Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer problems


  • This topic is locked This topic is locked
53 replies to this topic

#1 zxcvasdf

zxcvasdf

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 25 January 2014 - 09:14 PM

Major computer problems.

 

Can't run DDS, halts about 3/4 way.

 

Here is RSIT log

 

Logfile of random's system information tool 1.08 (written by random/random)
Run by BC at 2014-01-25 18:01:57
WIN_XP Service Pack 3
System drive C: has 56 GB (52%) free of 107 GB
Total RAM: 2038 MB (65% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1210614011-2585739803-2429135735-1006Core1cdc7b3bbd2482a.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job
C:\WINDOWS\tasks\ReclaimerResumeInstall_BC.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 5da99e07-f09b-4e3f-a40c-00e261c6c1bf.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 91180a1e-5b79-4542-a7b6-819b32507676.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2013-01-29 73832]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2013-02-21 1407728]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2013-02-21 1211120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-08-14 5703920]
"IE Privacy Keeper"=C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-04-30 962560]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2013-09-19 3905304]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Spotify Web Helper"=C:\Documents and Settings\BC\Application Data\Spotify\Data\SpotifyWebHelper.exe [2013-08-03 1104384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-08-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2011-07-27 434080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether]
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [2013-03-11 49960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
C:\Program Files\FileHippo.com\UpdateChecker.exe [2012-11-23 307712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\BC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
C:\Program Files\HDD Health\HDDHealth.exe [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158265598\ee\AOLSoftware.exe [2006-04-13 50792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe [1998-11-24 43520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpppt]
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppt.exe [1998-11-24 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2013-02-21 1211120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2013-02-21 1407728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2012-12-12 152544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2011-11-11 205336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
C:\Program Files\ooVoo\oovoo.exe [2012-10-04 27112568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagull Drivers]
ssdal_nc.exe startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-11-09 17877168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2006-08-27 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Surf Anonymous Free]
C:\Program Files\SurfAnonymousFree\SurfAnonymousFree.exe [2013-02-07 3743544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2006-02-14 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\program files\real\realplayer\update\realsched.exe [2013-08-03 295512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3]
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-05-15 551032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-07-24 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BC^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
C:\PROGRA~1\Logitech\Ereg\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BC^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BC^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BC^Start Menu^Programs^Startup^Xfire.lnk]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=3
"SNDSrvc"=3
"SAVScan"=3
"NSCService"=3
"navapsvc"=2
"ccSetMgr"=2
"ccProxy"=2
"ccISPwdSvc"=3
"ccEvtMgr"=2
"AntiVirService"=2
"AntiVirSchedulerService"=2
"Viewpoint Manager Service"=2
"ASKService"=2
"AdobeFlashPlayerUpdateSvc"=3
"VAIOMediaPlatform-Mobile-Gateway"=3
"VAIOMediaPlatform-IntegratedServer-UPnP"=3
"VAIOMediaPlatform-IntegratedServer-HTTP"=3
"VAIOMediaPlatform-IntegratedServer-AppServer"=3
"VAIO Entertainment TV Device Arbitration Service"=3
"UCYR"=3
"TEEWDTYN"=3
"SSScsiSV"=3
"SPTISRV"=3
"SkypeUpdate"=2
"Pharos Systems ComTaskMaster"=2
"PEVSystemStart"=2
"PACSPTISVR"=3
"ose"=3
"odserv"=3
"npggsvc"=3
"MSCSPTISRV"=3
"McAfee SiteAdvisor Service"=2
"LJOTLF"=3
"iPod Service"=3
"Image Converter video recording monitor for VAIO Entertainment"=3
"idsvc"=3
"IDriverT"=3
"gupdatem"=3
"gupdate"=2
"GKGTL"=3
"FLEXnet Licensing Service"=3
"Eventlog"=2
"CQLBM"=3
"WMPNetworkSvc"=2
"WDBtnMgrSvc.exe"=2
"VzFw"=2
"VzCdbSvc"=2
"vsmon"=2
"Vcsw"=3
"VAIO Event Service"=2
"UMVPFSrv"=2
"SonicStageMonitoring"=2
"S24EventMonitor"=2
"RegSrvc"=2
"mfevtp"=2
"mfefire"=2
"MDM"=2
"McShield"=2
"McProxy"=2
"McNASvc"=2
"JavaQuickStarterService"=2
"IswSvc"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"!SASCORE"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-06-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"=C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-09-14 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoThumbnailCache"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1158265598\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1158265598\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\BC\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\BC\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe"="C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\Game\SoftnyxGame\GunboundIS\GunBound.gme"="C:\Game\SoftnyxGame\GunboundIS\GunBound.gme:*:Enabled:GunBound"
"C:\Documents and Settings\BC\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\BC\Application Data\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Logitech\Vid HD\Vid.exe"="C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "

======List of files/folders created in the last 3 months======

2014-01-25 18:01:57 ----DC---- C:\rsit
2014-01-25 14:05:13 ----SHDC---- C:\RECYCLER
2014-01-25 13:43:27 ----AC---- C:\TDSSKiller.2.8.18.0_25.01.2014_13.43.27_log.txt
2014-01-25 12:27:04 ----DC---- C:\AdwCleaner
2014-01-25 12:12:34 ----ASH---- C:\hiberfil.sys
2014-01-19 13:52:02 ----D---- C:\WINDOWS\system32\CatRoot_bak
2014-01-19 13:50:28 ----DC---- C:\9373ab4c0993c06b20490309
2014-01-19 13:48:10 ----D---- C:\WINDOWS\LastGood(2)
2014-01-19 13:42:52 ----D---- C:\Program Files\Common Files\Intel
2014-01-19 13:38:58 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2014-01-19 13:37:22 ----DC---- C:\Program Files\Intel
2014-01-19 13:37:21 ----DC---- C:\Program Files\Intel(2)
2014-01-19 12:05:53 ----D---- C:\Documents and Settings\BC\Application Data\Intel
2014-01-19 11:55:27 ----DC---- C:\ComboFix(4)
2014-01-19 11:55:14 ----DC---- C:\ComboFix(3)
2014-01-18 22:39:50 ----DC---- C:\RECYCLER(2)
2014-01-14 19:46:38 ----DC---- C:\ComboFix(2)
2014-01-07 02:44:58 ----AC---- C:\AdwCleaner[S6].txt
2013-12-23 11:26:00 ----AC---- C:\AdwCleaner[R6].txt
2013-11-09 00:38:26 ----AC---- C:\TDSSKiller.2.8.18.0_09.11.2013_00.38.26_log.txt
2013-10-26 00:30:17 ----D---- C:\Documents and Settings\All Users\Application Data\Intel(3)
2013-10-26 00:30:16 ----D---- C:\Documents and Settings\BC\Application Data\Intel(3)
2013-10-26 00:27:18 ----D---- C:\Program Files\Common Files\Intel(3)

