32\DRIVERS\UimBus.sys
17:45:04.0440 5396 UimBus - ok
17:45:04.0486 5396 Uim_IM (42f7398a76d279e0f63fc600920ab90c) C:\Windows\system32\Drivers\Uim_IM.sys
17:45:04.0486 5396 Uim_IM - ok
17:45:04.0518 5396 Uim_Vim (48ad04132fcac71e0eec3de5fb22d66e) C:\Windows\system32\Drivers\Uim_Vim.sys
17:45:04.0518 5396 Uim_Vim - ok
17:45:04.0549 5396 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:45:04.0549 5396 uliagpkx - ok
17:45:04.0596 5396 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:45:04.0596 5396 uliahci - ok
17:45:04.0611 5396 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:45:04.0611 5396 UlSata - ok
17:45:04.0642 5396 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:45:04.0642 5396 ulsata2 - ok
17:45:04.0674 5396 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:45:04.0674 5396 umbus - ok
17:45:04.0720 5396 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:45:04.0720 5396 upnphost - ok
17:45:04.0767 5396 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
17:45:04.0767 5396 usbaudio - ok
17:45:04.0798 5396 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:04.0798 5396 usbccgp - ok
17:45:04.0830 5396 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:45:04.0830 5396 usbcir - ok
17:45:04.0861 5396 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:45:04.0876 5396 usbehci - ok
17:45:04.0923 5396 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:45:04.0923 5396 usbhub - ok
17:45:04.0939 5396 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:45:04.0954 5396 usbohci - ok
17:45:04.0986 5396 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:45:04.0986 5396 usbprint - ok
17:45:05.0001 5396 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:45:05.0001 5396 USBSTOR - ok
17:45:05.0048 5396 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:45:05.0064 5396 usbuhci - ok
17:45:05.0095 5396 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:45:05.0110 5396 UxSms - ok
17:45:05.0204 5396 VBoxDrv (1bb553ac0949a6d96d0768ed7c74c4fb) C:\Windows\system32\DRIVERS\VBoxDrv.sys
17:45:05.0220 5396 VBoxDrv - ok
17:45:05.0266 5396 VBoxNetAdp (b79cb2163ba6ea1250ea5c686eb83b37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
17:45:05.0266 5396 VBoxNetAdp - ok
17:45:05.0298 5396 VBoxNetFlt (7cb02fd5c8f6cfc73df446e62783be80) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
17:45:05.0298 5396 VBoxNetFlt - ok
17:45:05.0360 5396 VBoxUSB (df4d4ad9e675a51a4ff2138d8f07ab68) C:\Windows\system32\Drivers\VBoxUSB.sys
17:45:05.0360 5396 VBoxUSB - ok
17:45:05.0391 5396 VBoxUSBMon (57e0c951c50060908fa5657295821757) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
17:45:05.0407 5396 VBoxUSBMon - ok
17:45:05.0469 5396 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:45:05.0485 5396 vds - ok
17:45:05.0516 5396 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:05.0532 5396 vga - ok
17:45:05.0547 5396 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:45:05.0547 5396 VgaSave - ok
17:45:05.0578 5396 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:45:05.0578 5396 viaagp - ok
17:45:05.0594 5396 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:45:05.0594 5396 ViaC7 - ok
17:45:05.0594 5396 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:45:05.0610 5396 viaide - ok
17:45:05.0641 5396 vididr (149ec3e217f9d11e9ca6c54ce3d70c73) C:\Windows\system32\DRIVERS\vididr.sys
17:45:05.0641 5396 vididr - ok
17:45:05.0688 5396 vidsflt53 (e31e9cd40677b84b3adaa7a0d80dc439) C:\Windows\system32\DRIVERS\vsflt53.sys
17:45:05.0688 5396 vidsflt53 - ok
17:45:05.0719 5396 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:45:05.0719 5396 volmgr - ok
17:45:05.0781 5396 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:45:05.0781 5396 volmgrx - ok
17:45:05.0812 5396 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:45:05.0828 5396 volsnap - ok
17:45:05.0875 5396 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:45:05.0875 5396 vsmraid - ok
17:45:05.0984 5396 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:45:06.0000 5396 VSS - ok
17:45:06.0046 5396 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:45:06.0062 5396 W32Time - ok
17:45:06.0140 5396 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:45:06.0140 5396 WacomPen - ok
17:45:06.0234 5396 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
17:45:06.0234 5396 wampapache - ok
17:45:06.0280 5396 wampmysqld - ok
17:45:06.0327 5396 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:45:06.0327 5396 Wanarp - ok
17:45:06.0343 5396 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:45:06.0343 5396 Wanarpv6 - ok
17:45:06.0405 5396 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:45:06.0436 5396 wcncsvc - ok
17:45:06.0452 5396 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:45:06.0468 5396 WcsPlugInService - ok
17:45:06.0499 5396 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:45:06.0499 5396 Wd - ok
17:45:06.0546 5396 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:45:06.0546 5396 Wdf01000 - ok
17:45:06.0592 5396 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:45:06.0592 5396 WdiServiceHost - ok
17:45:06.0592 5396 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:45:06.0608 5396 WdiSystemHost - ok
17:45:06.0655 5396 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:45:06.0655 5396 WebClient - ok
17:45:06.0702 5396 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:45:06.0702 5396 Wecsvc - ok
17:45:06.0748 5396 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:45:06.0764 5396 wercplsupport - ok
17:45:06.0795 5396 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:45:06.0795 5396 WerSvc - ok
17:45:06.0873 5396 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:45:06.0873 5396 winachsf - ok
17:45:06.0982 5396 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:45:06.0982 5396 WinDefend - ok
17:45:06.0998 5396 WinHttpAutoProxySvc - ok
17:45:07.0107 5396 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:45:07.0107 5396 Winmgmt - ok
17:45:07.0216 5396 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:45:07.0248 5396 WinRM - ok
17:45:07.0326 5396 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:45:07.0341 5396 Wlansvc - ok
17:45:07.0419 5396 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:45:07.0419 5396 WmiAcpi - ok
17:45:07.0497 5396 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:45:07.0513 5396 wmiApSrv - ok
17:45:07.0684 5396 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:45:07.0700 5396 WMPNetworkSvc - ok
17:45:07.0716 5396 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:45:07.0731 5396 WPCSvc - ok
17:45:07.0762 5396 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:45:07.0762 5396 WPDBusEnum - ok
17:45:07.0840 5396 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:45:07.0840 5396 WpdUsb - ok
17:45:07.0981 5396 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:45:07.0996 5396 WPFFontCache_v0400 - ok
17:45:08.0028 5396 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:45:08.0028 5396 ws2ifsl - ok
17:45:08.0059 5396 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:45:08.0059 5396 wscsvc - ok
17:45:08.0074 5396 WSearch - ok
17:45:08.0199 5396 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:45:08.0246 5396 wuauserv - ok
17:45:08.0433 5396 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:08.0433 5396 WUDFRd - ok
17:45:08.0480 5396 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:45:08.0496 5396 wudfsvc - ok
17:45:08.0542 5396 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:45:08.0542 5396 XAudio - ok
17:45:08.0589 5396 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
17:45:08.0589 5396 XAudioService - ok
17:45:08.0652 5396 XBCD (056967d35879b52559ad7598ea8d8418) C:\Windows\system32\Drivers\xbcd.sys
17:45:08.0652 5396 XBCD - ok
17:45:08.0714 5396 xnacc (69d5c58a3a03f86196db66ee95435652) C:\Windows\system32\DRIVERS\xnacc.sys
17:45:08.0714 5396 xnacc - ok
17:45:08.0730 5396 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
17:45:08.0730 5396 xusb21 - ok
17:45:08.0776 5396 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
17:45:08.0823 5396 \Device\Harddisk0\DR0 - ok
17:45:08.0823 5396 Boot (0x1200) (7976f1c86bfdcf46d5d7ec677c1efaae) \Device\Harddisk0\DR0\Partition0
17:45:08.0823 5396 \Device\Harddisk0\DR0\Partition0 - ok
17:45:08.0839 5396 Boot (0x1200) (6a78a5a933b4b2f37ed47da72f2dde58) \Device\Harddisk0\DR0\Partition1
17:45:08.0839 5396 \Device\Harddisk0\DR0\Partition1 - ok
17:45:08.0839 5396 ============================================================
17:45:08.0839 5396 Scan finished
17:45:08.0839 5396 ============================================================
17:45:08.0854 5012 Detected object count: 0
17:45:08.0854 5012 Actual detected object count: 0
17:45:29.0446 5344 Deinitialize success
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 17th, 2012, 7:08 am