======List of files/folders modified in the last 3 months======

2014-01-25 18:00:31 ----D---- C:\WINDOWS\inf
2014-01-25 18:00:00 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2014-01-25 16:24:24 ----D---- C:\WINDOWS\system32\wbem
2014-01-25 15:59:11 ----D---- C:\WINDOWS
2014-01-25 15:52:37 ----D---- C:\WINDOWS\system32\CatRoot
2014-01-25 15:52:35 ----D---- C:\WINDOWS\system32\CatRoot2
2014-01-25 14:11:51 ----SHD---- C:\WINDOWS\Installer
2014-01-25 14:11:50 ----DC---- C:\Config.Msi
2014-01-25 14:11:50 ----D---- C:\Program Files\Common Files\Java
2014-01-25 14:11:39 ----D---- C:\WINDOWS\system32
2014-01-25 13:43:29 ----D---- C:\WINDOWS\system32\drivers
2014-01-25 13:16:15 ----RD---- C:\Program Files
2014-01-25 13:12:17 ----D---- C:\WINDOWS\ERUNT
2014-01-25 13:07:08 ----D---- C:\WINDOWS\temp
2014-01-23 01:36:24 ----D---- C:\WINDOWS\Debug
2014-01-19 13:59:46 ----D---- C:\Program Files\SUPERAntiSpyware
2014-01-19 13:59:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-01-19 13:58:28 ----D---- C:\WINDOWS\system32\config
2014-01-19 13:55:00 ----D---- C:\WINDOWS\Registration
2014-01-19 13:49:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2014-01-19 13:46:27 ----DC---- C:\Qoobox
2014-01-19 13:43:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-01-19 13:42:52 ----D---- C:\Program Files\Common Files
2014-01-19 13:28:40 ----D---- C:\Program Files\Intel(2)(2)
2014-01-19 13:25:45 ----DC---- C:\WINDOWS\system32\dllcache
2014-01-19 12:53:16 ----D---- C:\Documents and Settings
2014-01-14 20:20:32 ----AC---- C:\WINDOWS\system.ini
2014-01-14 20:06:58 ----D---- C:\WINDOWS\AppPatch
2014-01-07 02:32:57 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt
2013-12-15 23:02:13 ----D---- C:\WINDOWS\system32\MsDtc
2013-12-15 22:26:03 ----D---- C:\WINDOWS\security
2013-11-09 00:42:04 ----D---- C:\Program Files\ESET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DwProt;DrWeb Protection; C:\WINDOWS\system32\drivers\dwprot.sys [2011-07-29 135032]
R0 gfibto;gfibto; C:\WINDOWS\system32\drivers\gfibto.sys [2012-11-29 13560]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-07 99080]
R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2013-02-19 565888]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-07-08 45200]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2012-11-07 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-07 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-07 32640]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-11-15 584536]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2013-02-19 91640]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 Vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2013-01-29 527848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-15 12032]
R1 xlkfs;xlkfs; C:\WINDOWS\system32\DRIVERS\xlkfs.sys [2011-09-09 18432]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]
R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-07-24 12672]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2010-05-19 13952]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 easytether;easytether; C:\WINDOWS\system32\DRIVERS\easytthr.sys [2013-03-11 18248]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-24 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-07-24 208256]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2013-02-19 133416]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2013-02-19 235264]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2013-02-19 363080]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2013-02-19 84904]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-24 727808]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2011-09-24 298784]
R4 KProcessHacker2;KProcessHacker2; \??\C:\Program Files\Process Hacker 2\kprocesshacker.sys []
S0 epstwnt;epstwnt; C:\WINDOWS\System32\Drivers\epstwnt.mpd [1998-10-28 84480]
S0 urihxt;urihxt; C:\WINDOWS\System32\drivers\rdced.sys []
S1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\WINDOWS\system32\DRIVERS\tdx.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\drivers\AegisP.sys []
S2 SHARSHTL;Shuttle Sharer; C:\WINDOWS\System32\Drivers\sharshtl.sys [1998-08-12 18432]
S2 windrvNT;windrvNT; C:\WINDOWS\system32\drivers\windrvNT.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2011-09-24 14336]
S3 apf001;apf001; \??\C:\Game\SoftnyxGame\GunBoundIS\apf001.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\BC~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2013-02-19 60920]
S3 CompFilter;UVCCompositeFilter; C:\WINDOWS\system32\DRIVERS\lvbusflt.sys [2012-01-17 22176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-02 83864]
S3 dgderdrv;dgderdrv; C:\WINDOWS\system32\drivers\dgderdrv.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\drivers\HSXHWAZL.sys []
S3 LHidFilt;Logicool SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35472]
S3 LMouFilt;Logicool SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 37008]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2012-01-17 312096]
S3 LVUVC;Logitech HD Webcam C615(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2012-01-17 4332960]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2013-02-19 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2013-02-19 84904]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2013-02-19 92632]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMP50a64.sys []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-02 1706752]
S3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SCT_SKMScan;SCT_SKMScan; C:\WINDOWS\system32\drivers\sct_skmscan.sys [2011-03-09 33568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-02 181912]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2011-09-24 290816]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-04-13 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 TSP;TSP; C:\WINDOWS\system32\drivers\TSP.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-09-28 44544]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 vaiocheckmem;vaiocheckmem; \??\C:\Program Files\Sony\VAIO diagnostics\vaiocheckmem.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WinRing0_1_2_0;WinRing0_1_2_0; C:\WINDOWS\system32\drivers\WinRing0_1_2_0.sys []
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\system32\drivers\dwshd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2013-02-19 203840]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2013-02-19 172416]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-02-21 482032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-02-21 871152]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2013-02-21 920304]
S2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2013-01-29 2447888]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WinDefend;Windows Defender; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 257416]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-11 655624]
S4 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S4 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 553440]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S4 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S4 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-08 3046748]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]
S4 Pharos Systems ComTaskMaster;Pharos Systems ComTaskMaster; C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe [2008-05-16 290816]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S4 SonicStageMonitoring;SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [2005-03-11 135168]
S4 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
S4 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-05-08 69632]
S4 UMVPFSrv;UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-17 450848]
S4 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-11-25 73728]
S4 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2006-06-20 176128]
S4 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-06-13 2084864]
S4 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-05-18 57344]
S4 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-05-18 770048]
S4 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2006-06-07 155648]
S4 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2006-04-04 274432]
S4 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-11-28 131072]
S4 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-11-28 118784]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
 


Edited by zxcvasdf, 25 January 2014 - 09:20 PM.


BC AdBot (Login to Remove)

 


#2 zxcvasdf

zxcvasdf
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 26 January 2014 - 07:03 PM

OTL logfile created on: 1/26/2014 3:58:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\BC\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.80% Memory free
3.33 Gb Paging File | 2.78 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 1521 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 54.29 Gb Free Space | 51.81% Space Free | Partition Type: NTFS
 
Computer Name:  | User Name: BC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/25 17:48:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BC\Desktop\OTL.exe
PRC - [2013/08/14 16:27:59 | 005,703,920 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/05/23 12:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/21 15:34:04 | 001,407,728 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2013/02/21 14:13:28 | 001,211,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2013/02/21 14:10:32 | 000,482,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2013/02/19 13:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2013/02/19 13:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 13:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/30 11:12:30 | 000,962,560 | ---- | M] (UnH Solutions) -- C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/01 22:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Disabled | Stopped] --  -- (UCYR)
SRV - File not found [Disabled | Stopped] --  -- (TEEWDTYN)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsisvc.dll -- (nsi)
SRV - File not found [Disabled | Stopped] --  -- (LJOTLF)
SRV - File not found [Disabled | Stopped] --  -- (GKGTL)
SRV - File not found [Disabled | Stopped] --  -- (CQLBM)
SRV - [2013/07/17 13:30:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 12:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/21 15:33:52 | 000,920,304 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2013/02/21 14:30:28 | 000,871,152 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2013/02/21 14:10:32 | 000,482,032 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2013/02/19 13:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 13:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 13:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/01/29 20:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/17 22:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/07/11 23:00:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/08 09:25:00 | 003,046,748 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Disabled | Stopped] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2006/06/20 15:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/06/13 07:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 08:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 09:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006/05/18 09:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006/05/08 03:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 16:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 16:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 16:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/04 13:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 12:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 12:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 12:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 18:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 16:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WinRing0_1_2_0)
DRV - File not found [Kernel | Auto | Stopped] --  -- (windrvNT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\rdced.sys -- (urihxt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TSP)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\tdx.sys -- (tdx)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw5x32.sys -- (NETw5x32)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (HSXHWAZL)
DRV - File not found [Kernel | System | Stopped] --  -- (FileDisk)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (dgderdrv)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BC~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (AegisP)
DRV - [2013/10/09 21:29:12 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/02 23:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/04/02 23:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/03/11 17:52:52 | 000,018,248 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\easytthr.sys -- (easytether)
DRV - [2013/02/19 13:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 13:11:42 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2013/02/19 13:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 13:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 13:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2013/02/19 13:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2013/02/19 13:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 13:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 13:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 13:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/01/29 19:35:36 | 000,527,848 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/12/20 18:11:38 | 000,026,624 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2012/11/29 19:44:06 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/11/15 20:06:12 | 000,584,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/11/07 23:38:18 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/07 23:38:18 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:38:16 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/11/07 23:38:14 | 000,018,096 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/01/17 22:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/17 22:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/17 22:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/09/24 14:39:08 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2011/09/24 14:10:44 | 000,298,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2011/09/24 14:07:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2011/09/09 17:34:28 | 000,018,432 | ---- | M] (XOSLAB.COM) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\xlkfs.sys -- (xlkfs)
DRV - [2011/07/29 03:40:49 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/24 03:07:49 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\apf001.sys -- (apf001)
DRV - [2011/03/09 15:15:00 | 000,033,568 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sct_skmscan.sys -- (SCT_SKMScan)
DRV - [2010/10/07 03:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/05/19 20:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/03/30 22:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/01/26 14:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 14:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/29 10:12:34 | 000,037,008 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 10:12:28 | 000,035,472 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/24 09:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/24 09:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/24 09:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/06/14 10:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/04/13 19:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 09:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 09:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2006/02/24 00:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/21 17:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/10 10:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 16:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 17:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 11:31:00 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/10/06 16:09:00 | 000,002,816 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Sony\VAIO diagnostics\vaiocheckmem.sys -- (vaiocheckmem)
DRV - [2000/12/05 15:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [1998/10/28 11:49:02 | 000,084,480 | ---- | M] (Shuttle Technology. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\epstwnt.mpd -- (epstwnt)
DRV - [1998/08/12 01:41:02 | 000,018,432 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Sharshtl.sys -- (SHARSHTL)
DRV - [1997/12/22 17:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D8C6D247-F522-4DC9-AB70-71E63801A535}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U205DF&PC=U205&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/01/25 15:59:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\BC\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\BC\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\BC\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\BC\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/16 17:30:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/16 17:30:36 | 000,000,000 | ---D | M]
 