daveyb,
Please don't install, uninstall or scan with anything unless I ask, until we are done.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {658C93D6-EB13-4DA5-8A2A-FA0164685CB4}
    IE - HKLM\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes,DefaultScope = {A36BE452-D3E0-443A-857E-B6F8BD920D87}
    IE - HKCU\..\SearchScopes\{5361745A-F6B9-4BC9-86D0-6B907ADF0567}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions
    
    :Files
    C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job.bak
    C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job.bak
    C:\Users\Dave\AppData\Roaming\ClickPotatoLite
    C:\SuperOneClickv2.3.3-ShortFuse
    ipconfig /flushdns /c
    
    
  • Shut down ALL Browsers that are open
  • Then click the Run Fix button at the top.
  • Let the program run unhindered. When it's done it will likely pop up a log. If so, please post the contents.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------
Run aswMBR
Download aswMBR.exe and save to your desktop.
Double click on aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click "save log". Save it to your desktop and post the contents in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 17th, 2012, 10:26 am

Downloaded TFC, closed all programs after printing instructions. Right click and run as administrator. Click on Start in the program, message: "processing all users" followed by BSOD

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 89E89020
BCP3: 89E8916C
BCP4: 83271AB0
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini061712-01.dmp
C:\Users\Dave\AppData\Local\Temp\WER-43695-0.sysdata.xml
C:\Users\Dave\AppData\Local\Temp\WERD4CB.tmp.version.txt

Shutting down Avast services and Retrying ....

That's odd, my previous post disappeared. I posted the OTL log before running TFC. OTL doesn't appear to have saved it on the desktop either.
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 17th, 2012, 10:40 am

Go ahead and run the aswMBR scan/log, then please run a quick scan with OTL and post the log.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 17th, 2012, 8:44 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-17 07:50:25
-----------------------------
07:50:25.580 OS Version: Windows 6.0.6002 Service Pack 2
07:50:25.580 Number of processors: 2 586 0x4B02
07:50:25.595 ComputerName: ANDROMEDA UserName: Dave
07:50:34.440 Initialize success
07:50:34.628 AVAST engine defs: 12061700
07:50:55.407 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
07:50:55.407 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 6
07:50:55.438 Disk 0 MBR read successfully
07:50:55.438 Disk 0 MBR scan
07:50:55.438 Disk 0 unknown MBR code
07:50:55.438 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 298834 MB offset 63
07:50:55.485 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6408 MB offset 612012240
07:50:55.485 Disk 0 scanning sectors +625137345
07:50:55.719 Disk 0 scanning C:\Windows\system32\drivers
07:51:38.744 Service scanning
07:52:15.482 Modules scanning
07:53:30.096 Disk 0 trace - called modules:
07:53:30.128 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll acpi.sys storport.sys nvstor32.sys
07:53:30.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8806eac8]
07:53:30.128 3 CLASSPNP.SYS[83fd48b3] -> nt!IofCallDriver -> [0x87f6bb28]
07:53:30.143 5 vsflt53.sys[80697c2b] -> nt!IofCallDriver -> [0x86caf600]
07:53:30.143 7 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\00000065[0x86ca3030]
07:53:32.218 AVAST engine scan C:\Windows
07:54:03.293 AVAST engine scan C:\Windows\system32
08:00:59.205 AVAST engine scan C:\Windows\system32\drivers
08:01:43.415 AVAST engine scan C:\Users\Dave
08:08:16.161 AVAST engine scan C:\ProgramData
08:13:22.342 Scan finished successfully
17:43:23.018 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
17:43:23.033 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 17th, 2012, 8:53 pm

OTL Quick Scan, run as administrator:

OTL logfile created on: 6/17/2012 5:45:48 PM - Run 3
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Dave\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 58.70% Memory free
7.18 Gb Paging File | 5.73 Gb Available in Paging File | 79.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 165.03 Gb Free Space | 56.55% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.02% Space Free | Partition Type: NTFS

Computer Name: ANDROMEDA | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 12:43:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2012/06/16 11:33:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/29 13:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 13:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/08/25 18:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/25 18:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/05 18:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/25 05:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/28 06:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 11:33:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/05 18:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2000/01/18 07:00:00 | 000,022,016 | ---- | M] () -- C:\Program Files\UltraEdit\ue32ctmn.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 11:33:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 19:45:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/29 16:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/08/25 18:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (R300)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\cis1284.sys -- (cis1284)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Dave\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/05/22 15:08:34 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/05/22 15:08:34 | 000,091,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/05/22 15:08:34 | 000,082,776 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/05/22 15:08:32 | 000,158,552 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/05/22 15:08:32 | 000,116,056 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012/05/08 18:24:06 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/05/08 18:23:53 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/05/08 18:23:52 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV - [2012/05/08 18:23:15 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/03/02 16:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2012/03/02 16:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2012/03/02 16:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2012/03/02 16:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2012/02/29 16:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/13 13:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/10/13 13:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011/10/13 13:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/20 22:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/20 22:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/20 22:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/08/22 11:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/18 22:55:32 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (Cardex)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{658C93D6-EB13-4DA5-8A2A-FA0164685CB4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{AD2D14A1-62D7-48D7-9A38-6AB5929C7185}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://burgii.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{658C93D6-EB13-4DA5-8A2A-FA0164685CB4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A36BE452-D3E0-443A-857E-B6F8BD920D87}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{AD2D14A1-62D7-48D7-9A38-6AB5929C7185}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://burgii.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 11:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/28 17:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2012/06/13 21:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mx320zgb.default\extensions
[2012/06/06 20:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/28 15:14:44 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/06/13 00:52:13 | 000,525,294 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/15 16:51:47 | 000,006,378 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{AB4B5718-3998-4A2C-91AE-18A7C2DB513E}.XPI
[2012/05/05 13:53:01 | 000,922,025 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
[2011/09/25 18:21:05 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/01/06 02:05:50 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/03 11:19:16 | 000,023,657 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\DOWNLOAD-PANEL@KWOK.WAI.KAN.XPI
[2012/02/15 00:00:58 | 000,204,717 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2012/05/31 21:30:58 | 000,046,977 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\HTML5NOTIFICATIONS@PAXAL.NET.XPI
[2012/05/05 13:31:13 | 000,009,601 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\PASSWORD.GENERATOR@KOLYA.CA.XPI
[2012/06/13 21:56:22 | 000,121,107 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\QUICKPASSWORDS@AXELG.COM.XPI
[2012/05/08 20:03:09 | 000,195,036 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\SAVEDPASSWORDEDITOR@DANIEL.DAWSON.XPI
[2012/04/24 17:26:34 | 000,159,870 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX320ZGB.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/06/16 11:33:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/17 23:23:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 23:23:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/01 21:09:39 | 000,000,834 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.1 dlink
O1 - Hosts: 192.168.122.1 netgear
O1 - Hosts: 192.168.1.1 cisco
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: burgii.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: infinitekind.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CB202F-C53A-47EC-A58C-BF660DF2134C}: DhcpNameServer = 192.168.0.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/09 13:23:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 07:11:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dave\Desktop\aswMBR.exe
[2012/06/17 07:10:39 | 000,449,024 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\TFC.exe
[2012/06/17 07:06:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/16 17:36:34 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2012/06/16 12:43:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/06/16 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/16 12:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/11 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\LearningModules
[2012/06/11 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\MemoryLifter
[2012/06/11 17:58:34 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\OMICRON_electronics_GmbH
[2012/06/11 17:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemoryLifter
[2012/06/11 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\MemoryLifter