[2010/04/30 08:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Extensions
[2010/04/30 08:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/07/31 20:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions
[2013/04/16 21:04:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/05/16 09:12:37 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/03 17:08:41 | 000,000,000 | ---D | M] (FirefoxAdKiller) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}
[2013/03/25 18:16:18 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\ffxtlbr@zonealarm.com
[2013/07/23 14:27:26 | 000,353,425 | ---- | M] () (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\smarterwiki@wikiatic.com.xpi
[2013/03/01 16:42:05 | 000,004,539 | ---- | M] () (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\support@surfanonymous-free.com.xpi
[2013/07/27 20:26:02 | 000,143,928 | ---- | M] () (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013/07/31 20:20:53 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/23 02:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2013/08/03 21:27:01 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\searchplugins\bingp.xml
[2013/08/16 17:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 17:30:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2013/08/16 17:30:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2013/08/16 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 17:31:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/30 09:43:49 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol308.dll
[2008/07/28 12:07:36 | 000,069,632 | ---- | M] (UPS) -- C:\Program Files\mozilla firefox\plugins\NPEltr32.dll
[2013/08/03 19:41:28 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/03/19 11:38:13 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: http://www.msn.com/?pc=U205&ocid=U205DHP
CHR - plugin: npFFApi (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2013/10/25 00:39:36 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [IE Privacy Keeper] C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (UnH Solutions)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\BC\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355777357754 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340929817375 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D235450A-0B05-44DE-8082-E4FA1172A4AC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - C:\Program Files\Trend Micro\Tmas\sshook.dll (Trend Micro Incorporated)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/09 23:51:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic Professional 6\)
O34 - HKLM BootExecute: (iolobtdfg C:\WINDOWS\system32)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/25 18:01:57 | 000,000,000 | ---D | C] -- C:\rsit
[2014/01/25 18:00:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BC\Desktop\OTL.exe
[2014/01/25 14:05:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BC\Recent
[2014/01/25 14:05:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/25 12:27:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/23 01:46:34 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\BC\Desktop\JRT.exe
[2014/01/23 01:46:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\BC\Desktop\dds.com
[2014/01/19 13:52:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2014/01/19 13:50:28 | 000,000,000 | ---D | C] -- C:\9373ab4c0993c06b20490309
[2014/01/19 13:48:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/19 13:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/01/19 13:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
[2014/01/19 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2014/01/19 13:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2014/01/19 13:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2014/01/19 13:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/01/19 13:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Intel(2)
[2014/01/19 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2014/01/19 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BC\Application Data\Intel
[2014/01/19 11:55:27 | 000,000,000 | ---D | C] -- C:\ComboFix(4)
[2014/01/19 11:55:14 | 000,000,000 | ---D | C] -- C:\ComboFix(3)
[2014/01/18 22:39:50 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2014/01/14 19:46:38 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/25 17:48:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BC\Desktop\OTL.exe
[2014/01/25 17:48:44 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\BC\Desktop\RSIT-1.06.exe
[2014/01/25 16:04:34 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2014/01/25 12:55:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/25 12:55:17 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 12:32:00 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2014/01/25 12:13:10 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/22 21:53:16 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\BC\Desktop\JRT.exe
[2014/01/22 21:53:00 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\BC\Desktop\AdwCleaner.exe
[2014/01/22 21:49:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\BC\Desktop\dds.com
[2014/01/19 14:00:27 | 000,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/01/25 18:00:58 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\BC\Desktop\RSIT-1.06.exe
[2014/01/25 12:12:34 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/11 18:34:02 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\BC\Desktop\rkill.exe
[2013/05/12 21:08:47 | 000,575,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1210614011-2585739803-2429135735-1006-0.dat
[2013/05/12 21:08:46 | 000,334,598 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/04/18 10:13:27 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2013/04/13 13:05:45 | 000,003,929 | ---- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2013/02/05 16:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/02/05 16:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/02/05 16:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/02/05 16:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/11/29 20:19:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2012/07/01 22:27:19 | 000,109,256 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/07/01 22:27:19 | 000,090,824 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/06/30 13:09:20 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/05/14 23:57:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/30 21:26:14 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\spdlfa.ccr
[2012/03/30 21:26:14 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\NDFFS.DAT
[2011/09/14 01:17:31 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\d3d9caps.dat
[2011/08/05 00:41:53 | 000,257,548 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\census.cache
[2011/08/05 00:41:23 | 000,225,571 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\ars.cache
[2011/08/05 00:08:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\housecall.guid.cache
[2010/04/12 00:45:29 | 000,000,990 | --S- | C] () -- C:\Documents and Settings\BC\Application Data\systemfl.$dk
[2009/01/24 11:19:33 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2007/12/27 17:54:20 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/12/04 18:09:22 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/04 18:09:22 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006/08/09 23:47:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 20:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 AM

Posted 30 January 2014 - 09:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/522124 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 zxcvasdf

zxcvasdf
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 30 January 2014 - 11:27 PM

Please help me.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:10 AM

Posted 06 February 2014 - 09:30 AM

Greetings zxcvasdf and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Could you please be a little more descriptive regarding what problems you are experiencing?

Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 zxcvasdf

zxcvasdf
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 07 February 2014 - 01:18 PM

Hello OhMy, thanks in advanced for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014
Ran by BC (administrator) on 07-02-2014 09:56:04
Running from C:\Documents and Settings\BC\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-01-29] (Check Point Software Technologies LTD)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407728 2013-02-21] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1211120 2013-02-21] (Intel® Corporation)
Winlogon\Notify\VESWinlogon: C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
Winlogon\Notify\WRNotifier: WRLogonNTF.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-1210614011-2585739803-2429135735-1006\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1210614011-2585739803-2429135735-1006\...\Run: [IE Privacy Keeper] - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe [962560 2005-04-30] (UnH Solutions)
HKU\S-1-5-21-1210614011-2585739803-2429135735-1006\...\Run: [ccleaner] - C:\Program Files\CCleaner\ccleaner.exe [3905304 2013-09-19] (Piriform Ltd)
HKU\S-1-5-21-1210614011-2585739803-2429135735-1006\...\Run: [Spotify Web Helper] - C:\Documents and Settings\BC\Application Data\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-08-03] (Spotify Ltd)
HKU\S-1-5-21-1210614011-2585739803-2429135735-1006\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1210614011-2585739803-2429135735-1006\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1210614011-2585739803-2429135735-1006\...\Policies\Explorer: [NoThumbnailCache] 0

==================== Internet (Whitelisted) ====================

ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {D8C6D247-F522-4DC9-AB70-71E63801A535} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Trend Micro Anti-Spyware Shell Extension - {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - C:\Program Files\Trend Micro\Tmas\sshook.dll [77824 2006-09-14] (Trend Micro Incorporated)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default
FF SearchEngineOrder.3: Bing
FF Homepage: www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U205DF&PC=U205&q=
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\BC\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\BC\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\BC\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\BC\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol308.dll (Invenda Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPEltr32.dll (UPS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\BC\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\BC\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF SearchPlugin: C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: zonealarm.com - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\ffxtlbr@zonealarm.com [2013-03-25]
FF Extension: Flashblock - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-16]
FF Extension: WOT - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-05-16]
FF Extension: FirefoxAdKiller - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1} [2010-04-11]
FF Extension: FastestFox - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\smarterwiki@wikiatic.com.xpi [2011-03-23]
FF Extension: Surf Anonymous Free - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\support@surfanonymous-free.com.xpi [2012-09-04]
FF Extension: ImTranslator - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-11]
FF Extension: Adblock Plus - C:\Documents and Settings\BC\Application Data\Mozilla\Firefox\Profiles\csqtffdt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2013-08-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2013-08-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=U205&ocid=U205DHP"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\BC\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\BC\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (E-centives Coupon Activator Netscape Plugin v. 3.0.8.0) - C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll (Invenda Corporation)
CHR Plugin: (UPS Thermal 2442 Printer Plugin) - C:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll (UPS)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S2 helpsvc; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S4 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-07-14] (Sony Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S4 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S4 npggsvc; C:\WINDOWS\system32\GameMon.des [3046748 2009-06-08] (INCA Internet Co., Ltd.)
S4 Pharos Systems ComTaskMaster; C:\Program Files\PharosSystems\Core\CTskMstr.exe [290816 2008-05-16] (Pharos Systems International)
S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [920304 2013-02-21] (Intel® Corporation)
S4 SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [135168 2005-03-11] (Sony Corporation)
S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2006-04-27] (Sony Corporation)
S4 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-05-08] (Sony Corporation)
S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-17] (Logitech Inc.)
S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2005-11-25] (Sony Corporation)
S4 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [176128 2006-06-20] (Sony Corporation)
S4 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2084864 2006-06-13] (Sony Corporation)
S4 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2006-05-18] (Sony Corporation)
S4 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2006-05-18] (Sony Corporation)
S4 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [155648 2006-06-07] (Sony Corporation)
S4 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-04-04] (Sony Corporation)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-01-29] (Check Point Software Technologies LTD)
S4 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [131072 2005-11-28] (Sony Corporation)
S4 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [118784 2005-11-28] (Sony Corporation)
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-07-24] (WDC)
S4 CQLBM; No ImagePath
S2 Eventlog; No ImagePath
S4 GKGTL; No ImagePath
S4 LJOTLF; No ImagePath
S2 nsi; %systemroot%\system32\nsisvc.dll [X]
S4 TEEWDTYN; No ImagePath
S4 UCYR; No ImagePath
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

S3 Amps2prt; C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [14336 2011-09-24] ()
S3 apf001; C:\Game\SoftnyxGame\GunBoundIS\apf001.sys [10872 2011-06-24] ()
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [18096 2012-11-07] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [497952 2012-11-07] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32640 2012-11-07] (COMODO)
S3 CompFilter; C:\WINDOWS\System32\DRIVERS\lvbusflt.sys [22176 2012-01-17] (Logitech Inc.)
R2 cpuz133; C:\WINDOWS\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
R0 DwProt; C:\WINDOWS\System32\drivers\dwprot.sys [135032 2011-07-29] (Doctor Web, Ltd.)
R3 easytether; C:\WINDOWS\System32\DRIVERS\easytthr.sys [18248 2013-03-11] (Mobile Stream)
S0 epstwnt; C:\WINDOWS\System32\Drivers\epstwnt.mpd [84480 1998-10-28] (Shuttle Technology. )
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2012-11-29] (GFI Software)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99080 2012-11-07] (COMODO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [584536 2012-11-15] (Kaspersky Lab)
S3 LHidFilt; C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys [35472 2008-02-29] (Logicool, Inc.)
S3 LMouFilt; C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys [37008 2008-02-29] (Logicool, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-09] (Malwarebytes Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1706752 2006-07-02] (Intel® Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SCT_SKMScan; C:\WINDOWS\System32\drivers\sct_skmscan.sys [33568 2011-03-09] (Sophos Plc)
S2 SHARSHTL; C:\WINDOWS\System32\Drivers\sharshtl.sys [18432 1998-08-12] ()
R3 ti21sony; C:\WINDOWS\System32\drivers\ti21sony.sys [226304 2006-02-21] (Texas Instruments)
S3 vaiocheckmem; C:\Program Files\Sony\VAIO diagnostics\vaiocheckmem.sys [2816 2003-10-06] ()
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [527848 2013-01-29] (Check Point Software Technologies LTD)
R1 xlkfs; C:\WINDOWS\System32\DRIVERS\xlkfs.sys [18432 2011-09-09] (XOSLAB.COM)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298784 2011-09-24] (Marvell)
S2 AegisP; No ImagePath
S3 catchme; \??\C:\DOCUME~1\BC~1\LOCALS~1\Temp\catchme.sys [X]
S3 dgderdrv; No ImagePath
U4 dwshd; No ImagePath
S1 FileDisk; No ImagePath
S3 HSXHWAZL; No ImagePath
U2 Irmon;
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74072 2012-11-15] (Kaspersky Lab)
U4 Messenger; %SystemRoot%\system32\svchost.exe -k netsvcs
S3 MREMP50a64; No ImagePath
S3 NETw5x32; system32\DRIVERS\NETw5x32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S1 tdx; system32\DRIVERS\tdx.sys [X]
S3 TSP; No ImagePath
S0 urihxt; System32\drivers\rdced.sys [X]
S2 windrvNT; No ImagePath
S3 WinRing0_1_2_0; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-02-07 09:56 - 2014-02-07 09:56 - 00026945 _____ () C:\Documents and Settings\BC\Desktop\FRST.txt
2014-02-07 09:55 - 2014-02-07 09:56 - 00000000 ___DC () C:\FRST
2014-02-07 09:54 - 2014-02-07 09:51 - 01136640 _____ (Farbar) C:\Documents and Settings\BC\Desktop\FRST.exe
2014-02-02 13:43 - 2014-02-02 13:43 - 00000767 _____ () C:\Documents and Settings\Bochu\Start Menu\Programs\Internet Explorer.lnk
2014-02-02 13:40 - 2014-02-02 13:40 - 00000788 _____ () C:\Documents and Settings\Bochu\Start Menu\Programs\Windows Media Player.lnk
2014-02-02 13:40 - 2014-02-02 13:40 - 00000782 _____ () C:\Documents and Settings\Bochu\Desktop\Windows Media Player.lnk
2014-02-02 13:38 - 2006-09-14 12:39 - 00003584 _____ () C:\Documents and Settings\Bochu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 13:38 - 2006-09-14 12:29 - 00033904 _____ () C:\Documents and Settings\Bochu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-02 13:38 - 2006-08-10 01:16 - 00000136 _____ () C:\Documents and Settings\Bochu\Local Settings\Application Data\fusioncache.dat
2014-02-02 12:57 - 2014-02-02 13:46 - 00000178 ___SH () C:\Documents and Settings\Bochu\ntuser.ini
2014-02-02 12:57 - 2014-02-02 13:43 - 00000738 _____ () C:\Documents and Settings\Bochu\Start Menu\Programs\Outlook Express.lnk
2014-02-02 12:57 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\Bochu\Application Data\Intel
2014-02-02 12:57 - 2013-08-03 17:00 - 00000000 ____D () C:\Documents and Settings\Bochu\Local Settings\Application Data\Apple
2014-02-02 12:57 - 2012-12-02 22:55 - 00000000 ____D () C:\Documents and Settings\Bochu\Local Settings\Application Data\COMODO
2014-02-02 12:57 - 2011-09-15 01:34 - 00000000 ____D () C:\Documents and Settings\Bochu\Application Data\Sony Corporation
2014-02-02 12:57 - 2011-06-02 22:36 - 00000000 ____D () C:\Documents and Settings\Bochu\Local Settings\Application Data\Google
2014-02-02 12:57 - 2010-09-14 23:12 - 00000000 ____D () C:\Documents and Settings\Bochu\Local Settings\Application Data\Microsoft Help
2014-02-02 12:57 - 2010-04-01 21:15 - 00000000 ____D () C:\Documents and Settings\Bochu\Application Data\Macromedia
2014-02-02 12:57 - 2009-07-17 23:22 - 00001599 _____ () C:\Documents and Settings\Bochu\Start Menu\Programs\Remote Assistance.lnk
2014-02-02 12:57 - 2009-06-14 03:38 - 00000000 __SHD () C:\Documents and Settings\Bochu\IETldCache
2014-02-02 12:57 - 2006-09-14 12:38 - 00000000 ____D () C:\Documents and Settings\Bochu\Application Data\Symantec
2014-02-02 12:57 - 2006-09-14 12:26 - 00000000 ____D () C:\Documents and Settings\Bochu\Local Settings\Application Data\AOL
2014-02-02 12:57 - 2006-09-14 12:16 - 00000000 ____D () C:\Documents and Settings\Bochu\Application Data\Intuit
2014-02-02 12:57 - 2006-08-10 01:50 - 00000000 ___RD () C:\Documents and Settings\Bochu\Start Menu\Programs\Accessories
2014-02-02 12:57 - 2006-08-10 01:13 - 00000000 ____D () C:\Documents and Settings\Bochu\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2014-02-02 12:57 - 2006-08-10 01:12 - 00000000 ____D () C:\Documents and Settings\Bochu\Local Settings\TempRAID
2014-02-02 12:56 - 2014-02-02 13:40 - 00000000 ____D () C:\Documents and Settings\Bochu
2014-01-25 18:29 - 2014-01-26 15:48 - 00094196 _____ () C:\Documents and Settings\BC\Desktop\OTL.Txt
2014-01-25 18:29 - 2014-01-25 18:29 - 00058596 _____ () C:\Documents and Settings\BC\Desktop\Extras.Txt
2014-01-25 18:10 - 2014-01-25 18:10 - 00036415 _____ () C:\Documents and Settings\BC\Desktop\RSITinfo.txt
2014-01-25 18:01 - 2014-01-25 18:02 - 00000000 ___DC () C:\rsit
2014-01-25 18:00 - 2014-01-25 17:48 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\BC\Desktop\OTL.exe
2014-01-25 18:00 - 2014-01-25 17:48 - 00339991 _____ () C:\Documents and Settings\BC\Desktop\RSIT-1.06.exe
2014-01-25 12:27 - 2014-01-25 12:31 - 00000000 ___DC () C:\AdwCleaner
2014-01-23 01:46 - 2014-01-22 21:53 - 01037068 _____ (Thisisu) C:\Documents and Settings\BC\Desktop\JRT.exe
2014-01-23 01:46 - 2014-01-22 21:49 - 00688992 ____R (Swearware) C:\Documents and Settings\BC\Desktop\dds.com
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2014-01-19 13:50 - 2014-01-19 13:50 - 00000000 ___DC () C:\9373ab4c0993c06b20490309
2014-01-19 13:48 - 2014-01-19 13:48 - 00000000 ____D () C:\WINDOWS\LastGood(2)
2014-01-19 13:45 - 2014-01-19 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-19 13:43 - 2014-01-19 13:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2014-01-19 13:42 - 2014-01-19 13:42 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-01-19 13:38 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Intel
2014-01-19 13:38 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intel
2014-01-19 13:37 - 2014-01-19 13:42 - 00000000 ___DC () C:\Program Files\Intel
2014-01-19 13:37 - 2014-01-19 13:37 - 00000000 ___DC () C:\Program Files\Intel(2)
2014-01-19 12:05 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Intel
2014-01-19 12:05 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Intel
2014-01-19 12:05 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Intel
2014-01-19 12:05 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\BC\Application Data\Intel
2014-01-19 12:05 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Intel
2014-01-19 12:05 - 2014-01-19 13:42 - 00000000 ____D () C:\Documents and Settings\Administrator!\Application Data\Intel
2014-01-19 11:55 - 2014-01-19 11:55 - 00000000 ___DC () C:\ComboFix(4)
2014-01-19 11:55 - 2014-01-19 11:55 - 00000000 ___DC () C:\ComboFix(3)
2014-01-18 22:39 - 2014-01-19 11:54 - 00000000 ___DC () C:\RECYCLER(2)
2014-01-14 19:46 - 2014-01-19 11:55 - 00000000 ___DC () C:\ComboFix(2)
2014-01-11 18:35 - 2014-01-11 18:38 - 00004826 _____ () C:\Documents and Settings\BC\Desktop\Rkill.txt
2014-01-11 18:34 - 2012-06-30 19:26 - 01012656 ____C () C:\Documents and Settings\BC\Desktop\rkill.exe

==================== One Month Modified Files and Folders =======

2014-02-07 09:56 - 2014-02-07 09:56 - 00026945 _____ () C:\Documents and Settings\BC\Desktop\FRST.txt
2014-02-07 09:56 - 2014-02-07 09:55 - 00000000 ___DC () C:\FRST
2014-02-07 09:51 - 2014-02-07 09:54 - 01136640 _____ (Farbar) C:\Documents and Settings\BC\Desktop\FRST.exe
2014-02-04 21:13 - 2012-12-03 18:13 - 00000449 ____C () C:\rkill.log
2014-02-04 21:10 - 2006-12-04 18:09 - 00000000 ____D () C:\Documents and Settings\BC
2014-02-02 17:39 - 2013-06-20 14:05 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-02-02 17:39 - 2013-06-20 14:05 - 00000048 ____N () C:\WINDOWS\wiaservc.log
2014-02-02 17:37 - 2007-04-16 13:23 - 00032654 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2014-02-02 17:37 - 2006-08-09 23:54 - 00000006 _____ () C:\WINDOWS\Tasks\SA.DAT
2014-02-02 13:47 - 2013-04-18 10:13 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2014-02-02 13:46 - 2014-02-02 12:57 - 00000178 ___SH () C:\Documents and Settings\Bochu\ntuser.ini
2014-02-02 13:43 - 2014-02-02 13:43 - 00000767 _____ () C:\Documents and Settings\Bochu\Start Menu\Programs\Internet Explorer.lnk
2014-02-02 13:43 - 2014-02-02 12:57 - 00000738 _____ () C:\Documents and Settings\Bochu\Start Menu\Programs\Outlook Express.lnk
2014-02-02 13:40 - 2014-02-02 13:40 - 00000788 _____ () C:\Documents and Settings\Bochu\Start Menu\Programs\Windows Media Player.lnk
2014-02-02 13:40 - 2014-02-02 13:40 - 00000782 _____ () C:\Documents and Settings\Bochu\Desktop\Windows Media Player.lnk
2014-02-02 13:40 - 2014-02-02 12:56 - 00000000 ____D () C:\Documents and Settings\Bochu
2014-02-02 12:56 - 2006-12-04 18:09 - 00000278 ___SH () C:\Documents and Settings\BC\ntuser.ini
2014-02-01 20:04 - 2013-05-28 00:53 - 00000000 ____D () C:\Documents and Settings\BC\Desktop\DESK
2014-02-01 11:57 - 2006-08-09 23:32 - 00001230 _____ () C:\WINDOWS\system32\wpa.dbl
2014-01-26 15:48 - 2014-01-25 18:29 - 00094196 _____ () C:\Documents and Settings\BC\Desktop\OTL.Txt
2014-01-25 18:29 - 2014-01-25 18:29 - 00058596 _____ () C:\Documents and Settings\BC\Desktop\Extras.Txt
2014-01-25 18:10 - 2014-01-25 18:10 - 00036415 _____ () C:\Documents and Settings\BC\Desktop\RSITinfo.txt
2014-01-25 18:02 - 2014-01-25 18:01 - 00000000 ___DC () C:\rsit
2014-01-25 17:48 - 2014-01-25 18:00 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\BC\Desktop\OTL.exe
2014-01-25 17:48 - 2014-01-25 18:00 - 00339991 _____ () C:\Documents and Settings\BC\Desktop\RSIT-1.06.exe
2014-01-25 16:04 - 2012-06-30 13:09 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2014-01-25 14:11 - 2006-08-10 01:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-25 13:12 - 2011-06-11 14:33 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-01-25 12:31 - 2014-01-25 12:27 - 00000000 ___DC () C:\AdwCleaner
2014-01-22 21:53 - 2014-01-23 01:46 - 01037068 _____ (Thisisu) C:\Documents and Settings\BC\Desktop\JRT.exe
2014-01-22 21:53 - 2013-08-06 19:45 - 01236282 _____ () C:\Documents and Settings\BC\Desktop\AdwCleaner.exe
2014-01-22 21:49 - 2014-01-23 01:46 - 00688992 ____R (Swearware) C:\Documents and Settings\BC\Desktop\dds.com
2014-01-19 14:00 - 2006-08-09 16:39 - 00304416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-19 13:59 - 2013-07-30 20:13 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-19 13:59 - 2012-12-12 16:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-19 13:57 - 2006-12-07 02:11 - 00000000 ____D () C:\Documents and Settings\Guest
2014-01-19 13:56 - 2006-12-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator!
2014-01-19 13:56 - 2006-08-09 23:57 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-01-19 13:56 - 2006-08-09 23:54 - 00000000 ___SD () C:\Documents and Settings\NetworkService
2014-01-19 13:56 - 2006-08-09 23:54 - 00000000 ___SD () C:\Documents and Settings\LocalService
2014-01-19 13:55 - 2006-08-09 23:47 - 00000000 ____D () C:\WINDOWS\Registration
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 ____D () C:\WINDOWS\system32\CatRoot_bak
2014-01-19 13:52 - 2006-08-09 23:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-01-19 13:50 - 2014-01-19 13:50 - 00000000 ___DC () C:\9373ab4c0993c06b20490309
2014-01-19 13:49 - 2014-01-19 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
2014-01-19 13:49 - 2006-08-10 00:16 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-01-19 13:48 - 2014-01-19 13:48 - 00000000 ____D () C:\WINDOWS\LastGood(2)
2014-01-19 13:46 - 2014-01-19 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-19 13:46 - 2013-08-31 14:08 - 00000000 ___DC () C:\Qoobox
2014-01-19 13:46 - 2013-07-30 20:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-19 13:42 - 2014-02-02 12:57 - 00000000 ____D () C:\Documents and Settings\Bochu\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 13:42 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-01-19 13:42 - 2014-01-19 13:38 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 13:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 13:37 - 00000000 ___DC () C:\Program Files\Intel
2014-01-19 13:42 - 2014-01-19 12:05 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 12:05 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 12:05 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 12:05 - 00000000 ____D () C:\Documents and Settings\BC\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 12:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Intel
2014-01-19 13:42 - 2014-01-19 12:05 - 00000000 ____D () C:\Documents and Settings\Administrator!\Application Data\Intel
2014-01-19 13:37 - 2014-01-19 13:37 - 00000000 ___DC () C:\Program Files\Intel(2)
2014-01-19 13:28 - 2013-10-18 01:52 - 00000000 ____D () C:\Program Files\Intel(2)(2)
2014-01-19 13:07 - 2013-10-20 11:38 - 00000000 ____D () C:\Documents and Settings\BC\Desktop\WMIDiag
2014-01-19 12:06 - 2013-10-26 00:27 - 00000000 ____D () C:\Program Files\Common Files\Intel(3)
2014-01-19 12:05 - 2013-10-26 00:30 - 00000000 ____D () C:\Documents and Settings\BC\Application Data\Intel(3)
2014-01-19 12:05 - 2013-10-26 00:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intel(3)
2014-01-19 11:55 - 2014-01-19 11:55 - 00000000 ___DC () C:\ComboFix(4)
2014-01-19 11:55 - 2014-01-19 11:55 - 00000000 ___DC () C:\ComboFix(3)
2014-01-19 11:55 - 2014-01-14 19:46 - 00000000 ___DC () C:\ComboFix(2)
2014-01-19 11:54 - 2014-01-18 22:39 - 00000000 ___DC () C:\RECYCLER(2)
2014-01-14 20:20 - 2006-08-09 23:32 - 00000227 ____C () C:\WINDOWS\system.ini
2014-01-11 18:38 - 2014-01-11 18:35 - 00004826 _____ () C:\Documents and Settings\BC\Desktop\Rkill.txt

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2014
Ran by BC at 2014-02-07 09:58:13
Running from C:\Documents and Settings\BC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

7-Zip 4.65 (Version:  - )
Adobe Download Manager (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (Version: 11.0.03 - Adobe Systems Incorporated)
AIM 7 (Version:  - )
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (Version: 4.06 - Piriform)
CDDRV_Installer (Version: 1.00.0000 - Logitech Inc.) Hidden
Click to DVD 2.0.03 Menu Data (Version: 2.0.03 - Sony Corporation)
Click to DVD 2.5.30 (Version: 2.5.30 - Sony Corporation)
Click to DVD Tutorial (Version: 1.00 - Sony)
Click-N-Ship® for Business (Version: 4.1.0.0 - United States Postal Service)
CPUID CPU-Z 1.61 (Version:  - )
CPUID HWMonitor 1.18 (Version:  - )
Defraggler (Version: 2.14 - Piriform)
DVgate Plus (Version:  - )
Easy File Locker 1.3 (Version: 1.3 - XOSLAB.COM)
EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
EasyTether ADB USB driver (Version: 1.0.1 - Mobile Stream)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileHippo.com Update Checker (Version:  - )
Google Talk Plugin (Version: 3.1.4.8140 - Google)
Google Update Helper (Version: 1.3.21.135 - Google Inc.) Hidden
HDD Health v3.3 Beta (Version:  - )
HiJackThis (Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (Version: 2.0.2 - TrendMicro)
HP PrecisionScan (Version:  - )
IE Privacy Keeper (Version:  - )
Image Converter 2 Plus (Version: 2.2.06 - Sony Corporation)
ImageStation (Version: 1.0.0 - Sony)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (Version:  - )
Intel® PROSet/Wireless WiFi Software (Version: 15.03.2000 - Intel Corporation)
InterVideo WinDVD for VAIO (Version: 5.0-B11.768 - InterVideo Inc.)
ISScript (Version: 3.00.185 - InstallShield Software Corp.) Hidden
iTunes (Version: 11.0.1.12 - Apple Inc.)
KhalSetup (Version: 3.30.165 - Logitech) Hidden
LAN Setting Utility (Version:  - )
Last.fm 1.5.4.27091 (Version:  - Last.fm)
Logitech Vid HD (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (Version: 2.31 - Logitech Inc.)
LWS Facebook (Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Macromedia Flash Player 8 (Version: 8.0.24.0 - Macromedia)
Macromedia Flash Player 8 Plugin (Version: 8.0.24.0 - Macromedia)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Memory Stick Formatter (Version:  - )
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2742597) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Data Access Components KB870669 (Version:  - Microsoft Corporation)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 Editor (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 Library (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Download Manager (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C Runtime (Version: 8.0.0 - Microsoft) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0 - Mozilla)
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
Napster (Version: 3.7.2.6 - Napster)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
Office 2003 Trial Assistant (Version: 1.0.0 - Microsoft)
ooVoo (Version: 3.5.3023 - ooVoo LLC.)
OpenMG AAC Add-on Module 1.0.00 (Version: 1.0.00.04270 - Sony Corporation)
OpenMG AAC Add-on Module 1.0.00 (Version: 1.0.00.04270 - Sony Corporation) Hidden
OpenMG Limited Patch 4.5-06-05-12-01 (Version:  - )
OpenMG Metadata Extractor for Windows Media Player (Version: 1.0.02.03110 - )
OpenMG Secure Module 4.5.01 (Version: 4.5.01.04270 - Sony Corporation)
OpenMG Secure Module 4.5.01 (Version: 4.5.01.04270 - Sony Corporation) Hidden
OpenOffice.org 3.4 (Version: 3.4.9590 - OpenOffice.org)
Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)
Pharos (Version:  - )
Process Hacker 2.30 (r5267) (Version: 2.30.0.5267 - wj32)
Quicken 2006 (Version: 15.1.4.5 - Intuit)
QuickTime (Version: 7.73.80.64 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 15.0.5 - RealNetworks)
Realtek High Definition Audio Driver (Version: 5.10.0.5268 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (Version: 1.44 - Piriform)
Respondus LockDown Browser (Version: 1.02.0001 - Respondus, Inc.)
Revo Uninstaller 1.94 (Version: 1.94 - VS Revo Group)
Roxio DigitalMedia Audio (Version: 2.0.4 - Roxio)
Safari (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Setting Utility Series (Version:  - )
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
Sonic Encoders (Version: 1.00 - Sonic Solutions)
SonicStage 4.0 (Version: 4.0 - Sony Corporation)
Sony Certificate PCH (Version:  - )
Sony MP4 Shared Library (Version: 2.0 - Sony Corporation)
Sony USB Mouse (Version:  - )
Sony Utilities DLL (Version:  - )
Sony Video Shared Library (Version: 2.0.01 - Sony Corporation)
Speccy (Version: 1.16 - Piriform)
Spotify (HKCU Version: 0.6.1 - )
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (Version: 5.6.1032 - SUPERAntiSpyware.com)
Surf Anonymous Free (Version: 2.2.7.2 - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 13.0.3020.7 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 9.0.4700.23 - TuneUp Software) Hidden
Unlocker 1.9.1 (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
UPS Thermal Printer Plugin - Version 8.10 (Version:  - )
VAIO Backup Utility (Version: 1.00.7246 - Sony)
VAIO Breeze Wallpaper (Version: 1.0.01.13200 - Sony Corporation)
VAIO Central (Version: 1.1.02.032706 - Sony Corporation)
VAIO Entertainment Platform (Version: 1.2.32.06120 - Sony Corporation)
VAIO Event Service (Version:  - )
VAIO Hardware Diagnostics (Version:  - )
VAIO Light Flo Wallpaper (Version:  - )
VAIO Media 5.0 (Version: 5.0.20 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (Version:  - )
VAIO Media Integrated Server 5.0 (Version:  - Sony Corporation)
VAIO Media Redistribution 5.0 (Version: 5.0.20 - Sony Corporation)
VAIO Media Registration Tool 5.0 (Version: 5.0.00 - Sony Corporation)
VAIO Original Screen Saver (Version:  - )
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents (Version:  - )
VAIO Power Management (Version:  - )
VAIO Registration (Version: 17.1.1 - Sony Electronics)
VAIO Registration (Version: 17.1.1 - Sony Electronics) Hidden
VAIO Support Central (Version: 1.1.1.060802 - Sony Corporation)
VAIO Update 3 (Version: 3.0.02.05090 - Sony Corporation)
VAIOSurveySA (Version: 4.02 - Sony Electronics)
VAIOSurveySA (Version: 4.02 - Sony Electronics) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
WD Drive Manager (x86) (Version: 2.107 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Intel Corporation (ialm) Display  (03/23/2006 6.14.10.4543) (Version: 03/23/2006 6.14.10.4543 - Intel Corporation)
Windows Driver Package - Marvell (yukonwxp) Net  (05/23/2006 8.56.1.3) (Version: 05/23/2006 8.56.1.3 - Marvell)
Windows Installer Clean Up (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Player 11 (Version:  - )
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows PowerShell™ 1.0 (Version: 1 - Microsoft Corporation)
WinX DVD Player 3.0 (Version:  - Digiarty Software, Inc.)
Wireless Switch Setting Utility (Version:  - )
Youtube Downloader HD v. 2.9.5 (Version:  - YoutubeDownloaderHD.com)
ZoneAlarm Antivirus (Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2011-09-05 09:16 - 2013-10-25 00:39 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1210614011-2585739803-2429135735-1006Core1cdc7b3bbd2482a.job => C:\Documents and Settings\BC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1210614011-2585739803-2429135735-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_BC.job => C:\Documents and Settings\BC\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5da99e07-f09b-4e3f-a40c-00e261c6c1bf.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 91180a1e-5b79-4542-a7b6-819b32507676.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

System error 3 has occurred.

The system cannot find the path specified.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 2038.11 MB
Available physical RAM: 1248.77 MB
Total Pagefile: 3405.09 MB
Available Pagefile: 2775.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:104.79 GB) (Free:51.04 GB) NTFS ==>[Drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: F87BF87B)
Partition 1: (Not Active) - (Size=7 GB) - (Type=12)
Partition 2: (Active) - (Size=105 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 980 MB) (Disk ID: 6B15A338)
Partition 1: (Active) - (Size=980 MB) - (Type=0B)

==================== End Of Log ============================



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:10 AM

Posted 07 February 2014 - 02:08 PM

Greetings,

My pleasure to work with you on your computer. Please feel free to call me Gary.

In addition to running the below please describe your current symptoms after completing the steps.

===================================================

WMI Diagnosis Utility -- Windows 7 - XP

--------------------
  • Download WMI Diagnosis Utility -- Version 2.1 and save it to your desktop
  • Double click the icon and click Run
  • Click Yes to agree to the terms
  • Click Browse, select Desktop then click OK
  • Click OK, then OK again
  • Double click the WMIDiag.vbs icon and then click OK on the Warning screen if it appears
  • If the Warning appeared you will not see any information appear during the running of the script. Please allow at least one minute for completion
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Please re-run Farbar Recovery Scan Tool and place a check mark on Addition.txt

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did WMI fix appear to run successfully (no error messages)?
  • AdwCleaner log
  • Junkware log
  • Farbar logs (2)
  • Current symptoms?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 zxcvasdf

zxcvasdf
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 07 February 2014 - 02:16 PM

Yes was able to run by at the bottom it says there are issues with WMI



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:10 AM

Posted 07 February 2014 - 02:18 PM

Is that all it says or does it have other information. Did you get that before or after it ran?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:10 AM

Posted 07 February 2014 - 02:22 PM

If a log was produced please copy and paste the contents in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 zxcvasdf

zxcvasdf
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 07 February 2014 - 02:25 PM

.1468 11:15:16 (0) ** WMIDiag v2.1 started on Friday, February 07, 2014 at 11:14.
.1469 11:15:16 (0) **
.1470 11:15:16 (0) ** Copyright © Microsoft Corporation. All rights reserved - July 2007.
.1471 11:15:16 (0) **
.1472 11:15:16 (0) ** This script is not supported under any Microsoft standard support program or service.
.1473 11:15:16 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
.1474 11:15:16 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
.1475 11:15:16 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
.1476 11:15:16 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
.1477 11:15:16 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
.1478 11:15:16 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
.1479 11:15:16 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
.1480 11:15:16 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
.1481 11:15:16 (0) ** of the possibility of such damages.
.1482 11:15:16 (0) **
.1483 11:15:16 (0) **
.1484 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1485 11:15:16 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
.1486 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1487 11:15:16 (0) **
.1488 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1489 11:15:16 (0) ** Windows XP - Service pack 3 - 32-bit (2600) - User 'BC' on computer ''.
.1490 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1491 11:15:16 (0) ** Environment: ........................................................................................................ OK.
.1492 11:15:16 (0) ** There are no missing WMI system files: .............................................................................. OK.
.1493 11:15:16 (1) !! ERROR: The WMI repository folder is missing or you do not have access to it at: ..................................... C:\WINDOWS\SYSTEM32\WBEM\Repository\FS.
.1494 11:15:16 (1) !! ERROR: The following WMI repository file(s) is/are missing: ......................................................... 7 ERROR(S)!
.1495 11:15:16 (0) ** - INDEX.BTR
.1496 11:15:16 (0) ** - INDEX.MAP
.1497 11:15:16 (0) ** - MAPPING.VER
.1498 11:15:16 (0) ** - MAPPING1.MAP
.1499 11:15:16 (0) ** - MAPPING2.MAP
.1500 11:15:16 (0) ** - OBJECTS.DATA
.1501 11:15:16 (0) ** - OBJECTS.MAP
.1502 11:15:16 (0) ** => To fix this issue:
.1503 11:15:16 (0) **    - ENSURE you have all access rights to the WMI repository folder.
.1504 11:15:16 (0) **    - ENSURE you run WMIDiag as an Administrator.
.1505 11:15:16 (0) ** => If the issue is not due to a lack of privileges, and folder/files are really missing, while
.1506 11:15:16 (0) **    the WMI service successfully started, then WMI will rebuild the repository based on the
.1507 11:15:16 (0) **    auto-recovery mechanism. In such a case, WMI repository files shoud be available after the execution
.1508 11:15:16 (0) **    of WMIDiag. Check WMIDiag LOG.
.1509 11:15:16 (0) ** => If the issue is NOT due to a lack of privileges, and folder/files are really missing, while
.1510 11:15:16 (0) **    the WMI service does not start, then additional errors should be displayed (i.e. registry, DCOM, service hosts).
.1511 11:15:16 (0) **    You must fix those issues first!
.1512 11:15:16 (0) ** => After fixing issues, if the files are still missing and if you do not want WMI to rebuild
.1513 11:15:16 (0) **    the WMI repository, then you must restore the WMI repository from a previous backup.
.1514 11:15:16 (0) **    Note: The System State backup or the System Restore snapshot contain a backup of
.1515 11:15:16 (0) **          of the WMI repository.
.1516 11:15:16 (0) ** => If no backup is available, you must rebuild the repository.
.1517 11:15:16 (0) **    Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
.1518 11:15:16 (0) **          otherwise some applications may fail after the reconstruction.
.1519 11:15:16 (0) **          This can be achieved with the following command:
.1520 11:15:16 (0) **          i.e. 'WMIDiag ShowMOFErrors'
.1521 11:15:16 (0) **    Note: Any missing MOF files, or existing MOF files not listed in the Auto-recovery
.1522 11:15:16 (0) **          registry key will be excluded from the WMI repository reconstruction.
.1523 11:15:16 (0) **          This may imply the lost of WMI registration information.
.1524 11:15:16 (0) **    Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
.1525 11:15:16 (0) **          ALL fixes previously mentioned.
.1526 11:15:16 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
.1527 11:15:16 (0) ** => To rebuild the WMI repository, you must:
.1528 11:15:16 (0) **    - Stop the WMI Service.
.1529 11:15:16 (0) **      i.e. 'NET.EXE STOP WINMGMT'
.1530 11:15:16 (0) **    - Move the existing WMI repository files to another location.
.1531 11:15:16 (0) **      i.e. MOVE C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\*.* %TEMP%
.1532 11:15:16 (0) **    - Start the WMI Service.
.1533 11:15:16 (0) **      i.e. 'NET.EXE START WINMGMT'
.1534 11:15:16 (0) **    WMI will rebuild the WMI repository based the auto-recovery mechanism.
.1535 11:15:16 (0) **
.1536 11:15:16 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
.1537 11:15:16 (0) ** AFTER running WMIDiag:
.1538 11:15:16 (0) ** - Disk free space on 'C:': .......................................................................................... 52255 MB.
.1539 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1540 11:15:16 (2) !! WARNING: Windows Firewall Service: .................................................................................. STOPPED.
.1541 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1542 11:15:16 (0) ** DCOM Status: ........................................................................................................ OK.
.1543 11:15:16 (0) ** WMI registry setup: ................................................................................................. OK.
.1544 11:15:16 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
.1545 11:15:16 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
.1546 11:15:16 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
.1547 11:15:16 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
.1548 11:15:16 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
.1549 11:15:16 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
.1550 11:15:16 (0) **          this can prevent the service/application to work as expected.
.1551 11:15:16 (0) **
.1552 11:15:16 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
.1553 11:15:16 (0) ** WINMGMT service: .................................................................................................... Failed to start.
.1554 11:15:16 (0) ** => The WINMGMT service can't be started. This could be due to the following reasons:
.1555 11:15:16 (0) **    - The service is DISABLED. You can re-enable the service with the command:
.1556 11:15:16 (0) **      i.e. 'SC.EXE CONFIG WINMGMT START= AUTO'
.1557 11:15:16 (0) **    Note: The SC.EXE command is available in the Windows Resource Kit.
.1558 11:15:16 (0) **    - The WINMGMT service depends on RPCSS service which is DISABLED or unable to start.
.1559 11:15:16 (0) **    - If the service is ENABLED but can't start, then the service registry may contains bad data.
.1560 11:15:16 (0) **    Note: Registry setup errors should be reported. Follow the steps related to registry issues.
.1561 11:15:16 (0) ** => After verifying the registry, if the WMI service does not start yet, you can try to
.1562 11:15:16 (0) **    to run the service as a STANDALONE service host or as a SHARED service host (SvcHost)
.1563 11:15:16 (0) **    You can achieve this by running ONE of the following commands (case sensitive):
.1564 11:15:16 (0) **    - to configure the service to run as a SHARED service host (recommended):
.1565 11:15:16 (0) **      i.e. 'RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\WMISVC.DLL,MoveToShared'
.1566 11:15:16 (0) **    - if you have issue to get it running as a SHARED service host, the WMI service
.1567 11:15:16 (0) **      can be configured to run as a STANDALONE service host:
.1568 11:15:16 (0) **      i.e. 'RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\WMISVC.DLL,MoveToAlone'
.1569 11:15:16 (0) ** => If the registry is correct and the WMI service does not start yet, the WMI repository could be inconsistent.
.1570 11:15:16 (0) **    - Under Windows XP SP2 and SP3, you can validate the repository consistency by:
.1571 11:15:16 (0) **      executing the following command:
.1572 11:15:16 (0) **      i.e. 'WMIDiag CheckConsistency'
.1573 11:15:16 (0) **    Note: Under Windows XP SP2 and SP3, when the repository is checked and detected INCONSISTENT,
.1574 11:15:16 (0) **          a new repository is automatically re-created based on Auto-Recovery mechanism.
.1575 11:15:16 (0) **          Note that some information can be lost during this process (i.e. static data, CIM registration).
.1576 11:15:16 (0) **          However, the original repository is located at 'C:\WINDOWS\SYSTEM32\WBEM\Repository.001'.
.1577 11:15:16 (0) **          The computer must be rebooted for the system to work with the re-created repository.
.1578 11:15:16 (0) **    - The repository can be recovered from a previous backup.
.1579 11:15:16 (0) **    Note: The System State backup or the System Restore snapshot contain a backup of
.1580 11:15:16 (0) **          of the WMI repository.
.1581 11:15:16 (0) ** => If no backup is available, you must rebuild the repository.
.1582 11:15:16 (0) **    - Re-run WMIDiag with the ShowMOFErrors, this will show any MOF file issues.
.1583 11:15:16 (0) **      i.e. 'WMIDiag ShowMOFErrors'
.1584 11:15:16 (0) **    Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
.1585 11:15:16 (0) **          otherwise some applications may fail after the reconstruction.
.1586 11:15:16 (0) **          This can be achieved with the following command:
.1587 11:15:16 (0) **          i.e. 'WMIDiag ShowMOFErrors'
.1588 11:15:16 (0) **    Note: Any missing MOF files, or existing MOF files not listed in the Auto-recovery
.1589 11:15:16 (0) **          registry key will be excluded from the WMI repository reconstruction.
.1590 11:15:16 (0) **          This may imply the lost of WMI registration information.
.1591 11:15:16 (0) **    Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
.1592 11:15:16 (0) **          ALL fixes previously mentioned.
.1593 11:15:16 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
.1594 11:15:16 (0) **    - To rebuild the WMI repository, you must:
.1595 11:15:16 (0) **    - Stop the WMI Service.
.1596 11:15:16 (0) **      i.e. 'NET.EXE STOP WINMGMT'
.1597 11:15:16 (0) **    - Move the existing WMI repository files to another location.
.1598 11:15:16 (0) **      i.e. MOVE C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\*.* %TEMP%
.1599 11:15:16 (0) **    - Start the WMI Service.
.1600 11:15:16 (0) **      i.e. 'NET.EXE START WINMGMT'
.1601 11:15:16 (0) **    WMI will rebuild the WMI repository based the auto-recovery mechanism.
.1602 11:15:16 (0) **
.1603 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1604 11:15:16 (0) ** WMI service DCOM setup: ............................................................................................. OK.
.1605 11:15:16 (0) ** WMI components DCOM registrations: .................................................................................. OK.
.1606 11:15:16 (0) ** WMI ProgID registrations: ........................................................................................... OK.
.1607 11:15:16 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
.1608 11:15:16 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
.1609 11:15:16 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
.1610 11:15:16 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
.1611 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1612 11:15:16 (0) ** Overall DCOM security status: ....................................................................................... OK.
.1613 11:15:16 (0) ** Overall WMI security status: ........................................................................................ OK.
.1614 11:15:16 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
.1615 11:15:16 (0) ** WMI permanent SUBSCRIPTION(S): ...................................................................................... NONE.
.1616 11:15:16 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
.1617 11:15:16 (1) !! ERROR: WMI ADAP status: ............................................................................................. NOT AVAILABLE.
.1618 11:15:16 (0) **    You can start the WMI AutoDiscovery/AutoPurge (ADAP) process to resynchronize
.1619 11:15:16 (0) **    the performance counters with the WMI performance classes with the following commands:
.1620 11:15:16 (0) **    i.e. 'WINMGMT.EXE /CLEARADAP'
.1621 11:15:16 (0) **    i.e. 'WINMGMT.EXE /RESYNCPERF'
.1622 11:15:16 (0) **    The ADAP process logs informative events in the Windows NT event log.
.1623 11:15:16 (0) **    More information can be found on MSDN at:
.1624 11:15:16 (0) **    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_adap_event_log_events.asp
.1625 11:15:16 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!
.1626 11:15:16 (0) ** - Root, 0x0 - .
.1627 11:15:16 (0) **
.1628 11:15:16 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 5 ERROR(S)!
.1629 11:15:16 (0) ** - Root, 0x0 - .
.1630 11:15:16 (0) ** - Root, 0x0 - .
.1631 11:15:16 (0) ** - Root/Default, 0x0 - .
.1632 11:15:16 (0) ** - Root/CIMv2, 0x0 - .
.1633 11:15:16 (0) ** - Root/WMI, 0x0 - .
.1634 11:15:16 (0) **
.1635 11:15:16 (0) ** WMI GET operations: ................................................................................................. OK.
.1636 11:15:16 (0) ** WMI MOF representations: ............................................................................................ OK.
.1637 11:15:16 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
.1638 11:15:16 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
.1639 11:15:16 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
.1640 11:15:16 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
.1641 11:15:16 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
.1642 11:15:16 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
.1643 11:15:16 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
.1644 11:15:16 (0) ** WMI static instances retrieved: ..................................................................................... 0.
.1645 11:15:16 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
.1646 11:15:16 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
.1647 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1648 11:15:16 (0) **
.1649 11:15:16 (0) ** 6 error(s) 0x0 - (WBEM_UNKNOWN) This error code is external to WMI.
.1650 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1651 11:15:16 (0) ** WMI Registry key setup: ............................................................................................. OK.
.1652 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1653 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1654 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1655 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1656 11:15:16 (0) **
.1657 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1658 11:15:16 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
.1659 11:15:16 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1660 11:15:16 (0) **
.1661 11:15:16 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\DOCUMENTS AND SETTINGS\BC\LOCAL SETTINGS\TEMP\WMIDIAG-V2.1_XP___.CLI.SP3.32_DB7_2014.02.07_11.14.21.LOG' for details.
.1662 11:15:16 (0) **
.1663 11:15:16 (0) ** WMIDiag v2.1 ended on Friday, February 07, 2014 at 11:15 (W:38 E:14 S:1).

 


Edited by zxcvasdf, 07 February 2014 - 02:25 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:10 AM

Posted 07 February 2014 - 02:29 PM

Thanks,

Please navigate to this file and attach it to your reply.

 

C:\DOCUMENTS AND SETTINGS\BC\LOCAL SETTINGS\TEMP\WMIDIAG-V2.1_XP___.CLI.SP3.32_DB7_2014.02.07_11.14.21.LOG

 

Please allow me some time to review the information.  Hold off on the other steps.


Edited by Oh My, 07 February 2014 - 02:29 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 zxcvasdf

zxcvasdf
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 07 February 2014 - 02:30 PM

I am running the JRT right now, and will run AdW after. Thanks for your patience. How do I nav. to that file? I tried using the window explorer but it gives me errors


Edited by zxcvasdf, 07 February 2014 - 02:31 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:10 AM

Posted 07 February 2014 - 02:30 PM

OK, those are fine, no harm.  No use in re-running FRST just yet.  We need to get to the bottom of the WMI issue first.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 zxcvasdf

zxcvasdf
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  

Posted 07 February 2014 - 02:34 PM

How do I nav to the file for the WMI. The JRT is still running, should I exit it out?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users