[2012/06/02 23:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/06/02 20:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2012/06/02 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2012/06/02 20:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2012/06/01 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\Dave\burgii.com
[2012/05/29 21:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012/05/29 21:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/28 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/28 15:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicBerry for Blackberry
[2012/05/28 15:35:45 | 000,151,552 | ---- | C] (Info-ZIP) -- C:\Windows\System32\zip32.dll
[2012/05/28 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\MagicBerry for Blackberry
[2012/05/28 00:09:48 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/05/28 00:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/05/28 00:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/05/26 10:11:46 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Bike Deregistered_files
[2012/05/21 22:38:51 | 000,000,000 | ---D | C] -- C:\archive_db
[2012/05/21 20:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012/05/21 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012/05/21 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012/05/21 20:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012/05/21 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2012/05/21 20:03:51 | 000,000,000 | ---D | C] -- C:\Double Driver
[2012/05/19 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\.AVACSLiveChatWS
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 17:47:48 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 17:47:48 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 17:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 17:43:23 | 000,000,512 | ---- | M] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/06/17 17:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 08:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 07:55:37 | 000,729,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/17 07:55:37 | 000,146,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/17 07:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 07:11:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dave\Desktop\aswMBR.exe
[2012/06/17 07:10:43 | 000,449,024 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\TFC.exe
[2012/06/16 18:00:33 | 000,009,794 | ---- | M] () -- C:\Windows\UEDIT32.INI
[2012/06/16 17:36:46 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2012/06/16 12:43:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/06/16 12:39:58 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/13 17:48:41 | 000,330,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/05 18:30:25 | 000,016,870 | ---- | M] () -- C:\Users\Dave\Desktop\Gina.ods
[2012/06/03 20:12:28 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/06/01 22:55:46 | 000,000,600 | ---- | M] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2012/05/28 00:09:45 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/05/26 10:11:46 | 000,009,255 | ---- | M] () -- C:\Users\Dave\Documents\Bike Deregistered.html
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 17:43:23 | 000,000,512 | ---- | C] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/06/16 12:39:58 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/16 12:39:58 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/02 20:54:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012/06/02 20:54:18 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/06/01 22:55:46 | 000,000,600 | ---- | C] () -- C:\Users\Dave\AppData\Local\PUTTY.RND
[2012/05/28 00:09:45 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/05/26 10:11:45 | 000,009,255 | ---- | C] () -- C:\Users\Dave\Documents\Bike Deregistered.html
[2012/05/12 17:03:43 | 000,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/24 17:48:05 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2011/08/27 17:35:56 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011/08/20 19:05:26 | 000,002,143 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/03 16:57:00 | 000,011,976 | ---- | C] () -- C:\Windows\ALCHEMY.INI
[2011/05/28 17:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/23 17:55:39 | 000,024,227 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\UserTile.png
[2011/05/17 00:05:00 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/29 12:50:29 | 000,009,794 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2011/04/14 20:27:54 | 000,000,080 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2011/09/24 17:14:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acreon
[2012/05/08 18:25:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acronis
[2012/04/15 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AntispamSniper
[2012/03/31 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Blackberry Desktop
[2012/06/10 10:02:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/06/11 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MemoryLifter
[2011/09/23 01:49:19 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MySQL
[2011/05/16 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenOffice.org
[2011/05/23 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PeerNetworking
[2010/09/09 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Research In Motion
[2011/11/06 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spamihilator
[2011/12/03 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SQL Maestro Group
[2011/05/08 18:06:36 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Template
[2007/11/07 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WildTangent
[2010/03/10 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WinBatch
[2010/12/05 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Wireshark
[2012/06/16 21:12:39 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 17th, 2012, 11:34 pm

Update: My sons called me via Skype for Fathers day, and Skype downloaded the updates for the program automatically. I didn't let it install them yet, but wanted to let you know that they are probably sitting in a temp folder somewhere waiting to install. If they get deleted, no biggie, they will just download on the next session and install then.
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 18th, 2012, 7:26 am

daveyb,
Go ahead and install the Skype updates, then reboot.
Let's run another ESET scan (I know it's kind of slow) and get a report, to see what may remain.
If you still have a log at C:\Program Files\ESET\EsetOnlineScanner\log.txt, please delete it first.
-------------------------------------------------
Run the ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Please shut down Avast prior to running the scan.
You will need to to right-click on either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select [b]Run as Administrator.


  • Please go HERE to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware